Sensitive information maintained by three federal departments - Defense, Homeland Security and Health and Human Services - isn't fully safeguarded from the inquisitive eyes of government contractors, putting the data at risk of unauthorized disclosure or misuse.
"What we are trying to do in Michigan is to set the framework, which means that these cloud solution providers meet our requirements, not the other way around," says Ken Theis, director of the state Department of Technology, Management and Budget.
People who customize software often don't know what they're doing, creating an environment where adversaries can exploit unintended vulnerabilities, says Robert Lentz, the longtime Defense chief information security officer.
Microsoft Federal Chief Technology Officer Susie Adams and Chief Security Officer Bill Billings praise the new Federal Risk and Authorization Management Program that should make cloud computing easier to adopt by government agencies.
It's not just the need to educate federal officials, but the necessity to build trust in cloud computing to get the government to adopt the relatively nascent technology, says Mel Greer, Lockheed Martin's cloud computing chief strategist.
The Treasury Department blamed a cloud computing provider for the disruption of its website that provides the Internet face of the Bureau of Engraving and Printing, the agency that prints United States currency.
The Federal Risk and Authorization Management Program would eliminate costly, duplication of effort often seen in acquiring outsourced systems and could speed government adoption of cloud services, FedRAMP Vice Chair Peter Mell says.
Interview with Adrian Davis of the Information Security Forum
In terms of payments, privacy and third-party relationships, U.S. security leaders have much to learn from - and share with - their peers in the U.K. and elsewhere in the world.
This is the perspective of Adrian Davis, a senior research consultant...
"If we do not look at new collaboration models, the adversaries are going to break away at that wall and they are going to get in because they are out-innovating us," Security Innovation Network Robert Rodriguez says.