back to article NASA's cloud strategy panned by NASA auditors

NASA's cloud strategy has been panned by its own auditors, proving that even technically competent oganizations can sputter when trying to soar into the tech stratosphere. In a lengthy report released on Monday by NASA's Office of Audits, investigators slammed the agency's cloud governance, risk management, and security policies …

COMMENTS

This topic is closed for new posts.
Gold badge
WTF?

*no* minimum SLA?

And no policies dealing with the life cycle of data within the organisation.

This is from an organisation whose contract sizes (1000s of pages under FAR25 and cost plus) are legendary.

NASA has lot a of diverse systems and the ability to migrate them onto (mostly) a single scaleable platform with memory and processing on demand makes a good case for a lot of their functions.

In theory it's an excellent fit for cloud services.

In practice, less so.

0
0
Bronze badge

Re: *no* minimum SLA?

NASA must think the cloud is beneath them.

3
1
Facepalm

Translated from management waffle ..

"as NASA moves more of its systems and data to the cloud, it is imperative that the Agency strengthen its governance and risk management practices to safeguard its data while effectively spending its IT funds"

translation: Instead of locking down the system and writing secure code,you should spend more of your money on lawyers and consultants, where it belongs.

I don't understand why the NASA management can't just cross the room and directly ask the IT technitians how to secure the system.

0
1
Silver badge
Holmes

Re: Translated from management waffle ..

Your translation is not correct at all and it doesn't help to ask the Morlocks if you are moving to Contract Universe at hyperspeed.

0
1
Silver badge

Re: Translated from management waffle ..

Safeguard the data doesn't mean stop people getting access to it - it means ensuring that people CAN get access to it. in astronomy that means in 50, 100, 1000 years time.

We use >100 year old photographic plates and 60 year old sky surveys to study how stars move, and 3000year old clay tablets to measure the Earth's rotation - we need guarantees slightly better than "we get raided by the feds and all your data was deleted"

1
1
Silver badge

Not only Cloud...

...The most severe problem identified by the auditors was lax security policies within NASA....

It sounds as if it wasn't only cloud systems - their general security management service sounds poor, and it was just noticed during a cloud audit...

2
0

Re: Not only Cloud...

@Geezer - That was my interpretation as well. Just the paper was skewed towards skewering (hehe) the cloud based angle.

If you have bad practices beforehand (and whose company doesn't have a few?), then "going cloud" will likely amplify your potential failings, or at least make it much more noticeable as you evaluate your legacy systems and processes that haven't been reviewed in YEARS.

1
0
This topic is closed for new posts.

Forums