NASA says its move to the cloud left major security gaps

Grazed from The Verge. Author: Jacob Kastrenakes.

NASA is having some trouble making a move into the cloud. In an internal review, the space agency discovered that many of its ongoing cloud initiatives were severely lacking on security — and some had even left sensitive data at risk. Looking over five contracts that it had for cloud hosting, NASA found that "none came close" to meeting the practices it set forth for ensuring proper data security.

NASA seemingly failed to write those security procedures into its contracts with cloud hosting services, and in two cases had used those hosts to hold data that, if compromised, could have had "serious adverse effects" on the space agency. The review also found that NASA had at times moved entire systems onto public cloud servers, and did so without the appropriate internal oversight…

"Even more troubling," the report notes, "a test of security controls on [NASA’s websites] had never been undertaken." More than 100 internal and external NASA websites were determined to be operating without security systems — though many of those major issues have since been addressed. Even so, the review still notes that a better job needs to be done of keeping data secure…

Read more from the source @ http://www.theverge.com/2013/7/29/4568180/nasa-cloud-computing-audit-finds-adverse-security-risks