The Treasury Department Inspector General responsible for the Internal Revenue Service has called attention to cybersecurity
lapses in the IRS' money-saving virtual infrastructure.
The IRS uses cloud computing in which multiple virtual servers run on one physical host. The goal is to save money and electricity.
Technical experts define "virtual servers" as a simulated environment that can run its own operating systems and software as if it were a physical computer, according to the report.
Auditors surveying the IRS' cybersecurity procedures said that a "successful attack against a host can compromise all of the virtual servers residing on that host."
Of the sixteen hosts tested, twelve — or 43 percent — were found to be potentially vulnerable. Others were missing security patches.
The IRS also did not use automated means to check security configuration settings — meaning it did not maintain complete chronological records of user logins and file access records, according to the report.
As of June 2013, the IRS was running 328 hosts and 5,399 virtual servers achieving an estimated $51 million in cost savings.
The Inspector General's report said that the more data maintained in the IRS' virtual environment, the bigger the danger to cybersecurity and the greater the need for increasingly vigilant safety measures.
The report recommended a series of technical steps to improve security including better coordination between the physical and virtual hosts; timely software fixes when problems are uncovered, and better record keeping.
Some of the report, completed in September but only released in November, was redacted for security reasons.
IRS manager did not contest the recommendations.
© 2014 Newsmax. All rights reserved.