Internet denizens the world over have gone to the cloud, but the U.S. Postal Service isn’t going there any time soon.
Postal officials haven’t defined “cloud computing” and don’t know what is meant by “hosting services,” the USPS inspector general said in a report made public Monday.
Even if USPS officials had defined cloud-computing or hosting services, they still haven’t “established an enterprise-wide inventory of cloud computing services, required suppliers and their employees to sign non-disclosure agreements, or included all required information security clauses in its contracts,” the IG said.
That means that postal and customer data held in USPS computers aren’t secure for cloud-computing applications.
“Without proper knowledge of and control over applications in the cloud environment, the Postal Service cannot properly secure cloud computing technologies and is at increased risk of unauthorized access and disclosure of sensitive data,” according to the IG.
It also means the USPS has unnecessarily spent “$33,517,151 in contractual costs for the Postal Service” that could have been avoided with a properly managed and secured cloud-computing capability, the IG said.
In addition, the IG said its investigators found that in four USPS cloud-computing contracts, nobody was assigned to monitor the contractors’ compliance with security standards.
Federal agencies are required by the Office of Management and Budget to upgrade their information technology systems “whenever there is a secure, reliable, and cost-effective cloud option.”
Go here to read the full report.
Mark Tapscott is executive editor of the Washington Examiner.
