Saying that key government security initiatives have not had time to become reality, federal officials raised a caution flag on the government’s move to cloud computing in a hearing on Capitol Hill yesterday.
Held before the House Committee on Oversight and Government Reform and the Government Management, Organization, and Procurement Subcommittee, the hearing was titled, "Cloud Computing: Benefits and Risks of Moving Federal IT into the Cloud."
The federal government spends around $80 billion on IT every year, which explained the presence at the hearing of major cloud vendors including Salesforce.com, Microsoft, EMC, and Google.
Not only will cloud computing and communications “save taxpayers money,” said Mike Bradshaw, director of Google's federal government group, but it actually improves security for government agencies.
"Agencies face significant challenges with lost or stolen laptops that contain sensitive data," Bradshaw said in his prepared statement. "The cloud enhances security by enabling data to be stored centrally with continuous and automated network analysis and protection."
The hearing also included a rare sighting of federal CIO Vivek Kundra, who was more hesitant to shift sensitive government data and communications into the cloud. "As we move to the cloud, we must be vigilant in our efforts to ensure the security of government information, protect the privacy of our citizens, and safeguard our national security interests," U.S. Chief Information Officer Vivek Kundra told lawmakers.
The hearing coincided with the release of a new report from the Government Accounting Office, which endorsed a go-slow approach to federal cloud adoption.
“In addition to benefits, the use of cloud computing can create numerous information security risks for federal agencies,” the GAO reported. “Specifically, 22 of 24 major federal agencies reported that they are either concerned or very concerned about the potential information security risks associated with cloud computing.”
To address those concerns, several big agencies have joined in a new initiative, the Federal Risk and Authorization Management Pilot program (FedRAMP), designed to develop government-wide security and certification standards.
