Storm-related outages at an Amazon data center in Ashburn prompted some congressional officials on Monday to question whether the federal government is moving too swiftly to put important data on private-sector cloud computing servers.

-

The outages affected companies such as Netflix and Pinterest, not the government. But several federal agencies have moved e-mail and other services to cloud servers, which are housed at remote data centers and typically managed by technology companies such as Amazon or Google.The House subcommittee on commerce, manufacturing and trade is studying the risks of such moves and hopes to schedule a hearing on the matter ahead of the August congressional recess.

“Last week’s powerful thunderstorms, along with the massive disruptions they caused, exposed some of the vulnerabilities of cloud computing,” said the panel’s chairman, Rep. Mary Bono Mack (R-Calif.), in a statement. “But I also believe the problems extend way beyond consumer convenience and customer service. There are some serious privacy issues which we need to look at as well.”

The federal government has been aggressively embracing more extensive use of cloud servers since 2010 and closing government-

data centers. Cloud services allow for massive volumes of information to be stored remotely, generally on several different servers, so that it can be accessed from anywhere with an Internet connection. The data often is encrypted.

Government e-mail and Web sites were among the first to move away from government servers. More sensitive data is likely to follow, federal officials say, as cloud providers demonstrate they can provide the security and continuous access that agencies require.

Federal officials predict that the most sensitive information — from the White House or CIA, for example — may be moved eventually to cloud servers maintained by the government itself, allowing for maximum control and security.

The General Services Administration switched its e-mail to a Google cloud service last year, cutting its estimated costs from $30 million to $15 million over five years, said agency spokeswoman Casey Coleman. Outages, which used to come about once a month, have disappeared, she said.

The violent storm that blasted through the region Friday night disrupted power to several data centers at Amazon’s Web service facility in Ashburn. One of them lost both its primary and backup sources of power, causing outages that stretched into Saturday. No data was lost, Amazon has said. In April, the same facility also caused outages for Reddit, HootSuite, Quora and FourSquare.

“Security is the highest priority for any business that deals with customer data and it remains the top priority for AWS,” said Amazon spokesman Drew Herdener. “Our scale enables us to invest in more security policing and countermeasures than almost any company can afford themselves.”

Federal officials said major outages would be unlikely to occur at their agencies. Cloud providers price their plans based on the reliability required by customers, with the most expensive plans including redundancies that make outages less common.

Government agencies buy packages guaranteeing access to their data 99.999 percent of the time, said David L. McClure, associate administrator of GSA’s Office of Citizen Services and Innovative Technologies. “We want that redundancy, that protection if services go down.”

Bono Mack said she wants to ask agency officials more about safeguarding personal data and whether cloud services can truly provide continuous access to information when it is needed most. She also expressed concern about the vulnerability of cloud services to cyberattacks.

“Cloud computing has an enormous upside when it comes to storing and accessing information,” she said. “But have we really thought through the downside posed by cyber- terrorists, hackers and even naturally occurring threats such as thunderstorms? I’m not so sure.”



(washingtonpost.com)