This page contains a Flash digital edition of a book.
cloud ICT


#snsarticle http://www.snseurope.info/n/qfeu


Is NASA’s data lost in space?


NASA’s own auditor has recently rated its cloud computing deployments very poorly in a report that raises some interesting questions on the use of the cloud at the space agency. By Campbell Williams, Group Strategy and Marketing Director, Six Degrees Group.


I’D ENCOURAGE YOU to read the NASA report itself, if you have time, as it’s genuinely interesting and can be found here [http:// oig.nasa.gov/audits/reports/FY13/IG-13-021.pdf]. I won’t repeat the content of the article and report but will summarise thus: in short, of the five cloud provider contracts NASA has in place, none addresses the business and IT security risks of public cloud and none meet “best practices for data security”; moreover, much of the information was moved onto the public cloud by various parts of NASA without knowledge or consent from the CIO’s office. This throws up a few points.


A bit of history – NASA and cloud NASA’s history with cloud computing is interesting. Through their Nebula private cloud project (see the report for more information), they developed significant expertise in building large scale-out compute environments. In 2010, the partnered with Rackspace to develop OpenStack, an open source software stack for building clouds (a de facto competitor to the likes of VMware and Microsoft in the proprietary space and Xen, KVM and CloudStack in the open source space).


This was a logical move for Rackspace, leveraging their storage expertise. It is a less obvious play for NASA (there are no clouds in space) and one can only assume that Rackspace has no plans for building rockets. This history is useful mainly to make the point that NASA is far from a Johnny-come-lately in cloud, far from it; rather they are one of the pioneers. So they really ought to know better.


S16 www.snseurope.info I Winter 2013


Single v multi-tenant or public v private It would be all too easy for me to make this about public cloud versus private cloud. But NASA’s own research makes it clear that private cloud was the more expensive option. As we’ve argued many times, we prefer the distinction of single-tenant versus multi-tenant. If a customer builds their own cloud, the hardware is obsolete immediately whereas a multi-tenant provider is required, by market forces, to maintain bang up-to-date hardware and software specs and to refresh their infrastructure to remain competitive.


However, we would strongly argue that for deployments such as this, a multi-tenanted virtual private cloud, with customised contracts and bespoke SLAs, would have been a far better fit than off-the-shelf, one-size-fits-all, public cloud technology.


Does NIST mean “not if strategic technology”? The rigid definition-by-committee of the NIST definition is a personal bugbear. As we have stated many times, users serving themselves IS NOT NECESSARILY A GOOD THING and it certainly shouldn’t be a mandated part of a cloud service. The NASA experience demonstrates this better than I possibly could.


The US government themselves, through NIST, has encouraged exactly the sort of behaviour that the NASA auditor slams – namely departments within NASA spinning up some VMs and shifting sensitive data upon it with no thought to governance, compliance, the law, intellectual property protection, anything. The most damning part of the NASA audit was, for me, the


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72