14 DAY TRIAL // As government agencies turn their views in the direction of cloud based systems to manage their information infrastructures, many begin to wonder and ponder on the risks involved in taking the step.
ReadWriteCloud informs us that on Thursday, Congress revealed its fears about the factors that threaten both private and public clouds, especially the implications involved in a potential data breach that might leak sensitive national data in the hands of cybercriminals.
DHS CIO Richard A. Spires, stated in front of the lawmakers that they plan on respecting the schedule when it comes to implementing the new structures to replace some of their old systems and added that they're working on outlining the differences between public and private in terms of the cloud.
"While private clouds incorporate new technologies that may be challenging to secure, public clouds introduce additional risks that must be addressed through controls and contract provisions that ensure appropriate accountability and visibility.
"Though many distinctions can be drawn between public and private cloud computing, a fundamental measure of readiness is their ability to meet security requirements," Spires told the House Cybersecurity Subcommittee.
As public clouds will also be needed by organizations to coordinate things such as external websites, the CIO wants to make sure that the main problem represented by the “visibility gap” that exist between providers and customers is narrowed as much as possible, in his opinion, this being possible thanks to FedRAMP (Federal Risk and Authorization Management Program).
Many voices highlighted the results of recent surveys that show a large number of agencies being highly concerned about the security risks associated with cloud-based computing.
On behalf of vendors, Chief Security Architect at CA Technologies, Tim Brown, revealed that his company created a new consortium for cloud service measurement (CSMIC) that can be utilized by the government to determine if a structure provider is worthy or not.
“In conjunction with standard recognition of cloud services authorized under the FedRAMP program, the use of a framework like SMI in government procurements will enhance the analysis of competing cloud services and lead to greater standardization of solutions,” he added.