IG reports hiccups in GSA's cloud adoption

Shutterstock image (by wk1003mike): cloud system fracture. 

The General Services Administration left some sensitive personnel and operational documents exposed as it moved over to the cloud a few years ago, according to a just-released report by the agency's Inspector General.

In a series of reports, the IG said it had to notify GSA officials about sensitive employee and government agency information that was left exposed on its Google Groups, Sites and Docs collaborative tools.

GSA began moving to the cloud in 2011, a year after it awarded its cloud computing contract to Google to host its agencywide email  system and  collaboration  services.

The GSA IG publicly released the reports on Jan. 27, 2017, but the reports themselves were from the 2014-2015 time period.

The agency left unprotected sensitive information in its cloud computing environment during that time frame, according to the agency watchdog. The IG said it didn't make the reports public at the time out of vulnerability concerns. The problems, it said in release, have since been solved.

For example, there was unsecured personally identifiable information including Social Security numbers in a GSA Google Group, according to Patricia Sheehan, director of GSA IG's Office of Forensic Auditing, Evaluation and Analysis. In a memo, Sheehan said that employee information and proprietary contractor data were accessible to users.

The IG also found that sensitive documents such as a draft National Security Staff Cyber Response Group Protocol, used for White House situational awareness of cyber threats affecting national security, national economic security or national public health and safety, could be accessed.

The IG said on July 29, 2014, the GSA incident response team isolated the GSA Google Group identified by the OIG and took corrective action immediately to set security permissions for authorized users only. The agency proceeded to submit a timely US-CERT incident report on the matter, it said.

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at [email protected] or follow him on Twitter at @MRockwell4.


  • Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    Congratulations to the 2021 Rising Stars

    These early-career leaders already are having an outsized impact on government IT.

  • Acquisition
    Shutterstock ID 169474442 By Maxx-Studio

    The growing importance of GWACs

    One of the government's most popular methods for buying emerging technologies and critical IT services faces significant challenges in an ever-changing marketplace

Stay Connected