DoD’s cloud policy rains some risks, IG says

Grazed from FederalNewsRadio. Author: Scott Maucione.

A new Defense Department Inspector General’s report found problems with the Pentagon’s cloud policy that may have monetary and cybersecurity risks. DoD does not maintain a comprehensive list of cloud computing service contracts because the department’s chief information officer failed to establish a standard, department-wide definition for cloud computing. In addition, the DoD CIO did not develop an integrated repository that could provide detailed information used to identify cloud computing service contracts, the report stated.

As a result, DoD has no way of determining if it is actually saving money by migrating to the cloud and may not be able to effectively identify and monitor cloud computing security risks, the report stated. “DoD’s ability to track cloud computing cost savings, and benefits is greatly limited if DoD is not aware what cloud computing service contracts exist within DoD … [and] unless DoD Components accurately classify their information systems as using cloud computing services, DoD CIO will not be aware what security risks are specific to those services,” the report stated...

Read more from the source @ http://federalnewsradio.com/defense/2015/12/dods-cloud-policy-rains-risks/