IDG News Service - The U.S. government's increasing use of cloud computing services could lead to new data security risks, with agencies compelled to put their trust in vendors' security efforts, several lawmakers and a government IT expert said Thursday.
Cloud computing will likely give the U.S. government several benefits, including significantly lower IT costs, but agencies are moving their data to the cloud before the White House Office of Management and Budget (OMB) and supporting agencies have developed a governmentwide security strategy, said Gregory Wilshusen, director of information security issues at the U.S. Government Accountability Office (GAO).
"The use of cloud computing can also create numerous information security risks," Wilshusen told the U.S. House of Representatives Oversight and Government Reform Committee. "These risks generally relate to dependence on the security assurances and practices of a service provider and the sharing of computing resources."
IT executives at 22 of 24 major U.S. agencies surveyed by the GAO raised concerns about cloud computing security, even as officials in President Obama's administration push cloud computing, Wilshusen said. A GAO report released Thursday listed several security concerns: vendors using ineffective security practices, agencies not able to examine the security controls of vendors, cybercriminals targeting data-rich clouds, and agencies losing access to their data if the relationship with a vendor ends.
Several members of the committee also voiced some doubts about the security of cloud computing services.
"I will be particularly interested in details as to how companies believe that they can implement guaranteed security in a cloud environment," said U.S. Rep. Darrell Issa, a California Republican. "As all of you know, we do not guarantee security. We have breaches every week, every month, sometimes every day in government."
Cloud computing could save the U.S. government money and give agencies faster access to new technology, but it also opens up agencies to "unknown security risks" and raises questions about the level of control customers will have over their data, added Representative Diane Watson, a California Democrat. Cloud computing vendors must detail how they will meet federal data security standards, she said.
U.S. government agencies are working together to address security issues, said David McClure, associate administrator in the Office of Citizen Services and Innovative Technologies, U.S. General Services Administration (GSA). Several agencies have joined a new effort called the Federal Risk and Authorization Management Pilot program (FedRAMP), which seeks to develop security and certification standards, he said.
Despite the concerns, cloud computing will improve security, said Mike Bradshaw, director of Google Federal. Cloud computing vendors store data on multiple servers in multiple locations, making it difficult for cybercriminals to target one location, he said. The redundancy also means agencies are protected against disasters, he said.
This pilot fish is a contractor at a military base, working on some very cool fire-control systems for tanks. But when he spots something obviously wrong during a live-fire test, he can't get the firing-range commander's attention.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Reduce federal infrastructure risk with compliance management and situational awareness
- IBM continuous monitoring and management solutions deliver real-time situational awareness to help federal agencies understand vulnerabilities, and protect the infrastructure.
- The Challenges and Opportunities of Mobile Application Development
- Nearly all business users now demand mobile devices--their own or company-owned--along with anywhere access to corporate applications and data. What turns mobile devices...
- Gartner MarketScope for Group Video Systems
- The Gartner "MarketScope for Group Video Systems" evaluates 7 group video system vendors based on 6 customer-focused criteria such as customer experience, market...
- The Role of the User Experience in Video Conferencing
- While video conferencing can offer significant benefits to companies and their employees, all video conferencing solutions are not alike. To ensure successful deployment...
- Video is the New Document: Four Things You Can't Miss
- Download this research summary to find out the 4 reasons why video is quickly replacing print media and see how this can fit... All Government IT White Papers
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their...
- DevOps with PureApplication System: Reduce cost and speed delivery with an integrated IBM Cloud solution Join this webcast to hear what ING Netherlands has been able to achieve while deploying DevOps tools from IBM Rational. An ING executive...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope...
- All Government IT Webcasts