Lawmakers question cloud security

A rush by President Barack Obama's Administration to move U.S. government agencies to cloud computing services may lead to unintended security problems and other headaches, some lawmakers said during a House Homeland Security Committee hearing. While agency adoption of cloud computing could save money, it may also lead to questions about control of agency data, about data portability and about whether cloud vendors will be prime targets for cybercriminals, several members of the committee's cybersecurity subcommittee said during a hearing.

"Our concern is that the cloud offers a rich target for hackers, criminals, terrorists, and rogue nations," said Subcommittee Chairman Dan Lungren (R-CA). "With cyber-espionage affecting every sector of our economy, aggregating important information in one location is a legitimate security concern. You might say it's a target-rich environment." Many cloud providers spread data across servers and data centers to reduce risk, said Timothy Brown, senior vice president and chief architect for security at CA Technologies. "Little pieces of your data are stored in little pieces on servers all over the world," he said. "Therefore, they can't be reconstituted into one piece." Other subcommittee members questioned whether agencies should use the services of foreign cloud providers and what will happen to an agency's data if its cloud provider goes out of business. Lawmakers need to examine cloud computing's benefits and risks after the Obama administration issued a "cloud first" strategy for IT deployment in February, Rep Lungren said. Five of seven witnesses before the subcommittee defended cloud computing, saying it can save U.S. agencies significant money and allow them to upgrade their technology much faster than they can with in-house systems.