DoD cannot accurately state the extent to which it benefits or saves money from its cloud computing initiative, the defense inspector general has said.
It said that the DoD CIO did not establish a standard department-wide definition for cloud computing and has not developed an integrated repository that could provide detailed information to identify cloud computing service contracts. DoD needs an effective process to identify those contracts, according to the IG.
Further, it said that without knowing what data DoD components store with cloud services, DoD might not effectively identify and monitor cloud computing security risks.
The IG called on DoD to issue guidance to either establish a standard, department-wide cloud computing definition or clarify the NIST definition to consistently identify DoD component cloud computing service contracts; and establish an integrated repository that provides detailed information to those contracts.
