Skip to main content

Information Security: Additional Guidance Needed to Address Cloud Computing Concerns

GAO-12-130T Published: Oct 06, 2011. Publicly Released: Oct 06, 2011.
Jump To:
Skip to Highlights


Cloud computing, an emerging form of computing where users have access to scalable, on-demand capabilities that are provided through Internet-based technologies, has the potential to provide information technology services more quickly and at a lower cost, but also to introduce information security risks. Accordingly, GAO was asked to testify on the security implications of cloud computing. This testimony describes (1) the information security implications of using cloud computing services in the federal government; (2) GAO's previous reporting on federal efforts and guidance to address cloud computing information security; and (3) GAO recommendations and subsequent actions taken by federal agencies to address federal cloud computing security issues. In preparing this statement, GAO summarized its May 2010 report on cloud computing security and assessed agency actions to implement its recommendations.

Full Report

Office of Public Affairs


Access controlComputer resources managementComputer securityComputer security incidentsComputer security policiesCyber securityFederal agenciesInformation accessInformation managementInformation resources managementInformation securityInformation systemsInformation technologyInternal controlsInternetRisk assessmentRisk factorsRisk managementStandardsTechnology