HOT TOPICS >> Cloud computing | Cybersecurity | Gov 2.0 | Fiscal 2012 | Mobile | Transparency | GAO reports
AGENCY NEWS >> Defense | NASA | Homeland Security | NIST | OMB | Veterans Affairs | NARA | GSA
Latest News
Media Partner
Free Newsletter
FierceGovernmentIT tracks the latest technological developments in the U.S. government. Join more than 17,000 federal/state decision makers and IT executives who get FierceGovernmentIT via email. Sign up today!
About | View Sample | Privacy
Whitepapers
- End-of-life solution management for mobile devices reduces MNCs' security, compliance and sustainability risks
- Efficiency On Demand
- Migrating enterprise digital communication to the Cloud
- Virtual Game Changer
- Business Intelligence: It's All in the Data
- Innovative Solutions for Database and DBA Management
Be wary of privacy risks in the commercial cloud, says CIO Council
Any federal agency contemplating contracting with a commercial cloud computing provider risks running afoul of government privacy standards, warned the CIO Council privacy committee.
Federal data held in a commercial cloud could come under the jurisdiction of local or foreign law enforcement authorities depending on where the provider's servers are located, a new paper from the committee warned. Or the data could become an asset in bankruptcy should the provider go under or the private sector might simply fail to properly implement federal security requirements, the paper added, listing potential risks.
Certain records management laws could limit the ability of government agencies to utilize a commercial cloud in any case, at least for official records, according to the council.
Nonetheless, should a federal agency pursue a commercial cloud strategy, it should seek to enforce federal privacy interests in the contract language and not simply amend the terms of service, the paper stated.
"Without precautions, there is no way an agency can ensure that CCPs do not use subcontractors or that information is not transferred to other third parties without the knowledge and approval of the contracting agency," it stated. In fact, the CIO Council privacy committee is at work on contractual language that could be promulgated through the Federal Acquisition Regulation.
Before signing a contract, agencies should determine the appropriate level of privacy protection through a Privacy Threshold Analysis, the paper stated. Then, they should conduct a Privacy Impact Assessment, not forgetting to make Privacy Act considerations.
Agencies should also keep in mind the Federal Information Security and Management Act and other security policies and consider whether a commercial provider complies with those requirements, the paper stated. Two commercial providers are currently going through the certification and accreditation process, the paper stated, without naming the vendors.
For more:
- download the CIO Council Privacy Council paper (.docx)
Related Articles:
Cybersecurity guidance lacking for federal cloud computing
Guest commentary: Cloud computing--bridging the gap
DoD program managers wary of cloud computing
SHARE WITH:
Home
| Subscribe | Advertise | Mobile Edition | RSS |
Privacy
| Site Map
| EditorsTHE FIERCEMARKETS NETWORKFierceEnergy | FierceSmartGrid | FierceFinance | FierceFinanceIT | FierceComplianceIT | FierceHealthcare | FierceHealthFinance | FierceHealthIT | Hospital Impact | FierceMobileHealthcare | FierceHealthPayer | FiercePracticeManagement | FierceEMR | FierceCIO | FierceCIO:TechWatch | FierceContentManagement | FierceMobileIT | FierceGovernmentIT | FierceGovernment | FierceHomelandSecurity | FierceBiotech | FierceBiotech Research | FiercePharma | FierceVaccines | FierceBiotechIT | FiercePharma Manufacturing | FierceMedicalDevices | FierceDrugDelivery | FierceIPTV | FierceOnlineVideo | FierceTelecom | FierceEnterpriseCommunications | FierceBroadbandWireless | FierceDeveloper | FierceMobileContent | FierceWireless | FierceWireless:Europe | FierceCable© 2011 FierceMarkets. All rights reserved. |
 |
