[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISN] NASA falls short on its cloud computing security
By Dara Kerr
Security & Privacy CNET News
July 29, 2013
In its move to cloud computing, NASA has experienced some difficulties
meeting security guidelines. A new report by the agency's Office of the
Inspector General says that NASA needs to work on strengthening its
information technology security practices.
"We found that weaknesses in NASA's IT governance and risk management
practices have impeded the Agency from fully realizing the benefits of
cloud computing and potentially put NASA systems and data stored in the
cloud at risk," the report reads.
A few examples of poor practices include NASA moving data into public
clouds without notifying the Agency's Office of the Chief Information
Officer and also working with contractors that didn't "fully address"
cloud computing IT security risks. In one incident, data was on the public
cloud for two years without authorization or a security plan and test
system. Additionally, more than 100 of NASA's internal and external Web
sites didn't have proper security controls.
"This occurred because the Agency OCIO lacked proper oversight authority,
was slow to establish a contract that mitigated risks unique to cloud
computing, and did not implement measures to ensure cloud providers met
Agency IT security requirements," the report reads
Find the best InfoSec talent without breaking your budget!
Post a Job! $99 for 31 days