Cloud Security Looks Murky for Feds

Security for cloud computing needs to improve before the cloud becomes widespread among U.S. government agencies.

In an article on the Network World website, Michael Cooney says that according to a report issued by the Government Accountability Office, federal agencies that haven’t yet implemented cloud computing may be hesitant to do so until specific security rules are developed. And those that have cloud computing may not have adequate security controls.

“Several of these risks relate to being dependent on a vendor’s security assurances and practices,” says the article. Cooney lists several of these security concerns, including: vulnerabilities affecting data confidentiality, integrity and availability; potential loss of governance and physical control over agency data; cloud providers’ failure to delete, or effectively delete, agency data after delivering the service; and many more.

“Multitenancy, or the sharing of computing resources by different organizations, can also increase risk,” Cooney writes, “…one customer could intentionally or unintentionally gain access to another customer’s data, causing a release of sensitive information.”

To read the Network World article, click here: