IDG News Service - The U.S. government's increasing use of cloud computing services could lead to new data security risks, with agencies compelled to put their trust in vendors' security efforts, several lawmakers and a government IT expert said Thursday.
Cloud computing will likely give the U.S. government several benefits, including significantly lower IT costs, but agencies are moving their data to the cloud before the White House Office of Management and Budget (OMB) and supporting agencies have developed a governmentwide security strategy, said Gregory Wilshusen, director of information security issues at the U.S. Government Accountability Office (GAO).
"The use of cloud computing can also create numerous information security risks," Wilshusen told the U.S. House of Representatives Oversight and Government Reform Committee. "These risks generally relate to dependence on the security assurances and practices of a service provider and the sharing of computing resources."
IT executives at 22 of 24 major U.S. agencies surveyed by the GAO raised concerns about cloud computing security, even as officials in President Obama's administration push cloud computing, Wilshusen said. A GAO report released Thursday listed several security concerns: vendors using ineffective security practices, agencies not able to examine the security controls of vendors, cybercriminals targeting data-rich clouds, and agencies losing access to their data if the relationship with a vendor ends.
Several members of the committee also voiced some doubts about the security of cloud computing services.
"I will be particularly interested in details as to how companies believe that they can implement guaranteed security in a cloud environment," said U.S. Rep. Darrell Issa, a California Republican. "As all of you know, we do not guarantee security. We have breaches every week, every month, sometimes every day in government."
Cloud computing could save the U.S. government money and give agencies faster access to new technology, but it also opens up agencies to "unknown security risks" and raises questions about the level of control customers will have over their data, added Representative Diane Watson, a California Democrat. Cloud computing vendors must detail how they will meet federal data security standards, she said.
U.S. government agencies are working together to address security issues, said David McClure, associate administrator in the Office of Citizen Services and Innovative Technologies, U.S. General Services Administration (GSA). Several agencies have joined a new effort called the Federal Risk and Authorization Management Pilot program (FedRAMP), which seeks to develop security and certification standards, he said.
Despite the concerns, cloud computing will improve security, said Mike Bradshaw, director of Google Federal. Cloud computing vendors store data on multiple servers in multiple locations, making it difficult for cybercriminals to target one location, he said. The redundancy also means agencies are protected against disasters, he said.
- 18 Hot IT Certifications for 2014
- CIOs Opting for IT Contractors Over Hiring Full-Time Staff
- 12 Best Free iOS 7 Holiday Shopping Apps
- For CMOs Big Data Can Lead to Big Profits
- Slideshow: 5 ways to lock down your mobile device
- Slideshow: 10 mistakes companies make after a data breach
- How to rob a bank: A social engineering walk through
- Which smartphone is the most secure?
If you think getting it right from day one is always what matters, you probably haven't been following technology too closely.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Mitigating DDoS Attacks with F5 Technology
- This document examines various DDoS attack methods and the application of specific ADC technologies to block attacks in the DDoS threat spectrum while...
- The DDoS Threat Spectrum
- Bolstered by favorable economics, today's global botnets are using distributed denial-of-service (DDoS) attacks to target firewalls, web services, and applications, often simultaneously.
- Defending Against Denial of Service Attacks
- By utilizing end-user interviews, this whitepaper explores a deeper understanding of DDoS defense plans and reveals the knowledge gaps around the Denial of...
- Strategic Solutions for Government IT
- This paper outlines why F5 is the optimum partner to help achieve the levels of security, performance and availability that are vital to...
- The Six Main Steps To Structured Analogy
- The role of structured analogy software is to automate the data extraction and processing work, provide visualization of the historical context forjudgments and... All Government IT White Papers
- Modernizing SAP environments with minimum risk - a path to Big Data Hear from top IDC analyst, Richard Villars, about the path you can start taking now to enable your organization to get the benefits...
- The Power of the Citrix Mobility Solution, XenMobile Does everything become a smartphone? Or does the smartphone begin to do everything? How can we afford to support BYOD? Rather, how can...
- BYOD Happens: How to Secure Mobility How to navigate the journey of securing mobility, including the BYOD corruption of IT, the top ten mobility strategies, and the mobility management...
- Fighting Fraud Videos: IBM Intelligent Investigation Manager Short videos about IBM Intelligent Investigation Manager (IIM) for Fraud. IIM optimizes the investigation of fraud for customers across many industries in both...
- IBM Intelligent Investigation Manager: Online Product Demo Intelligent Investigation Manager optimizes fraud investigation and analysis and it dynamically coordinates and reports on cases, provides analysis and visualization, and enables more...
- All Government IT Webcasts
Does your organization offer extensive benefits, cool perks, competitive salaries, opportunities for training and advancement? Then get it recognized!
Nominate your company or another deserving organization for Computerworld's 2014 Best Places to Work in IT list now through Dec. 12, 2013.