Cloud computing offers "a rich target for hackers, criminals, terrorists and rogue nations," according to the chair of a US government subcommittee on IT security.
Sacramento congressman Dan Lungren made the remarks at launch of a new hearing into the security implications of the Obama administration’s policy of using cloud computing services wherever possible in government IT.
"In light of the Administration’s ‘Cloud First Policy’ and the announced transition by the Department of Homeland Security to cloud computing, my subcommittee will be examining how government information is being managed and secured in the cloud environment," Lungren said. "We also want to hear how the private sector is implementing this shared technology option, its cost savings and risk concerns."
He said that the subcommittee was concerned about the concentration of sensitive data in centralised repositories, supposedly creating a "rich target" for criminals.
John Curran, the president for the American Registry for Internet Numbers said that while physical data location, interaction between cloud services and federal security and future changes in cloud computing as the major security risks, he added that "none of these risks precludes the use of cloud computing services by the federal government, but each does pose new challenges for federal CIOs to consider".
Tim Brown, president of CA Technologies, said that while hype around cloud computing was accelerating, there was confusion over what exactly it is, and what risks are involved. Brown mentioned several security concerns, including "the critical role that identity management and authentication play in enabling cloud security."
Other members of the committee remarked that the security risks do not outweigh the benefits.
Government adoption of cloud computing in the UK has made slow progress so far. Earlier this week, however, The Guardian reported that the Cabinet Office is planning to begin procurement of G Cloud services within the month.
Information Age is holding its first Cloud Security conference on October 26th in London. Attendees will hear cloud security case studies from organisations including energy metering company Onstream and engineering group KBR, as well as security experts and practitioners.
The conference is free to attend for qualifying delegates.