NASA’s own auditor has recently rated its cloud computing deployments very poorly in a report that raises some interesting questions on the use of the cloud at the space agency. I’d encourage you to read the NASA report itself, if you have time, as it’s genuinely interesting and can be found here.
I won’t repeat the content of the article and report but will summarise thus: in short, of the five cloud provider contracts NASA has in place, none addresses the business and IT security risks of public cloud and none meet “best practices for data security”; moreover, much of the information was moved onto the public cloud by various parts of NASA without knowledge or consent from the CIO’s office. This throws up a few points.
A Bit of History – NASA and Cloud
NASA’s history with cloud computing is interesting. Through their Nebula private cloud project (see the report for more information), they developed significant expertise in building large scale-out compute environments. In 2010, the partnered with Rackspace to develop OpenStack, an open source software stack for building clouds (a de facto competitor to the likes of VMware and Microsoft in the proprietary space and Xen, KVM and CloudStack in the open source space).