Feds Weigh Security Concerns of Cloud Computing

July 7, 2010
As agencies move their data to the cloud, White House prepares strategy and cybersecurity rules.

While the U.S. government is planning on using cloud computing services to significantly reduce IT costs, several lawmakers and government IT experts expressed concern over data security risks, as agencies rely ever more increasingly on the security efforts of vendors.

Lawmakers pointed out that agencies have already begun moving their data to the cloud before the White House Office of Management and Budget (OMB) and supporting agencies have developed a government-wide security strategy, according to Gregory Wilshusen, director of information security issues at the U.S. Government Accountability Office (GAO).

The use of cloud computing can also create numerous information security risks, Wilshusen told the U.S. House of Representatives Oversight and Government Reform Committee. These risks generally relate to dependence on the security assurances and practices of a service provider and the sharing of computing resources.

The GAO released a report, stating that the Office of Management and Budget (OMB) has detailed a strategy that it says addresses many of the security challenges, including agency-specific guidance, the appropriate use of standards, and the division of cybersecurity responsibility between agency and provider.

In addition, the National Institute of Standards and Technology is working on formal guidance, which will be available for comment in September, to address cloud computing security issues lacking in existing NIST documentation on federal cybersecurity requirements. NIST recently released a similar document dealing with virtualization.

"Both federal and private sector officials have made clear that existing guidance is not sufficient," the GAO report said. The report recommended that NIST "issue cloud computing information security guidance to federal agencies to more fully address key cloud computing domain areas that are lacking in SP 800-53, such as virtualization, data center operations, and portability and interoperability, and include a process for defining roles and responsibilities of cloud computing service providers and customers."

Popular Sponsored Recommendations

Empowering the Modern Workforce: The Power of Connected Worker Technologies

March 1, 2024
Explore real-world strategies to boost worker safety, collaboration, training, and productivity in manufacturing. Emphasizing Industry 4.0, we'll discuss digitalization and automation...

3 Best Practices to Create a Product-Centric Competitive Advantage with PRO.FILE PLM

Jan. 25, 2024
Gain insight on best practices and strategies you need to accelerate engineering change management and reduce time to market. Register now for your opportunity to accelerate your...

Transformative Capabilities for XaaS Models in Manufacturing

Feb. 14, 2024
The manufacturing sector is undergoing a pivotal shift toward "servitization," or enhancing product offerings with services and embracing a subscription model. This transition...

Shifting Your Business from Products to Service-Based Business Models: Generating Predictable Revenues

Oct. 27, 2023
Executive summary on a recent IndustryWeek-hosted webinar sponsored by SAP

Voice your opinion!

To join the conversation, and become an exclusive member of IndustryWeek, create an account today!