Cloud Security

Securing the Cloud

5 Government Cybersecurity Challenges in 2010: Part 4
Securing the Cloud
As Congress returns to Washington for the second session of the 111th Congress, this week will present the top five cybersecurity challenges - one each weekday - the federal government will face in 2010.
Thursday: Securing the Cloud
Friday: NIST's Growing Influence

* * *

Cloud computing hasn't been on the radar for many of those charged with securing federal IT assets, but in the coming year its visibility is bound to rise. Even without any major government cloud project, two of five federal senior federal IT professionals surveyed by the think tank Ponemon Institute this past fall recognize the security challenges cloud computing presents.

Indeed, the hacking from China of the Gmail e-mail accounts of some human rights activists revealed by Google in January exposed the frailties of secure cloud computing that must be fixed if widespread adoption by the government is to occur. Gmail is a Google cloud computing offering.

"Along the way, we will need to address various issues related to security, privacy, information management and procurement to expand our cloud computing services," said Federal CIO Vivek Kundra, the government's biggest cloud computing champion, at the launch of, an online storefront where federal agencies can purchase cloud computing services.

The advantages and disadvantages of cloud computing for government are detailed in a European Union report that has implications for the United States. "The cloud's economies of scale and flexibility are both a friend and a foe from a security point of view," the report said. "The massive concentrations of resources and data present a more attractive target to attackers, but cloud-based defenses can be more robust, scalable and cost-effective."

Former FBI agent and blogger Eric Fiterman sees cloud services as benefiting government agencies in secure data during distributed denial of services attacks. "Cloud computing services provide flexible hosting resources that can grow to accommodate a surge in demand," Fiterman wrote. Imagine if the agencies that were affected by the attacks had been sitting in the cloud when the malicious traffic started rolling in. ... These providers likely have plenty of bandwidth to sustain the attack and provide service with little to no service disruption."

The Computer Security Division of the National Institute of Standards and Technology is expected to issue guidance to help federal agencies securely employ cloud computing technology. "Everybody is very interested in ensuring security," said Peter Mell, who leading the drafting of NIST's cloud computing guidance. "What I see most discussed is security compliance issues. Can I document it, implement it, test it and show that it meets the federal government requirements for the security assistance?"

Additional Reading

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.