Oversight

IG reports hiccups in GSA's cloud adoption

Shutterstock image (by wk1003mike): cloud system fracture. 

The General Services Administration left some sensitive personnel and operational documents exposed as it moved over to the cloud a few years ago, according to a just-released report by the agency's Inspector General.

In a series of reports, the IG said it had to notify GSA officials about sensitive employee and government agency information that was left exposed on its Google Groups, Sites and Docs collaborative tools.

GSA began moving to the cloud in 2011, a year after it awarded its cloud computing contract to Google to host its agencywide emailĀ  system andĀ  collaborationĀ  services.

The GSA IG publicly released the reports on Jan. 27, 2017, but the reports themselves were from the 2014-2015 time period.

The agency left unprotected sensitive information in its cloud computing environment during that time frame, according to the agency watchdog. The IG said it didn't make the reports public at the time out of vulnerability concerns. The problems, it said in release, have since been solved.

For example, there was unsecured personally identifiable information including Social Security numbers in a GSA Google Group, according to Patricia Sheehan, director of GSA IG's Office of Forensic Auditing, Evaluation and Analysis. In a memo, Sheehan said that employee information and proprietary contractor data were accessible to users.

The IG also found that sensitive documents such as a draft National Security Staff Cyber Response Group Protocol, used for White House situational awareness of cyber threats affecting national security, national economic security or national public health and safety, could be accessed.

The IG said on July 29, 2014, the GSA incident response team isolated the GSA Google Group identified by the OIG and took corrective action immediately to set security permissions for authorized users only. The agency proceeded to submit a timely US-CERT incident report on the matter, it said.

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at mrockwell@fcw.com or follow him on Twitter at @MRockwell4.


Featured

  • IT Modernization
    Eisenhower Executive Office Building (Image: Wikimedia Commons)

    OMB's user guide to the MGT Act

    The Office of Management and Budget is working on a rules-of-the-road document to cover how agencies can seek and use funds under the MGT Act.

  • global network (Pushish Images/Shutterstock.com)

    As others see us -- a few surprises

    A recent dinner with civil servants from Asia delivered some interesting insights, Steve Kelman writes.

  • FCW Perspectives
    cloud (Singkham/Shutterstock.com)

    A smarter approach to cloud

    Advances in cloud technology are shifting the focus toward choosing the right tool for the job and crafting solutions that truly modernize systems.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.