IDG News Service - The U.S. government's increasing use of cloud computing services could lead to new data security risks, with agencies compelled to put their trust in vendors' security efforts, several lawmakers and a government IT expert said Thursday.
Cloud computing will likely give the U.S. government several benefits, including significantly lower IT costs, but agencies are moving their data to the cloud before the White House Office of Management and Budget (OMB) and supporting agencies have developed a governmentwide security strategy, said Gregory Wilshusen, director of information security issues at the U.S. Government Accountability Office (GAO).
"The use of cloud computing can also create numerous information security risks," Wilshusen told the U.S. House of Representatives Oversight and Government Reform Committee. "These risks generally relate to dependence on the security assurances and practices of a service provider and the sharing of computing resources."
IT executives at 22 of 24 major U.S. agencies surveyed by the GAO raised concerns about cloud computing security, even as officials in President Obama's administration push cloud computing, Wilshusen said. A GAO report released Thursday listed several security concerns: vendors using ineffective security practices, agencies not able to examine the security controls of vendors, cybercriminals targeting data-rich clouds, and agencies losing access to their data if the relationship with a vendor ends.
Several members of the committee also voiced some doubts about the security of cloud computing services.
"I will be particularly interested in details as to how companies believe that they can implement guaranteed security in a cloud environment," said U.S. Rep. Darrell Issa, a California Republican. "As all of you know, we do not guarantee security. We have breaches every week, every month, sometimes every day in government."
Cloud computing could save the U.S. government money and give agencies faster access to new technology, but it also opens up agencies to "unknown security risks" and raises questions about the level of control customers will have over their data, added Representative Diane Watson, a California Democrat. Cloud computing vendors must detail how they will meet federal data security standards, she said.
U.S. government agencies are working together to address security issues, said David McClure, associate administrator in the Office of Citizen Services and Innovative Technologies, U.S. General Services Administration (GSA). Several agencies have joined a new effort called the Federal Risk and Authorization Management Pilot program (FedRAMP), which seeks to develop security and certification standards, he said.
Despite the concerns, cloud computing will improve security, said Mike Bradshaw, director of Google Federal. Cloud computing vendors store data on multiple servers in multiple locations, making it difficult for cybercriminals to target one location, he said. The redundancy also means agencies are protected against disasters, he said.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
If you use ‘password,’ one the worst passwords, as your password, fail to keep antivirus protection updated and don’t bother to deploy security patches to close critical vulnerabilities, then maybe you should consider working for the cybersecurity-clueless federal government; you’d fit right in, according to Senator Tom Coburn's cybersecurity and critical infrastructure report.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Changing the Way Government Works: Four Technology Trends that Drive Down Costs and Increase Productivity
- This paper discusses four technology-based approaches to improving processes and increasing
productivity while driving down department and agency costs.
- Cybersecurity Imperatives Reinvent Your Network Security With Palo Alto Networks
- The Rise of CyberSecurity
- 10 Things Your Next Firewall Must do
- Next-Generation Firewalls Defined
- Firewall Buyers Guide
- Operate as the core of your network security infrastructure
- Getting Started With a Zero Trust Approach to Network Security
- The Traditional Approach to Network Security is Failing. View Now>> All Government IT White Papers
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,...
- Getting Ready for BlackBerry Enterprise Service 10.2 Find out how BlackBerry® Enterprise Service 10 helps organizations address the full spectrum of EMM challenges, while balancing the needs of both the...
- Containerization Options: How to Choose the Best DLP Solution for Your Organization This webcast outlines a framework for making the right choice when it comes to containerization approaches, along with the pros and cons of...
- All Government IT Webcasts