The Washington Post

Friday’s storms raise questions about safety of cloud computing

Correction: An earlier version of this story incorrectly identified Casey Coleman as a General Services Administration spokeswoman. She is the agency’s chief information officer. This version has been corrected.

Storm-related outages at an Amazon data center in Ashburn prompted some congressional officials on Monday to question whether the federal government is moving too swiftly to put important data on private-sector cloud computing servers.

The outages affected companies such as Netflix and Pinterest, not the government. But several federal agencies have moved e-mail and other services to cloud servers, which are housed at remote data centers and typically managed by technology companies such as Amazon or Google.

The House subcommittee on commerce, manufacturing and trade is studying the risks of such moves and hopes to schedule a hearing on the matter ahead of the August congressional recess.

“Last week’s powerful thunderstorms, along with the massive disruptions they caused, exposed some of the vulnerabilities of cloud computing,” said the panel’s chairman, Rep. Mary Bono Mack (R-Calif.), in a statement. “But I also believe the problems extend way beyond consumer convenience and customer service. There are some serious privacy issues which we need to look at as well.”

The federal government has been aggressively embracing more extensive use of cloud servers since 2010 and closing government data centers. Cloud services allow for massive volumes of information to be stored remotely, generally on several different servers, so that it can be accessed from anywhere with an Internet connection. The data often is encrypted.

Government e-mail and Web sites were among the first to move away from government servers. More sensitive data is likely to follow, federal officials say, as cloud providers demonstrate they can provide the security and continuous access that agencies require.

Federal officials predict that the most sensitive information — from the White House or CIA, for example — may be moved eventually to cloud servers maintained by the government itself, allowing for maximum control and security.

The General Services Administration switched its e-mail to a Google cloud service last year, cutting its estimated costs from $30 million to $15 million over five years, said Casey Coleman, the agency’s chief information officer. Outages, which used to come about once a month, have disappeared, she said.

The violent storm that blasted through the region Friday night disrupted power to several data centers at Amazon’s Web service facility in Ashburn. One of them lost both its primary and backup sources of power, causing outages that stretched into Saturday. No data was lost, Amazon has said. In April, the same facility also caused outages for Reddit, HootSuite, Quora and FourSquare.

“Security is the highest priority for any business that deals with customer data and it remains the top priority for AWS,” said Amazon spokesman Drew Herdener. “Our scale enables us to invest in more security policing and countermeasures than almost any company can afford themselves.”

Federal officials said major outages would be unlikely to occur at their agencies. Cloud providers price their plans based on the reliability required by customers, with the most expensive plans including redundancies that make outages less common.

Government agencies buy packages guaranteeing access to their data 99.999 percent of the time, said David L. McClure, associate administrator of GSA’s Office of Citizen Services and Innovative Technologies. “We want that redundancy, that protection if services go down.”

Bono Mack said she wants to ask agency officials more about safeguarding personal data and whether cloud services can truly provide continuous access to information when it is needed most. She also expressed concern about the vulnerability of cloud services to cyberattacks.

“Cloud computing has an enormous upside when it comes to storing and accessing information,” she said. “But have we really thought through the downside posed by cyber- terrorists, hackers and even naturally occurring threats such as thunderstorms? I’m not so sure.”

Hayley Tsukayama contributed to this report.

Craig Timberg is a national technology reporter for The Post.



Success! Check your inbox for details. You might also like:

Please enter a valid email address

See all newsletters

Show Comments

Sign up for email updates from the "Confronting the Caliphate" series.

You have signed up for the "Confronting the Caliphate" series.

Thank you for signing up
You'll receive e-mail when new stories are published in this series.
Most Read



Success! Check your inbox for details.

See all newsletters

Your Three. Video curated for you.

To keep reading, please enter your email address.

You’ll also receive from The Washington Post:
  • A free 6-week digital subscription
  • Our daily newsletter in your inbox

Please enter a valid email address

I have read and agree to the Terms of Service and Privacy Policy.

Please indicate agreement.

Thank you.

Check your inbox. We’ve sent an email explaining how to set up an account and activate your free digital subscription.