Information Security: Governmentwide Guidance Needed to Assist Agencies in Implementing Cloud Computing

Abstract

Cloud computing, an emerging form of computing in which users have access to scalable, on-demand capabilities that are provided through Internet-based technologies, reportedly has the potential to provide information technology services more quickly and at a lower cost, but it also has the potential to introduce information security risks. Accordingly, GAO was asked to testify on the benefits and risks of moving federal information technology into the cloud. This testimony summarizes the contents of a separate report that is being released today that describes the following: (1) the models of cloud computing, (2) the information security implications of using cloud computing services in the Federal Government, and (3) federal guidance and efforts to address information security when using cloud computing. The complete report is titled "Information Security: Federal Guidance Needed to Address Control Issues with Implementing Cloud Computing" (GAO-10-513). In preparing that report, GAO collected and analyzed information from industry groups, private-sector organizations, and 24 major federal agencies. In the report being released today, GAO recommended that the Office of Management and Budget, the General Services Administration, and the Department of Commerce take steps to address cloud computing security, including completion of a strategy, consideration of security in a planned procurement of cloud computing services, and issuance of guidance related to cloud computing security. These agencies generally agreed with GAO's recommendations.

Document Details

Document Type

Technical Report

Publication Date

Jul 01, 2010

Accession Number

ADA523413

Entities

Tags