NASA Cloud Pilot Isn't Rocket ScienceVideo: Using Non-Sensitive Data to Test Security Conditions
Tomas Soderstrom's work at NASA's Jet Propulsion Laboratories isn't rocket science - that's left to others. But the processes for the space agency's interplanetary missions have been adopted by JPL to create an orderly process for its business, information technology and IT security staffs to collaborate in testing, piloting and deploying secure - and effective - cloud computing solutions.
"One of the key things is, and I can't emphasize how important this is, you only learn by doing," Soderstrom, JPL's chief technology officer for information, says in a video interview with Information Security Media Group. "We couldn't jump to mission critical in the cloud without going through the steps of trying to see how it works in the organization, which cloud vendors work. The key is to put the data and the processing in the most appropriate place."
JPL, in testing cloud security, treats non-sensitive data as if they were sensitive, so lab team members will know how to secure information it deems confidential. "We learned our processes, how to work with our legal, compliance and auditing, and once we're comfortable, we'll put the data in that cloud," Soderstrom says. "As we get more comfortable with that, we treat it as if it were to the next level of security. Then we put it in there. It is a way of moving forward: walk, crawl, run. It's a journey."
JPL isn't going to put its most sensitive data in the cloud in the foreseeable future, but Soderstrom believes the NASA lab eventually will. Now, he says, JPL feels comfortable placing vital export control information on the cloud.
Soderstrom was interviewed at the recent RSA security conference in San Francisco. At a session on cloud security he co-presented, Information Security Media Group unveiled results on the attitudes toward cloud computing security from its survey of IT security practitioners. Most respondents remain skeptical about safeguards aimed to protect data on the cloud. Still, nearly 20 percent say they'd put critical business systems on the cloud, and an equal percentage respond they'd move one or more critical business systems to the cloud within a year.
"The cloud is a game changer." Soderstrom said. "It's an unstoppable force."