The U.S. government's increasing use of cloud computing services could lead to new data security risks, with agencies compelled to put their trust in vendors' security efforts, several lawmakers and a government IT expert said Thursday.

Cloud computing will likely give the U.S. government several benefits, including significantly lower IT costs, but agencies are moving their data to the cloud before the White House Office of Management and Budget (OMB) and supporting agencies have developed a governmentwide security strategy, said Gregory Wilshusen, director of information security issues at the U.S. Government Accountability Office (GAO).

"The use of cloud computing can also create numerous information security risks," Wilshusen told the U.S. House of Representatives Oversight and Government Reform Committee. "These risks generally relate to dependence on the security assurances and practices of a service provider and the sharing of computing resources."

IT executives at 22 of 24 major U.S. agencies surveyed by GAO raised concerns about cloud computing security, even as officials in President Barack Obama's administration push cloud computing, Wilshusen said. A GAO report released Thursday listed several security concerns: vendors using ineffective security practices, agencies not able to examine the security controls of vendors, cybercriminals targeting data-rich clouds, and agencies losing access to their data if the relationship with a vendor ends.

Read More

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service.