Maybe you’ve seen the television commercial with a clueless couple sending their household items up in a hot air balloon to be stored “in the cloud.” It’s funny, but also holds more than a grain of truth. Many of us don’t fully understand the cloud. So we might not realize its promise or potential hazards.
Cloud computing uses remote Internet servers to manage, store, and process data or content. If you use Facebook or Shutterfly, you are using cloud computing. These kinds of cloud computing applications are attractive because they help users free up computer space, keep better track of their photos or music, or organize their files.
Businesses and federal agencies are also relying more on cloud computing because it reduces costs and increases efficiency of services. You just turn on the application as you need it, or “on demand.” Some people have compared cloud computing to a utility, such as an energy company. All you do is plug in and you are ready to go. The energy company handles the details of generating electricity at the power plant and the customer just turns on the switch and uses it.
But cloud computing also comes with risks of data leaks and loss of public trust. This is especially vexing for government agencies, which have turned to the cloud to help them do more with less. The Council of Inspectors General on Integrity and Efficiency (CIGIE) has attempted to guide federal agencies in their cloud computing contracts with a memorandum that included areas of information accessibility, data security, and privacy concerns, among others. The U.S. Postal Service recently updated its handbook, Cloud Security, and established information on security policies and requirements to protect its information in a cloud computing environment.
Recently we audited 13 Postal Service cloud computing contracts and found the contracts did not address information accessibility and data security for network access and server locations. Why? Because these contracts were established under the Postal Service’s older handbook and did not have the stronger controls of its newer Cloud Security handbook. They would have benefited from the Cloud Security guidelines on information accessibility and data security gaps, our report noted.
If not implemented correctly, cloud computing runs potential security risks, such as the loss of customer information, and could hurt the Postal Service’s reputation as a trusted agency, which in turn would harm its brand. Yet cloud computing can streamline processes, reduce spending on technology infrastructure, and improve flexibility, among other benefits. The key will be employing the right security controls.
Share your thoughts on cloud computing and what role the Postal Service might play. Do you have privacy or security concerns in maintaining information in the cloud?