[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] NASA falls short on its cloud computing security


By Dara Kerr
Security & Privacy CNET News
July 29, 2013

In its move to cloud computing, NASA has experienced some difficulties meeting security guidelines. A new report by the agency's Office of the Inspector General says that NASA needs to work on strengthening its information technology security practices.

"We found that weaknesses in NASA's IT governance and risk management practices have impeded the Agency from fully realizing the benefits of cloud computing and potentially put NASA systems and data stored in the cloud at risk," the report reads.

A few examples of poor practices include NASA moving data into public clouds without notifying the Agency's Office of the Chief Information Officer and also working with contractors that didn't "fully address" cloud computing IT security risks. In one incident, data was on the public cloud for two years without authorization or a security plan and test system. Additionally, more than 100 of NASA's internal and external Web sites didn't have proper security controls.

"This occurred because the Agency OCIO lacked proper oversight authority, was slow to establish a contract that mitigated risks unique to cloud computing, and did not implement measures to ensure cloud providers met Agency IT security requirements," the report reads


Find the best InfoSec talent without breaking your budget!
Post a Job! $99 for 31 days