NASA Cloud Computing Program Weak

Wednesday, August 7, 2013 @ 04:08 PM gHale


NASA likes to be flying above the clouds, however, its cloud computing strategy came under fire from U.S. authorities after they found major security failings and a lack of communication and organization.

NASA’s cloud services “failed to meet key IT security requirements,” according to the report, which went on to say five NASA contracts for acquiring cloud services, “none came close to meeting recommended best practices for ensuring data security.”

RELATED STORIES
Cloud Security Draft Document
Cloudy Days Ahead: Business App Risks
Cloud Developers Close Security Holes
Cloud Security Reputation Growing

NASA spends $1.5 billion annually on IT services, only $10 million of which covers the cloud. However, the agency itself found 75 percent of its future IT programs will be in the cloud, making the findings of the Office of the Inspector General even more of a concern.

The report listed numerous problems with the way in which the agency failed to meet federal IT security requirements.

“We found that the cloud service used to deliver Internet content for more than 100 NASA internal and public-facing websites had been operating for more than two years without written authorization or system security or contingency plans,” the report said.

The audit also found required annual tests of security controls had not been performed, which it said “could result in a serious disruption to NASA operations.”

NASA Chief Executive Larry Sweet joined the agency in June.

“Several NASA Centers moved agency systems and data into public clouds without the knowledge or consent of the Agency’s Office of the Chief Information Officer,” the report said.

The reported noted Sweet agreed with the findings and, with the availability of funds, will work “to improve NASA’s IT governance and risk-management practices.”

Click here to download the report from the Office of Inspector General.



Leave a Reply

You must be logged in to post a comment.