Accession Number : ADA523413


Title :   Information Security: Governmentwide Guidance Needed to Assist Agencies in Implementing Cloud Computing


Descriptive Note : Congressional testimony


Corporate Author : GOVERNMENT ACCOUNTABILITY OFFICE WASHINGTON DC


Personal Author(s) : Wilshusen, Gregory C ; Dietrich, Season ; D'Souza, Vijay ; Glover, Nancy ; Wallace, Shaunyce


Full Text : https://apps.dtic.mil/dtic/tr/fulltext/u2/a523413.pdf


Report Date : 01 Jul 2010


Pagination or Media Count : 13


Abstract : Cloud computing, an emerging form of computing in which users have access to scalable, on-demand capabilities that are provided through Internet-based technologies, reportedly has the potential to provide information technology services more quickly and at a lower cost, but it also has the potential to introduce information security risks. Accordingly, GAO was asked to testify on the benefits and risks of moving federal information technology into the cloud. This testimony summarizes the contents of a separate report that is being released today that describes the following: (1) the models of cloud computing, (2) the information security implications of using cloud computing services in the Federal Government, and (3) federal guidance and efforts to address information security when using cloud computing. The complete report is titled Information Security: Federal Guidance Needed to Address Control Issues with Implementing Cloud Computing (GAO-10-513). In preparing that report, GAO collected and analyzed information from industry groups, private-sector organizations, and 24 major federal agencies. In the report being released today, GAO recommended that the Office of Management and Budget, the General Services Administration, and the Department of Commerce take steps to address cloud computing security, including completion of a strategy, consideration of security in a planned procurement of cloud computing services, and issuance of guidance related to cloud computing security. These agencies generally agreed with GAO's recommendations.


Descriptors :   *INFORMATION SECURITY , *DATA PROCESSING SECURITY , *INTERNET , *INFORMATION SYSTEMS , *UNITED STATES GOVERNMENT , *RISK , *POLICIES , COST REDUCTION , AUDITING , VENDORS , ACCESS , SHARING , VULNERABILITY , GOVERNMENT PROCUREMENT , AUTOMATION , THREATS


Subject Categories : Government and Political Science
      Computer Systems
      Computer Systems Management and Standards


Distribution Statement : APPROVED FOR PUBLIC RELEASE