How Much Does the EPA Invest in Cloud? Agency Officials Not Sure
A new report indicates U.S. Environmental Protection Agency (EPA) officials do not know how many cloud computing contracts they have.
How often does the U.S. Environmental Protection Agency (EPA) use cloud services? Your guess is as good as mine.
A new report indicates EPA officials do not know how many cloud computing contracts they have.
The report, “EPA Is Not Fully Aware of the Extent of Its Use of Cloud Computing Technologies,” also showed EPA officials are uncertain about the security of these contracts.
The EPA’s Office of Inspector General (IG) audited several agencies, examining their adoption of cloud computing technologies and reviewing executed contracts between an agency and cloud services providers (CSPs) for compliance with applicable standards.
Key findings included:
The EPA did not know when its offices were using cloud computing.
The EPA should improve the oversight process for prime contractors.
There is no assurance the EPA has access to a subcontractor’s cloud environment for audit and investigative services.
The IG disputed the number of EPA contracts in place as well.
While the EPA said it had 11 cloud contracts, the IG questioned this total because not all of the agency’s results included the word “cloud” in procurement descriptions.
An EPA spokesperson could not be reached for comment about the report as of 2 p.m. ET.
How will the EPA respond?
The Federal Risk and Authorization Management Program (FedRAMP) is key for the EPA and other government agencies that want to deploy cloud applications and services.
This program takes the guesswork out of cloud computing for government entities because it standardizes authorization, monitoring and security assessments for cloud products and services.
EPA officials, meanwhile, will need to address oversight concerns to better manage their partnerships with CSPs.
“Our audit work disclosed management oversight concerns regarding the EPA’s use of cloud computing technologies,” the IG said in its report. “These concerns highlight the need for the EPA to strengthen its catalog of cloud vendors and processes to manage vendor relationships to ensure compliance with federal security requirements.”
Share your thoughts about this story in the Comments section below, via Twitter @dkobialka or email me at [email protected].
About the Author
You May Also Like