Nasa's cloud computing strategy came under fire from US
authorities, with concerns raised about major security failings and a lack of
communication and organisation.
The report from
the US Office of Inspector General (OIG) stated that Nasa's cloud services
"failed to meet key IT security requirements". It went on to say that
of five Nasa contracts for acquiring cloud services, "none came close to
meeting recommended best practices for ensuring data security."
Nasa currently spends $1.5bn
annually on IT services, only $10m of which is based in the cloud. However, the
agency itself predicts that 75 percent of its future IT programmes will be in
the cloud, making the findings of the Office of the Inspector General even more
of a cause for concern.
The report went on, listing
numerous problems with the way in which the agency failed to meet federal IT
security requirements. "We found that the cloud service used to deliver
internet content for more than 100 NASA internal and public-facing websites had
been operating for more than two years without written authorisation or system
security or contingency plans," it said.
The audit also found that
required annual tests of security controls had not been performed, which it
said "could result in a serious disruption to Nasa operations".
Nasa chief executive Larry Sweet
joined the agency in June and seemingly has a mountain to climb to reorder his
department's operations, with many decisions seemingly made with his
predecessor completely in the dark. "Several Nasa Centers moved Agency
systems and data into public clouds without the knowledge or consent of the
Agency's Office of the Chief Information Officer," the report said.
The reported noted that Sweet
agreed with the findings and, with the availability of funds, will work
"to improve Nasa's IT governance and risk-management practices".
Nasa has long been a supporter of
cloud computing projects, lending its backing to the OpenStack open-source cloud project
in 2010.
0 comments:
Post a Comment