Nasa's cloud computing strategy came under fire from US authorities, with concerns raised about major security failings and a lack of communication and organisation.
The report from the US Office of Inspector General (OIG) stated that Nasa's cloud services "failed to meet key IT security requirements". It went on to say that of five Nasa contracts for acquiring cloud services, "none came close to meeting recommended best practices for ensuring data security."
Nasa currently spends $1.5bn annually on IT services, only $10m of which is based in the cloud. However, the agency itself predicts that 75 percent of its future IT programmes will be in the cloud, making the findings of the Office of the Inspector General even more of a cause for concern.
The report went on, listing numerous problems with the way in which the agency failed to meet federal IT security requirements. "We found that the cloud service used to deliver internet content for more than 100 NASA internal and public-facing websites had been operating for more than two years without written authorisation or system security or contingency plans," it said.
The audit also found that required annual tests of security controls had not been performed, which it said "could result in a serious disruption to Nasa operations".
Nasa chief executive Larry Sweet joined the agency in June and seemingly has a mountain to climb to reorder his department's operations, with many decisions seemingly made with his predecessor completely in the dark. "Several Nasa Centers moved Agency systems and data into public clouds without the knowledge or consent of the Agency's Office of the Chief Information Officer," the report said.
The reported noted that Sweet agreed with the findings and, with the availability of funds, will work "to improve Nasa's IT governance and risk-management practices".
Nasa has long been a supporter of cloud computing projects, lending its backing to the OpenStack open-source cloud project in 2010.