Defense bill calls on Pentagon to evaluate commercial cloud computing

Congress wants department to assess companies' ability to provide secure Internet-based services.

The 2011 Defense Authorization Act, sent to President Obama for his signature on Wednesday, calls on the Pentagon to evaluate the capabilities of commercial vendors to provide secure cloud computing services to the federal government.

Cloud computing replaces the current structure of accessing data and applications locally with a networked system that stores them in remote data centers. On Dec. 9, the Office of Management and Budget released a "cloud first" policy requiring agencies to evaluate the practicality of leasing access to Web-based equipment before buying new hardware or software. It was one of the most sweeping changes in federal computer policy since 1996.

But security experts have warned that any large-scale move to cloud computing also must take in to account the vulnerabilities of such an architecture, including protection against attack.

The final version of the Defense authorization bill omits language from an earlier House version, which called for establishing a National Office of Cyberspace in the White House.

The final version does retain language from the earlier House bill that requires the Pentagon to set up cybersecurity pilot programs with industry to detect threats against military networks worldwide and help protect the defense industrial base against cyberattack.