FROM THE NEWS ROOM: Since the time when NASA moved to cloud computing, there have been grave security concerns related to its confidential information stored in virtual spaces. A recent report by NASA’s Office of the Inspector General states that there is a dire need to strengthen the practices observed for the security of its information technology.
According to the report,
.We found that weaknesses in NASA’s IT governance and risk management practices have impeded the Agency from fully realizing the benefits of cloud computing and potentially put NASA systems and data stored in the cloud at risk..
NASA has exhibited some really poor security practices in the recent times including the shifting of data into public clouds without prior notification to the Agency’s Office of the Chief Information Officer. Another flaw on NASA’s part is the working with those contractors that lacked in addressing cloud computing IT security risks completely. There was another incident when the public cloud held data for around two years with no security plan or authorization and test system. Furthermore, there were more than 100 external and internal websites of NASA that lacked fool-proof security controls.
The report further elaborated,
.This occurred because the Agency OCIO lacked proper oversight authority, was slow to establish a contract that mitigated risks unique to cloud computing, and did not implement measures to ensure cloud providers met Agency IT security requirements..
The report also revealed that all those five contracts that NASA had for cloud hosting were not efficient enough to meet data security requirements.
In 2009, NASA came up with Nebula, its own private cloud computing platform that was situated at the agency’s Ames Research Center. However, the agency chose to shift its entire data to public clouds in 2012 due to lower cost and better reliability offered by it.
During last one year, NASA has been extremely ignorant towards cloud computing and used up not more than 1% of its $1.5 billion annual IT budget in this sector. Despite of this, the agency aims to allocate a large amount of future spending for cloud security and related initiatives. NASA has plans to initiate 75% of its fresh IT programs using the cloud in the next five years. Similarly, the entire public data of the agency will be stored in cloud during that span.
Another extract from the report states,
.As NASA moves more of its systems and data to the cloud, it is imperative that the Agency strengthen its governance and risk management practices to safeguard its data while effectively spending its IT funds..
NASA needs to ensure a high level security to all its data stored in the cloud that is currently at high risk due to poor security measures. However, the future plans of NASA clearly indicate the complete dependability of the agency over the cloud computing.