US Postal Service Facing Cloud Compliance Issues

The United States Postal Service like other federal agencies has been trying to move much of its operations into the cloud per the Cloud First initiative instituted by the government several years ago. According to the Office of Inspector General, the USPS hasn’t been able to deliver the cloud in the manner it has proposed. The office found that the USPS was in violation of compliance issues regarding their delivery of IT services.

The report which was dated September 4^th mentioned, “Without proper knowledge of and control over applications in the cloud environment, the Postal Service cannot properly secure cloud computing technologies and is at increased risk of unauthorized access and disclosure of sensitive data.”

The damning report goes on to say, “Management stated they have recognized the need to address issues surrounding cloud computing services and drafted a handbook on cloud computing policy.”

Many analysts have wondered how a federal agency can be out of compliance when all federal cloud contractors must possess the FedRamp certifications that ensure a certain level of proficiency in cloud computing. The audit report basically asks the same question and it should be noted that the USPS explicitly requires all cloud contracts to be FedRamp certified. The report notes that the USPS has spent over $33 million in cloud services. The reports objective was to “Determine if the U.S. Postal Service’s cloud service contracts comply with applicable standards and evaluate management’s efforts to adopt cloud computing technologies.”

The audit continues to nail the US Postal Service by writing, “The Postal Service has not clearly defined the terms ‘cloud computing’ and ‘hosted services.’ Rather, the policy provides an overview of cloud computing initiatives and lists general roles and responsibilities; therefore, management and personnel in various functional areas have different interpretations of cloud computing and its associated capabilities.”