back to article NASA's cloud strategy panned by NASA auditors

NASA's cloud strategy has been panned by its own auditors, proving that even technically competent oganizations can sputter when trying to soar into the tech stratosphere. In a lengthy report released on Monday by NASA's Office of Audits, investigators slammed the agency's cloud governance, risk management, and security …


This topic is closed for new posts.
  1. John Smith 19 Gold badge

    *no* minimum SLA?

    And no policies dealing with the life cycle of data within the organisation.

    This is from an organisation whose contract sizes (1000s of pages under FAR25 and cost plus) are legendary.

    NASA has lot a of diverse systems and the ability to migrate them onto (mostly) a single scaleable platform with memory and processing on demand makes a good case for a lot of their functions.

    In theory it's an excellent fit for cloud services.

    In practice, less so.

    1. Anonymous Coward
      Anonymous Coward

      Re: *no* minimum SLA?

      NASA must think the cloud is beneath them.

  2. Anonymous Coward

    Translated from management waffle ..

    "as NASA moves more of its systems and data to the cloud, it is imperative that the Agency strengthen its governance and risk management practices to safeguard its data while effectively spending its IT funds"

    translation: Instead of locking down the system and writing secure code,you should spend more of your money on lawyers and consultants, where it belongs.

    I don't understand why the NASA management can't just cross the room and directly ask the IT technitians how to secure the system.

    1. Destroy All Monsters Silver badge

      Re: Translated from management waffle ..

      Your translation is not correct at all and it doesn't help to ask the Morlocks if you are moving to Contract Universe at hyperspeed.

    2. Yet Another Anonymous coward Silver badge

      Re: Translated from management waffle ..

      Safeguard the data doesn't mean stop people getting access to it - it means ensuring that people CAN get access to it. in astronomy that means in 50, 100, 1000 years time.

      We use >100 year old photographic plates and 60 year old sky surveys to study how stars move, and 3000year old clay tablets to measure the Earth's rotation - we need guarantees slightly better than "we get raided by the feds and all your data was deleted"

  3. Dodgy Geezer Silver badge

    Not only Cloud...

    ...The most severe problem identified by the auditors was lax security policies within NASA....

    It sounds as if it wasn't only cloud systems - their general security management service sounds poor, and it was just noticed during a cloud audit...

    1. admiraljkb

      Re: Not only Cloud...

      @Geezer - That was my interpretation as well. Just the paper was skewed towards skewering (hehe) the cloud based angle.

      If you have bad practices beforehand (and whose company doesn't have a few?), then "going cloud" will likely amplify your potential failings, or at least make it much more noticeable as you evaluate your legacy systems and processes that haven't been reviewed in YEARS.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021