CA Technologies Addresses U.S. Congress on Cloud Computing Security, Opportunities and Risks

Company’s Chief Security Architect Tim Brown Delivers Testimony Before U.S. House Subcommittees Concerning Cybersecurity, Infrastructure Protection, and Security Technologies

WASHINGTON, October 6, 2011 - While both the hype and promise surrounding cloud computing continue to accelerate at a rapid pace, confusion still remains about what exactly cloud computing is and the risks and benefits associated with transitioning to cloud-based environments.  While corporate and governmental organizations across the globe want to reap the cost, performance and agility benefits of cloud computing, they are wary of potential risks.

Today, CA Technologies (NASDAQ: CA) Chief Security Architect Tim Brown joined academic, government and technology leaders to offer testimony before the U.S. House Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies House Committee on Homeland Security on the opportunities and security risks associated with cloud computing.

In his testimony, Brown addressed four key areas CA Technologies believes must be considered in evaluating the transition to cloud:

• The reality of new complexities introduced with cloud computing;
• Security considerations for the cloud;
• The critical role identity management and authentication plays in enabling cloud security; and
• The importance of global standards development and adoption to ensure interoperability and common implementation of cloud solutions

“CA Technologies believes that the responsibility for securing the cloud lies with both the providers and the consumers of cloud solutions. The cloud is neither inherently more nor less secure than other IT services and solutions," Brown testified. "Generalized concerns over cloud security on the one hand, and arguments that the security risks in the cloud are overblown on the other hand, have muddied the waters to the point that policymakers and practitioners are experiencing security schizophrenia.  Should I overlook legitimate security concerns and plunge headfirst into the cloud, or should fear and uncertainty of these risks stop me from doing anything that even remotely resembles cloud computing? Like most responsible decisions, the answer lies somewhere in the middle of these two extremes.”

Brown also stated that “One of the greatest challenges facing the IT sector today is fostering online trust, including the important trust components of security and privacy.  The fact is that most online threats and successful data breaches of late have been based on and exploit access control and identity management failures in systems.  The Government Accountability Office has written to Congress about unauthorized access issues as recently as Monday of this week (October 3, 2011).  Identity management and access management controls are central to the secure adoption of cloud services.  Identity and access management practices within the cloud provide the foundation for effective security by ensuring that all users have only the appropriate level of access rights to protected resources, and that those rights are effectively enforced.  IT organizations generally as well as cloud service providers, both public and private, struggle to keep up with the explosion in the number of users from multiple systems, applications and user communities that are consuming their services and the complexity of managing access rights for these users.”

CA Technologies provided the following recommendations to Congress to accelerate the deployment of secure cloud solutions:

• Adopt policies that can accommodate future development and flexibility in the cloud market, specifically, and in IT more generally.  Too often, Federal policy has imposed static frameworks that must constantly be updated based on new technology developments.  CA Technology recommends that Congress focus on outcomes and not on specific technologies;
• Avoid policies that create a fragmented, country specific market for cloud services in the United States.  As the cloud market continues to evolve, there is great risk for market segmentation based on unique policies designed solely to address US market demands.  Policies that acknowledge the global nature of cloud markets will enable the US to maintain its leadership position in cloud computing and encourage innovation to support jobs and exports of US developed technologies;
• Support standards developed by recognized national and international standards development organizations in the areas of cloud security, interoperability, and transparency.  These standards are vital to the management of cloud security risks;
• Fund and support the continued development and rollout of FedRAMP and the NSTIC;
• Continue support for NIST and its unique role in addressing emerging security issues; and
• Encourage the federal government to leverage emerging efforts to develop service measurement indexes like the Cloud Service Measurement Initiative Consortium in government cloud procurements.  These efforts can provide federal agencies facing budget, performance, and transparency demands with tools that take data-driven approaches to evaluating competing offers of cloud technologies. 

Press Contacts


CA Technologies (NASDAQ: CA) provides IT management solutions that help customers manage and secure complex IT environments to support agile business services. Organizations leverage CA Technologies software and SaaS solutions to accelerate innovation, transform infrastructure and secure data and identities, from the data center to the cloud. Learn more about CA Technologies at


Copyright © 2011 CA, Inc. All Rights Reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.

Highlight – CA Technologies Blog

The world of enterprise IT is changing fast. Keep up.

Modern Software Factory Hub

Your source for the tips, tools and insights to power your digital transformation.

What would you like to chat about?
Call us at 1-800-225-5224
Call us at 1-800-225-5224
Contact Us

Chat with CA

Just give us some brief information and we'll connect you to the right CA ExpertCA sales representative.

Our hours of availability are 8AM - 5PM CST.

All Fields Required


We're matching your request.

Unfortunately, we can't connect you to an agent. If you are not automatically redirected please click here.

  • {{}} will be helping you today.

    View Profile

  • Transfered to {{}}

    {{}} joined the conversation

    {{}} left the conversation

  • Your chat with {{$storage.chatSession.messages[$index - 1]}} has ended.
    Thank you for your interest in CA.

    Rate Your Chat Experience.


agent is typing