"There continues to be a lack of consensus by the agencies with their cloud service providers as to how effectively to measure, monitor and evaluate security in a cloud environment," he says.
Cloud vendors, who were represented at the hearing by executives with Amazon, Rackspace and VMware, are only too eager to defend their security posture, and cheerfully support Hurd's view that the cloud offers a better security proposition than many agencies can muster in-house.
"I think what you immediately gain by working with any one of the cloud providers here and a number of other companies out there in the market is the level of sophistication that they've had to grow into and maintain to continue to operate on the Internet today," says John Engates, CTO at Rackspace. "To be a player in the cloud you really, literally have to defend against some of the most sophisticated attacks on the planet on a regular basis, and so you get really good at it, and I think those are benefits that could be immediately gained by the use of cloud computing."
Similarly, Alan Boissy, product line manager for VMware's vCloud Government Service, argues that the cloud can actually help ease the burden on federal security workers by consolidating the systems they are tasked with protecting into a centralized environment with fewer entry points.
"It's true, absolutely, the cloud is not a panacea," Boissy says. "You still have to build and run secure systems using a cloud platform, but the advantage is that you greatly reduce the surface area of concerns that your security professionals need to focus on, so they now have maybe half the problems that they used to worry about. Now they worry about that reduced amount and their focus and hopefully their execution on that can be that much better."
Sign up for Computerworld eNewsletters.