NASA falls short on its cloud computing security

[InfoSec News <alerts () infosecnews org>]

http://news.cnet.com/8301-1009_3-57596053-83/nasa-falls-short-on-its-cloud-computing-security/

By Dara Kerr
Security & Privacy CNET News
July 29, 2013

In its move to cloud computing, NASA has experienced some difficulties 
meeting security guidelines. A new report by the agency's Office of the 
Inspector General says that NASA needs to work on strengthening its 
information technology security practices.

"We found that weaknesses in NASA's IT governance and risk management 
practices have impeded the Agency from fully realizing the benefits of 
cloud computing and potentially put NASA systems and data stored in the 
cloud at risk," the report reads.

A few examples of poor practices include NASA moving data into public 
clouds without notifying the Agency's Office of the Chief Information 
Officer and also working with contractors that didn't "fully address" 
cloud computing IT security risks. In one incident, data was on the public 
cloud for two years without authorization or a security plan and test 
system. Additionally, more than 100 of NASA's internal and external Web 
sites didn't have proper security controls.

"This occurred because the Agency OCIO lacked proper oversight authority, 
was slow to establish a contract that mitigated risks unique to cloud 
computing, and did not implement measures to ensure cloud providers met 
Agency IT security requirements," the report reads

[...]



--
Find the best InfoSec talent without breaking your budget!
Post a Job! $99 for 31 days
http://www.hotinfosecjobs.com/