The federal government is on the cusp of fundamental changes in the way it manages information-technology security risks, but those risks will grow more complicated as agencies begin embracing on-demand computing, according to a panel of public-sector, cloud-computing experts. The discussion was part of a May 4 technology conference on cloud computing, knowledge management and open-government innovations. Sponsored by 1105 Government Information Group, the convention took place in Washington, D.C. 1105 Government Information Group is the leading provider of integrated information and media for the government information technology market. Coincidentally, the Treasury Department confirmed on the same day that it had shut down four Web sites hosted by a cloud-service provider after a security analyst found malicious code. Security in a cloud computing environment needs to be considered as three distinct areas, said the director of Cisco’s Cloud and Virtualization Solutions. Security risks — and rules duplicating the work agencies must go through to certify the security of their information systems — remain one of the biggest obstacles to adopting cloud-computing strategies, said a computer scientist at the National Institute of Standards and Technologies and vice chair of the federal government’s Interagency Cloud Computing Advisory Council. He outlined how a new government program called FedRAMP aims to address that problem by streamlining the certification process, so that an information-technology application certified for one agency will be available for all agencies to use. This would help industry too, he said.

Are you using or considering cloud computing for a security application? Email your thoughts to