Cloud
News
8/2/2013
11:16 AM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

NASA Moves To Correct Cloud Problems

Federal agencies can learn a lot from shortcomings discovered in the space agency's cloud computing practices.

NASA's Next 5 Missions
NASA's Next 5 Missions
(click image for larger view)
NASA's pioneering efforts to embrace cloud computing are now revealing shortcomings that agencies may also face if they don't take a comprehensive view of what cloud migration entails. A recent audit by the Office of Inspector General found a variety of weaknesses in NASA's IT governance and risk management practices. It also concluded that the space agency hasn't fully realized the benefits of cloud computing.

Newly appointed CIO Larry Sweet responded to the findings by recommending actions that NASA should take to fix the current model, shedding a light on what other agencies might avoid as more of their IT operations move to the cloud.

Sweet said that among other actions, NASA would take new steps to develop and publish guidance on how the space agency acquires and uses cloud computing services. The agency's centers will also be required to register all purchases of cloud services with NASA's Computing Services Service Office (CSSO) to meet security requirements. The decision stems from the audit's findings that NASA's centers moved systems and data into public clouds without the CIO's knowledge or approval. The report found that on five occasions NASA acquired cloud computing services using contracts that failed to address IT security risks.

The stakes are significant. NASA projects that within the next five years up to 75% of new IT programs will begin in the cloud, and most of its public data could be stored in the cloud. And as the agency updates its legacy systems, up to 40% of them could move to the cloud. Safeguarding data will be critical during the transition, but without better oversight, NASA could face heightened risks.

[ Learn more about the feds' cloud use. Read Government IT Using Cloud To Manage Internet Gateways. ]

The audit report made a total of six recommendations that would help "strengthen NASA's IT governance practices with respect to cloud computing, mitigate business and IT security risks, and improve contractor oversight." NASA's CSSO, established in August 2011, already oversees all computing related services, including data center consolidation and cloud computing. But Sweet admitted that CSSO is lacking in some areas and vowed to make significant changes to meet the recommendations.

Sweet said all NASA organizations would use the WestPrime contract for purchasing such services. Additionally, NASA has terminated its Web services contract with eTouch -- which manages NASA's internal and external Web portals -- and will shut down all legacy eTouch infrastructure this September. The agency is implementing a new system, managed by InfoZen.

NASA will also complete an inventory of its cloud service providers to ensure they comply with Federal Risk and Authorization Management Program (FedRAMP) provisions, a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services.

As federal agencies expand to public clouds, it's important to avoid using unapproved and unsecured cloud services to prevent operational disruptions, data loss and the misuse of public funds. NASA officials agreed that cloud computing contracts must incorporate best practices and meet all FedRAMP requirements.

To eliminate confusion and miscommunication about which public clouds are acceptable, establishing a program management office responsible for cloud computing strategy and related standards is essential, according to recommendations in the audit.

The changes are expected to be completed by September 30, 2014, although Sweet said a lot will depend on NASA's budget, which is uncertain at the moment. "The recommendations are feasible; however, the implementation of the recommendations is contingent upon the availability of funds," he said.

Comment  | 
Print  | 
More Insights
2014 Private Cloud Survey
2014 Private Cloud Survey
Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.