July 30, 2013 weblog

Inspector General audit finds problems with NASA's cloud computing efforts

by Bob Yirka , Phys.org

NASA logo

(Phys.org) —The Office of the Inspector General, led by Paul Martin, has published the results of an audit of NASA's cloud computing efforts and has found many such efforts lack proper security. The report also notes that many cloud efforts run by the agency were operating without the knowledge of its own Office of the Chief Information Officer.

Over the past several years, the Office of Management and Budget, which controls the purse strings of federal entities, has demanded that governmental agencies, such as NASA, begin transferring some or all of its and storage activities to the cloud. The idea is that doing so will save the government a lot of money. In following the directive, however, it appears that managers at NASA have failed to ensure that cloud operations are undertaken with the knowledge and approval of the agencies top information officer. Worse, it appears that many of the cloud initiatives were undertaken without due consideration given to necessary security precautions that must be put in place when applications and data become accessible across the Internet.

More specifically, the auditors found over a 100 NASA websites—both internal and external—had never been tested for security integrity. Incredibly, many of those same websites were found to have no security controls in place at all.

Government agencies have two main options when moving applications to the cloud—set up facilities on their own or contract out. NASA, like most other federal agencies has chosen the latter. Unfortunately, the auditors found that officials at the agency in many cases failed to include security issues when writing contracts, which of course resulted in them not being put in place.

Overall, the IG's report has found that weaknesses in cloud applications have impeded the agency from reaping the benefits of —namely reducing costs. And worse, the approach taken thus far has put NASA data at risk. Out of five contracts reviewed, the auditors found "none came close" to operating with industry standard security precautions.

The auditors recommend that NASA set up an office dedicated to cloud computing and the that must be put in place when such initiatives are undertaken.

© 2013 Phys.org

Citation: Inspector General audit finds problems with NASA's cloud computing efforts (2013, July 30) retrieved 20 April 2024 from https://phys.org/news/2013-07-inspector-problems-nasa-cloud-efforts.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.

Explore further

CIA faulted for choosing Amazon over IBM on cloud contract
0 shares

Feedback to editors

Relevant PhysicsForums posts

My Website For Creating Interactive Visuals Linked To Equations

7 hours ago

Number of Multiplications in the FFT Algorithm

Apr 19, 2024

Error logging in: onLoginSuccess is not a function

Apr 18, 2024

Latest Notable AI accomplishments

Apr 9, 2024

Building a homemade Long Short Term Memory with FSMs

Apr 8, 2024

Most efficient way to randomly choose a word from a file with a list of words

Apr 2, 2024

More from Programming and Computer Science

Load comments (1)