NASA Moves To Correct Cloud Problems - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Cloud

NASA Moves To Correct Cloud Problems

Federal agencies can learn a lot from shortcomings discovered in the space agency's cloud computing practices.

NASA's Next 5 Missions
NASA's Next 5 Missions
(click image for larger view)
NASA's pioneering efforts to embrace cloud computing are now revealing shortcomings that agencies may also face if they don't take a comprehensive view of what cloud migration entails. A recent audit by the Office of Inspector General found a variety of weaknesses in NASA's IT governance and risk management practices. It also concluded that the space agency hasn't fully realized the benefits of cloud computing.

Newly appointed CIO Larry Sweet responded to the findings by recommending actions that NASA should take to fix the current model, shedding a light on what other agencies might avoid as more of their IT operations move to the cloud.

Sweet said that among other actions, NASA would take new steps to develop and publish guidance on how the space agency acquires and uses cloud computing services. The agency's centers will also be required to register all purchases of cloud services with NASA's Computing Services Service Office (CSSO) to meet security requirements. The decision stems from the audit's findings that NASA's centers moved systems and data into public clouds without the CIO's knowledge or approval. The report found that on five occasions NASA acquired cloud computing services using contracts that failed to address IT security risks.

The stakes are significant. NASA projects that within the next five years up to 75% of new IT programs will begin in the cloud, and most of its public data could be stored in the cloud. And as the agency updates its legacy systems, up to 40% of them could move to the cloud. Safeguarding data will be critical during the transition, but without better oversight, NASA could face heightened risks.

[ Learn more about the feds' cloud use. Read Government IT Using Cloud To Manage Internet Gateways. ]

The audit report made a total of six recommendations that would help "strengthen NASA's IT governance practices with respect to cloud computing, mitigate business and IT security risks, and improve contractor oversight." NASA's CSSO, established in August 2011, already oversees all computing related services, including data center consolidation and cloud computing. But Sweet admitted that CSSO is lacking in some areas and vowed to make significant changes to meet the recommendations.

Sweet said all NASA organizations would use the WestPrime contract for purchasing such services. Additionally, NASA has terminated its Web services contract with eTouch -- which manages NASA's internal and external Web portals -- and will shut down all legacy eTouch infrastructure this September. The agency is implementing a new system, managed by InfoZen.

NASA will also complete an inventory of its cloud service providers to ensure they comply with Federal Risk and Authorization Management Program (FedRAMP) provisions, a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services.

As federal agencies expand to public clouds, it's important to avoid using unapproved and unsecured cloud services to prevent operational disruptions, data loss and the misuse of public funds. NASA officials agreed that cloud computing contracts must incorporate best practices and meet all FedRAMP requirements.

To eliminate confusion and miscommunication about which public clouds are acceptable, establishing a program management office responsible for cloud computing strategy and related standards is essential, according to recommendations in the audit.

The changes are expected to be completed by September 30, 2014, although Sweet said a lot will depend on NASA's budget, which is uncertain at the moment. "The recommendations are feasible; however, the implementation of the recommendations is contingent upon the availability of funds," he said.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
10 Ways to Prepare Your IT Organization for the Next Crisis
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/20/2020
News
IT Spending Forecast: Unfortunately, It's Going to Hurt
Jessica Davis, Senior Editor, Enterprise Apps,  5/15/2020
Commentary
Helping Developers and Enterprises Answer the Skills Dilemma
Joao-Pierre S. Ruth, Senior Writer,  5/19/2020
White Papers
Register for InformationWeek Newsletters
The State of IT & Cybersecurity Operations 2020
The State of IT & Cybersecurity Operations 2020
Download this report from InformationWeek, in partnership with Dark Reading, to learn more about how today's IT operations teams work with cybersecurity operations, what technologies they are using, and how they communicate and share responsibility--or create risk by failing to do so. Get it now!
Video
Current Issue
Key to Cloud Success: The Right Management
This IT Trend highlights some of the steps IT teams can take to keep their cloud environments running in a safe, efficient manner.
Slideshows
Flash Poll