Government Prepping Cloud Computing Guidance

As a report warns agencies won't move forward without clearer policy, White House readies comprehensive cloud strategy and cybersecurity rules.
The GAO report, also divulged at the hearing, urges OMB, GSA, NIST, and the federal CIO Council to finalize and formalize its guidance and processes to accelerate cloud adoption. "Until federal guidance and processes that specifically address information security for cloud computing are developed, agencies may be hesitant to implement cloud computing, and those programs that have been implemented may not have effective information security controls in place," the report says.

In carrying out the report, GAO surveyed 24 major federal agencies, conducted interviews with representatives from government and industry, and reviewed relevant publications and white papers, finding that agencies shared a number of common concerns about cloud computing.

Overall, 22 of 24 major agencies reported to GAO that they were concerned or very concerned about cloud security, including issues like data leakage to unauthorized users and loss of service if a cloud provider goes out of business or terminates a certain service. NASA officials pointed GAO to challenges with identity management and user authentication, while the Nuclear Regulatory Commission keyed in on the need to clearly delineate security responsibilities between customer and provider.

However, while agencies are expressing concern, few of their concerns have yet made it into formal policies and procedures. Only nine agencies had approved and documented policies for enforcing comprehensive cloud computing service level agreements, four agencies had documented policies limiting the type of information that can be placed in a cloud, and two limited the type of cloud deployment model used.

In related news, GSA deputy administrator Dave McClure, whose Office of Citizen Services and Innovative Technologies operates the government's application store, said that GSA on Wednesday closed a new blanket purchase agreement that will place infrastructure-as-a-service offerings like Amazon Web Services on

Editor's Choice
Cynthia Harvey, Freelance Journalist, InformationWeek
John Edwards, Technology Journalist & Author
Jessica Davis, Senior Editor