The Department of Defense's cloud computing strategy is flawed, according to an audit by the department's Inspector General.

In the first of what the IG said will be a series of reports, investigators found problems with three sample contracts, such as not fully training the acquisition and contract specialists who procure cloud services. DoD also did not "obtain waivers from the designated review authority to use a non-DoD approved cloud service provider."


What's next in DoD Cloud

New DoD cloud policy delayed

Govini foresees lower DoD cloud spending

DISA shifts cloud focus to security, integration

The IG blamed the problems on the failure of DOD's CIO to develop an implementation plan, create milestones, or assign responsibilities. Nor was there a detailed written process for obtaining cloud computing waivers.

"As a result, DoD may not realize the full benefits of cloud computing. In addition, DoD was at greater risk of not preserving the security of DoD information against cyber threats," the IG concluded.

Auditors recommended that the CIO develop an implementation plan that includes tasks and responsibilities. The Army Program Executive Officer Enterprise Information Systems and National Defense University's CIO should also work with DoD's CIO on applying for cloud computing waivers for their organizations. In addition, there should be a detailed waiver response.

DoD's cloud strategy is in flux right now, with the Defense Information Service Agency's role changing.