DoD’s Inspector General Finds “Risks” in Pentagon’s Cloud Policies

Ever since President Barack Obama announced that the US government would operate on a “Cloud First” policy back in 2010, government agencies have scrambled to put framework in place in order to begin acquiring the new technologies.

While the US federal government has certainly taken steps to ensure the tightest security around its cloud infrastructure, a new report published by the Department of Defense Inspector General finds that part of the cloud solutions used by the DoD may contain risks.

To be specific, these risks identified by the Inspector General have been defined as monetary risks and cybersecurity risks. On the monetary side, the Inspector General report found that a department wide definition for cloud computing had not been established.

This has caused the lines to be blurred between what is cloud and what is not. It has also caused questions to arise concerning whether or not some cloud programs are actually saving the government money at all. Although the DoD’s CIO points to the NIST definition of cloud computing, the Inspector General seems to want a more concise definition. A report by FederalNewsRadio says that the DoD IG and DoD CIO disagree with each others assessments on how to define cloud.

In addition, the Inspector General’s report also found that the CIO of the Department of Defense was unable to provide details on the cloud computing contracts that were in place. Reports show that different systems are used to access all of the different cloud subscription models used within the DoD. The Inspector General contends that the DoD must look into finding a single system that simplifies the department’s numerous cloud subscription contracts while displaying all of the auditable information within one portal.

The report went on to say that the US DoD currently uses at least 8 different cloud service providers. The report didn’t give exact numbers, however, the DoD was able to streamline the process of acquiring cloud services just last year. Popular cloud vendors used by the DoD were listed as being Amazon, Google and others.