IG finds more problems with USPS IT management

uspsoigLast month the USPS Inspector General issued a report critical of USPS data backup procedures. The report came in response to an incident earlier this year in which an important security database was lost due to a hardware failure. IT staff had maintained a backup copy of the database, but it was stored on the same hardware as the original- so when the hardware failed, both copies were lost.

Now the OIG reports that the USPS isn’t managing its cloud computing activities properly, and says those failures have cost the USPS over $33 million:

What the OIG Found

The Postal Service’s cloud computing contracts did not comply with all applicable Postal Service’s standards. Specifically, the Postal Service has not defined “cloud computing” and “hosted services,” established an enterprise-wide inventory of cloud computing services, required suppliers and their employees to sign non-disclosure agreements, or included all required information security clauses in its contracts.

In addition, management did not appropriately monitor applications to ensure system availability. Management also did not complete the required security analysis process for three cloud services reviewed and did not follow Postal Service policy requiring cloud service providers to meet federal government guidelines. This occurred because no group is responsible for managing cloud services, and personnel were not aware of all policy and contractual obligations.

Without proper knowledge of and control over applications in the cloud environment, the Postal Service cannot properly secure cloud computing technologies and is at increased risk of unauthorized access and disclosure of sensitive data. We claimed $33,517,151 in contractual costs for the Postal Service not following their policy and contract requirements.

What the OIG Recommended

We recommended management define “cloud computing” and “hosted services,” develop an inventory of cloud services, monitor suppliers and require them to be certified, and revise contracts to include security clauses. We also recommended management evaluate best practices for cloud computing contracts, complete the security analysis process, and ensure compliance with non-disclosure clauses.

USPS OIG reports

  • Penniless and Clueless

    Once again no one at the USPS will be held accountable for this $33 million loss. Perhaps if those in charge are held accountable and forced to pay restitution maybe these types of systemic failures would be corrected? Fix the problem and hire competent leaders instead of promoting idiots from within who belong to the “Old Boys Club”

  • Elecrtonic Tech

    Well said P & C USPS has plenty of Electronic Tech’s that can perform the IT duties. But management ties our hands and limits access. They have been switching to remote control of systems for more than five years. Silent Solutions, Good name for them, isn’t it?