NASA Moves To Correct Cloud Problems - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Cloud

NASA Moves To Correct Cloud Problems

Federal agencies can learn a lot from shortcomings discovered in the space agency's cloud computing practices.

NASA's Next 5 Missions
NASA's Next 5 Missions
(click image for larger view)
NASA's pioneering efforts to embrace cloud computing are now revealing shortcomings that agencies may also face if they don't take a comprehensive view of what cloud migration entails. A recent audit by the Office of Inspector General found a variety of weaknesses in NASA's IT governance and risk management practices. It also concluded that the space agency hasn't fully realized the benefits of cloud computing.

Newly appointed CIO Larry Sweet responded to the findings by recommending actions that NASA should take to fix the current model, shedding a light on what other agencies might avoid as more of their IT operations move to the cloud.

Sweet said that among other actions, NASA would take new steps to develop and publish guidance on how the space agency acquires and uses cloud computing services. The agency's centers will also be required to register all purchases of cloud services with NASA's Computing Services Service Office (CSSO) to meet security requirements. The decision stems from the audit's findings that NASA's centers moved systems and data into public clouds without the CIO's knowledge or approval. The report found that on five occasions NASA acquired cloud computing services using contracts that failed to address IT security risks.

The stakes are significant. NASA projects that within the next five years up to 75% of new IT programs will begin in the cloud, and most of its public data could be stored in the cloud. And as the agency updates its legacy systems, up to 40% of them could move to the cloud. Safeguarding data will be critical during the transition, but without better oversight, NASA could face heightened risks.

[ Learn more about the feds' cloud use. Read Government IT Using Cloud To Manage Internet Gateways. ]

The audit report made a total of six recommendations that would help "strengthen NASA's IT governance practices with respect to cloud computing, mitigate business and IT security risks, and improve contractor oversight." NASA's CSSO, established in August 2011, already oversees all computing related services, including data center consolidation and cloud computing. But Sweet admitted that CSSO is lacking in some areas and vowed to make significant changes to meet the recommendations.

Sweet said all NASA organizations would use the WestPrime contract for purchasing such services. Additionally, NASA has terminated its Web services contract with eTouch -- which manages NASA's internal and external Web portals -- and will shut down all legacy eTouch infrastructure this September. The agency is implementing a new system, managed by InfoZen.

NASA will also complete an inventory of its cloud service providers to ensure they comply with Federal Risk and Authorization Management Program (FedRAMP) provisions, a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services.

As federal agencies expand to public clouds, it's important to avoid using unapproved and unsecured cloud services to prevent operational disruptions, data loss and the misuse of public funds. NASA officials agreed that cloud computing contracts must incorporate best practices and meet all FedRAMP requirements.

To eliminate confusion and miscommunication about which public clouds are acceptable, establishing a program management office responsible for cloud computing strategy and related standards is essential, according to recommendations in the audit.

The changes are expected to be completed by September 30, 2014, although Sweet said a lot will depend on NASA's budget, which is uncertain at the moment. "The recommendations are feasible; however, the implementation of the recommendations is contingent upon the availability of funds," he said.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
2021 Outlook: Tackling Cloud Transformation Choices
Joao-Pierre S. Ruth, Senior Writer,  1/4/2021
News
Enterprise IT Leaders Face Two Paths to AI
Jessica Davis, Senior Editor, Enterprise Apps,  12/23/2020
Slideshows
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
White Papers
Register for InformationWeek Newsletters
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Video
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Slideshows
Flash Poll