State's cloud doesn't measure up to NIST standards, IG finds

The State Department’s cloud computing environment doesn’t match the standards that the National Institute of Standards and Technology has established for clouds, according to a report from the department’s inspector general.

In the “Key Judgments” section of the report, issued in June, Deputy IG Harold Geisel wrote that State’s Systems and Integration Office (SIO) “has a knowledgeable, hardworking, and engaged management team that, for the most part, effectively dispatches its duties, which involve a wide range of new and old technologies, centralized and decentralized models of network management, budgetary items it can and cannot control, as well as colocated and dispersed physical locations.”

Although the office’s leaders have made a strong effort to promulgate a mission statement and a set of goals, it lacks adequate controls and procedures to monitor its multi-year contracts, and communication needs to be improved throughout the office, Geisel wrote. As a result, “SIO’s implementation of cloud computing does not fulfill the essential characteristics of cloud computing as defined by the National Institute of Standards and Technology.”

State’s effort doesn’t fully meet any of NIST’s five necessary capabilities to qualify as cloud computing, the report states. Those capabilities are on-demand self-service, broad network access, resource pooling, rapid elasticity and measured services.