NASA Flunked Its Cloud Computing Audit: Are You Next?

Ok, so NASA failed an audit. Don’t we all? I think it is important to understand the government’s cloud computing adoption timeline before passing judgment on NASA for failing to meet its cloud computing requirements. And, as someone who has read NASA’s risk management program (and the 600 pages of supporting documentation), I can say that this wasn’t a failure of risk management policy or procedure effectiveness.  Clearly, this was a failure of third-party risk management’s monitoring and review of cloud services.  

The Cloud Is Nebulous

Back in 2009, NASA pioneered cloud technology with a shipping container-based public cloud technology project named Nebula -- after the stellar cloud formation. (I love nerd humor, don’t you?)

Photo Source: NASA

During 2009, NASA, to determine if current cloud provider service offerings had matured enough to support the Nebula environment, did a study. The study proved that commercial cloud services had, in fact, become cheaper and more reliable than Nebula. NASA, as a result of the study, moved more than 140 applications to the public sector cloud environment.

In October of 2010, Congress had committee hearings on cybersecurity and the risk associated with cloud adoption.  But remember, NASA had already moved its noncritical data (like www.nasa.gov or the daily video feeds from the international space station, that are edited together and packaged as content for the NASA website) to the public cloud in 2009.  Before anyone ever considered the rules for such an adoption of these services.

Audit Recommendations

Read more

Cyber Breach Crisis For Mobile Operator Vodafone Has Implications For The Broader Telco Industry

by Dan Bieler and Ed Ferrara

Mobile Operator Vodafone Is In The Midst Of A Security Breach Crisis

Read more