For NASA, who deals almost exclusively with all things above the clouds, they are scoring low marks in the world of cloud computing! A recent report from the NASA Office of Inspector General concluded “weaknesses in the body’s IT governance and risk management practices have “impeded” it from gaining the full benefits of cloud”. Ouch.
They made some very classic (and scary) mistakes:
- Several NASA centers moved systems and data into the public cloud without the knowledge or consent of NASA’s Office of the CIO (OCIO)
- They failed to fully address the business and IT security risks unique to the cloud environment
- Didn’t define a system of performance measurement for contracts
- Failed to determine whether their cloud partners had the right federal privacy, discovery, or data retention and destruction credentials or procedures in place
Let’s hope they are in the process of improving their processes and creating some governance over their technology practices moving forward. With any new technology deployment, without having the proper plan, process and system of measurement in place you will be doomed from the start. Take this as an example of what not to do!