Managed hosting dedicated

According to a new report from the Environmental Protection Agency’s Office of the Inspector General (EPA IG), the EPA currently does not know exactly how many cloud computing contracts it holds, it does not know when its offices are using cloud services, and it is not sure of how secure the systems are.

The report, which was issued on July 24, indicates that the agency is employing services from a subcontractor which is not currently compliant with the Federal Risk and Authorization Management Program. For this reason, the EPA might not even be able to access their hardware in order to investigate whether security is, in fact, compliant.

“Our audit work disclosed management oversight concerns regarding the EPA’s use of cloud computing technologies,” reads the EPA’s report. “These concerns highlight the need for the EPA to strengthen its catalog of cloud hosting vendors and processes to manage vendor relationships to ensure compliance with federal security requirements.”

The auditor in charge of the investigation discovered that some of the issues could be attributed to sloppy listings. Several contracts were improperly documented because the agency was only selecting and counting those with “cloud” in their description.

While the EPA has not contested the findings, Craig Hooks, a representative for the EPA Office of Administration and Resources Management, indicated that he felt the approach IG took was too “narrow.” According to Hooks, much of the issue was differentiation between how contracts and subcontracts were awarded for cloud solution providers. Additionally, Hooks says that the EPA will “evaluate its management controls to make sure our contracts are adhering to federal and EPA policies, procedures, and guidance with regards to cloud computing solutions.”

Dos your company use cloud solutions? If so, do you feel confident that your contracts are correctly set up? Let us know in the comments. Learn more at this link.