recommended reading

Experts say security concerns about cloud computing are overstated

Think tank and industry experts downplayed widespread security concerns surrounding a government transition to cloud computing Thursday, saying the cloud may actually be safer than traditional storage of government information in federally owned data centers.

Technology has been developed, though not widely implemented, that allows cloud storage providers to host encrypted data that only the data's creators can decrypt, not its hosts, said Dan Reed, Microsoft's vice president for technology policy.

That technology also includes monitors that tell a government agency or other data creator if the cloud provider babysitting the data makes any attempt to decrypt it, he said.

There's also new technology in the pipeline that would allow agencies and other data creators to analyze and sift their own data while it's in the cloud without first decrypting the data itself, he said.

Reed was speaking at a panel discussion on the not-yet-introduced 2011 Cloud Computing Act, hosted by the Brookings Institution. There's been a great deal of speculation about what that act, sponsored by Sens. Amy Klobuchar, D-Minn., and Orrin Hatch, R-Utah, will include.

The act is expected out in a matter of weeks.

Cloud computing providers essentially sell information storage space on remote computer servers much like a utility sells electricity or water, with buyers paying only for the amount of space they actually use. Critics have said cloud storage limits federal agencies' ability to safeguard their own data.

Consolidating data into a cloud storage facility -- which may be the size of a football field or larger -- creates a larger target profile, according to Darrel West, director of Brookings' Center for Technology Innovation and the panel moderator, but it also creates economies of scale. "You can bring to bear some more best practices [and] professionals whose only job is to think about these kinds of issues," he said.

"There are some collateral advantages of cloud consolidation in terms of raising security standards," he said. "If you're a small business, odds are your security is not very good. You likely don't have the revenue or the IT expertise to procure world class security."

Another major question about cloud computing is the ease with which information will be able to be stored across international borders.

U.S. and European officials have been meeting regularly to try to reach standard or nearly standard agreements about how one nation's information should be treated when it's stored in another nation and what legal rights the hosting nation might have, according to Philip Verveer, the State Department's deputy undersecretary for information policy.

The Japanese tsunami wiped out personal records for many people in the worst-hit areas, Verveer said, which has prompted the Japanese government to consider storing duplicates of some of its vital government information in North America.

Japan and the host nation would have to negotiate a very complex agreement about Japan's control over that information before that could be a possibility, he said.

Threatwatch Alert

Accidentally leaked credentials / Software vulnerability

Cloudflare Bug Leaked Passwords, Dating Chats and Other Sensitive Info for Months

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

    Download
  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

    Download
  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

    Download
  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

    Download

When you download a report, your information may be shared with the underwriters of that document.