NASA’s roadmap towards utilising cloud computing needs a serious rethink, according to an official report from the space agency’s Office of Audits (OA).
In a 38-page report, the OA criticises NASA’s cloud strategy in terms of governance, risk management and security, concluding that “weaknesses…impeded the agency from fully realising the benefits of cloud computing and potentially placed at risk its information stored in the cloud.”
Currently, NASA spends about $10m of its annual IT budget on cloud services – a meagre sum given its overall budget is $1.5bn.
The agency appears to be reticent about going all-in for cloud however, predicting that with a legacy technology overhaul, “up to 40%” of its software could move to the cloud, adding that within five years, up to three quarters of new IT projects could be born in the cloud.
Regardless of the future, the report still damns the space agency for not being up to speed in current cloud implementation. Most worryingly, research found that one of the two moderate-impact cloud services deployed to public clouds had not carried official security or contingency plans for two years.
Similarly, the report described NASA’s risk management policy as “ineffective”, adding that not one of the five NASA contracts aimed at acquiring cloud services was “close to meeting recommended best practices for ensuring data security”. The result: a greater risk of compromised data.
Perhaps one of the more confusing elements of NASA’s strategy comes in the form of its WestPrime Contract. The legislature complies with governmental FedRAMP standards – which HP and Amazon’s clouds now comply with, as CloudTech recently reported – yet NASA doesn’t tell centres to use WestPrime when acquiring cloud services.
All in all, there’s a definite sense of ‘could do better’ from this school report. The stakes are high, as the paper notes: “While the adoption of cloud computing technologies at NASA has the potential to improve IT service delivery, enhance collaboration, and reduce costs associated with managing the agency’s diverse portfolio of IT assets, fully realising these benefits will require strengthening the agency’s IT governance and risk management practices.”
There are two conclusions which can be drawn here: firstly, if you’re a technologically savvy organisation, moving to the cloud is not without its teething troubles; and secondly, this exemplifies that, for larger enterprises particularly in the public sector, a cloud strategy does not happen overnight.
But what’s your opinion? Do you agree with internal reports checking and balancing a company’s strategy? The full report can be read here.