USPS struggling to meet own cloud standards
Cloud computing is growing increasingly critical for virtually every federal agency. But that doesn't mean that there aren't problems. On the contrary, while numerous departments have experienced major benefits thanks to their cloud integration efforts, there have also been many bumps along the way, and not all of these have been smoothed out.
This tension can be seen clearly within the United States Postal Service. As a recent investigation revealed, the agency has spent a significant amount of money on cloud services, but failed to comply with its own established standards while doing so. This could potentially present cybersecurity risks, along with other complications.
USPS cloud efforts
The USPS inspector general's audit report, released early in September, found that the USPS spent more than $33 million on four cloud computing contracts that ultimately did not abide by the organization's cloud computing standards. According to the study, there were a number of reasons why these issues arose. For one thing, the USPS did not fully and specifically define the terms "cloud computing" and "hosted services" prior to engaging these solutions. This created ambiguity around the technology.
Additionally, no single group was assigned responsibility for managing USPS cloud services, which led to confusion and a general lack of accountability. Other problems flagged by the audit included the absence of an enterprise-wide inventory of all cloud services and a failure to mandate that all suppliers and any employees who could access USPS data sign non-disclosure agreements.
As the report explained, these missteps can have a serious, damaging impact on the organization.
"Without proper knowledge of and control over applications in the cloud environment, the Postal Service cannot properly secure cloud computing technologies and is at increased risk of unauthorized access and disclosure of sensitive data," the report noted.
This does not mean that the the USPS' cloud integration efforts are doomed, as the audit explained. Rather, the organization's policies and efforts simply need to be reconsidered and improved.
"While the Postal Service has made progress towards adopting cloud computing technologies, opportunities exist to strengthen its cloud computing contract compliance with Postal Service standards and best practices," the report concluded.
Specifically, the inspector general offered a number of recommendations for the USPS and its cloud services. In addition to addressing the issues highlighted above, the inspector general emphasized the need for superior monitoring of the whole array of USPS cloud services. With automated monitoring systems implemented, it becomes much easier for department leaders to keep track of which cloud applications are in use and which are available at any given time.
Of course, implementing such a program may be easier said than done. Considering the potential for data breaches and other cybersecurity problems, though, these are not efforts that the USPS can afford to ignore. It may therefore be necessary for the organization to work with a third-party cloud integration partner to optimize its use of this technology. With this external assistance, the USPS and other government agencies can take full advantage of the cloud without putting their networks at risk or struggling to comply with relevant federal cloud regulations.