A NASA audit found that stock vendor contracts and lack of oversight are exposing it to potential security threats

An audit of NASA's public cloud computing contracts recently found that the space agency isn't meeting federal IT security requirements. 

The NASA Office of Inspector General (OIG) recently audited the space agency's public cloud computing system and found that a combination of stock vendor contracts and lack of oversight are exposing it to potential security threats.

The OIG reviewed five NASA contracts in the audit, where four relied on the cloud providers' standard contracts and one was made by NASA. All five failed to meet "federal privacy, discovery, and data retention and destruction requirements" according to ZDNet

In addition, the OIG found that a third-party cloud service that sends over 100 NASA internal and public websites had been operating without security plans or written authorization for more than two years. 

To top it off, NASA's Office of the CIO wasn't clued in on all of the cloud services that different NASA organizations had used, and in many instances, the movement to public clouds was not planned through "a central office."

The OIG concluded that NASA's public cloud contracts are at increased risk of vulnerabilities and need to be addressed through a better-coordinated cloud strategy. 

On the upside, moving to the cloud does save NASA about $1 million each year. 

In 2012, NASA stopped using the Nebula private cloud and moved its data to Azure and Amazon Web Services. The audit, which only looked at a small portion of NASA's computer infrastructure, said up to 75 percent of new IT programs are expected to start in the cloud within five years, and almost all of NASA's public data could be moved to the cloud as well. As much as 40 percent of its legacy systems could go to the cloud, too. 

Source: ZDNet

"There is a single light of science, and to brighten it anywhere is to brighten it everywhere." -- Isaac Asimov

Most Popular Articles

Copyright 2018 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki