Agency watchdog dings Energy over cloud management.
The Energy Department should do a better job buying, implementing and managing its cloud computing services, according to a recent audit.
Programs and sites departmentwide have independently spent more than $30 million on cloud services, the inspector general report said, but the chief information officer’s office couldn’t accurately account for it.
The CIO reported 44 ongoing cloud initiatives to the Office of Management and Budget, but the auditors “revealed that the department had initiated at least 130 cloud computing efforts at 24 federal and contractor locations,” the report said. “We also found that program officials were often unaware of individual cloud computing efforts conducted at field offices and sites under their cognizance.”
The auditors reviewed eight specific cloud contracts at six locations and found they did not always address business and security risks, including requirements for access to the cloud service providers’ facilities, the report said.
And none of the cloud services reviewed were fully compliant with the Federal Risk and Authorization Management Program, known as FedRAMP.
“The department also incorrectly reported to OMB that the majority of cloud services met all FedRAMP requirements even though many of the services had not been approved -- a key step in the FedRAMP process,” the report said.
The IG suggested the department address these problems, and the agency agreed.