U.S. Government uses Questionable Cloud Services
In early October, CIGIE released a cybersecurity report on the government’s use of cloud storage. The Council of the Inspectors General on Integrity and Efficiency (CIGIE) was established in 2008 to ensure the integrity of technical aspects of government agencies, among other duties. The government supports roughly 350 cloud contracts worth $12 billion. The industry is growing rapidly as more government agencies begin to rely on cloud storage. Due to the relative newness of cloud storage, this is one of the first times CIGIE has released such a report.
Out of 77 commercial cloud contracts, more than 50 failed to meet security standards all government agencies must follow. Some contractors are following a number of guidelines, but none of them completely fulfilled their promises. Even worse, about half of the agencies that have commercial cloud contracts don’t know what kind of cloud services they use. There is an unfortunate amount of ignorance and apathy on both sides, which puts the government at risk. The CIGIE further reported that because of poor reporting, agencies could misuse government funds, costing taxpayers even more money.
Types of Cloud Services used by the U.S. Government
The term “cloud services” is vague in this context. It doesn’t help that the agencies involved don’t actually know what services they use. However, it’s likely they use cloud hosting like the services offered at SiteGround. They might also use simple cloud storage like the services offered at Dropbox. Given the numerous contracts, we can say with some certainty that the government uses all types of cloud services for their data backups and webhosting.
Should U.S. Citizens be Concerned?
Cloud storage can be a safe backup method when rigorous security measures are followed by both the user and client. Unfortunately, this is rarely the case. Big companies like Target, Home Depot, and JPMorgan recently experienced large security breaches thanks to their use of cloud storage with easily patched vulnerabilities . The government isn’t hack-proof, especially if their contractors continue to follow lazy security practices.