Improved cloud oversight needed and underway at SBA, inspector general finds
The U.S. Small Business Administration’s move to the cloud needs some tweaks to fully comply with federal government standards, a report by the agency’s inspector general found.
The report, which looks at SBA’s cloud migration efforts and oversight from fiscal 2017-2018, concludes that the agency “needs to improve its cloud migration and oversight controls in risk management, security, data mobility, and IT investments to meet federal guidance and standards.”
The IG makes a total of eight recommendations for the agency — but SBA is apparently on it. Corrective action plans detailed in the management’s response to the report have “resolved” the issues found, the IG says.
Among the issues, the agency has plans to address: actively maintaining an inventory of its cloud systems.
“SBA did not consistently update and monitor its cloud system inventory to ensure system vulnerabilities are tracked and resolved,” the report states. “The lack of a complete and accurate cloud inventory prevents the Agency from knowing the extent to which its data resides outside its information system boundaries and is subject to the inherent risks of cloud systems.”
The agency also needs to work on making sure that its data can be easily transported from one cloud system to another, and develop a process for capturing the cost savings (or cost avoidance) it sees thanks to the transition to cloud computing.
In a letter in response to the draft report, SBA CIO Maria Roat outlines the ways in which the agency is already responding to the concerns cited. On the basis of this, the IG considers all the recommendations “resolved.”