With more people making the move to the cloud, NASA has recently attempted to follow suit by transitioning into using cloud computing services. However, the move called attention to some shortcomings in their IT governance and risk management practices.
NASA’s problems with moving to the cloud should be an example to other agencies of what to avoid when they make a similar transition. For now NASA will have to resolve some of their issues with IT in order to continue moving to the cloud and update their programs.
Late In The Game
NASA has been late in the game to make the transition to public cloud services with currently only about 1% of their budget spent on cloud computing. They hope to increase this number to about 75% in the next 5 years but problems recently came to light as they attempted to move to the cloud. Auditors released a report criticizing their weaknesses in IT and the fact that a number of cloud contracts were signed without approval of the Chief Information Officer to prevent security risks.
A few of their systems ran through the cloud for two years without authorization and no security measures and tests. The CIO was completely unaware that NASA had been acquiring and employing several cloud services. The auditor’s report stated that NASA needs to strengthen its governance and provide more security for their data if it continues to move more programs to cloud computing.
NASA’s mistakes that have come under fire as a result of this report reveal a general lack of communication within its network. The CIO’s ignorance about the use cloud services means that he was not able to quickly implement IT security measures and did not exercise authority over the process of moving to the cloud.
If NASA had acquired more knowledge about cloud computing and develop a more organized strategy in regards to making this transition then these problems could have been avoided. The government requested that the agency begin using cloud services to save money in the budget. NASA attempted to comply with this request but instead of coming up with an effective plan to make the move there were unauthorized and risky decisions made by the staff.
There will still be significant changes made to NASA’s programs that will help them make a smooth transition into cloud computing. Now that their mistakes have been made public, the CIO can become more involved in the process of moving to cloud services. A more strategic and safe plan following the auditor’s suggestions will make it easier for NASA to move to the cloud without any kind of security risks that could impede their progress.
If NASA is able to quickly resolve their issues with switching to cloud services then many other government agencies can do the same and hopefully avoid the same type of IT risks. Cloud computing could allow this and other agencies an opportunity to save money and update their systems to a more modern approach that is now becoming the norm.
Leo Hart is a cloud computing expert from his time working with Custom Cloud providers of customized physical and virtual servers, security and support.