Today's statistical analysts will be tomorrow's most valuable assets, he said.
Over the past three years, NASA has been putting more and more data onto cloud infrastructures, both internal and with service providers.
When the NASA cloud effort was launched, agency IT managers were concerned about potential vendor lock-in, and whether data could be moved to data centers of other vendors. So NASA chose to use products from multiple vendors, including Amazon's S3, Google's Cloud Service and Microsoft's Azure.
NASA set up a cloud application suitability model (CASM), which determines what application goes to which cloud.
The agency also set up a so-called "The Wheel of Security," described as similar to a pie chart that shows which data can be publicly available and which should remain top secret.
In public clouds, parts of which are accessible to the public, NASA placed high-resolution images of Mars and wrote games around them to have the public participate as "citizen scientists," he said.
For example, NASA created a Microsoft's Azure-based site called Be A Martian , where anyone can view the planet from a rover's point of view. On Google's Cloud Service, NASA set up a site for fourth and fifth graders to explore the galaxy.
And with Amazon's S3 cloud, NASA set up a crowdsourcing website that offers contests for developers to write code to help drive Mars rovers.
"We stored and ran everything in Amazon's public cloud so now we have tons of code we can use," he said.
NASA also uses clouds for high performance computing and for a virtual desktop infrastructure pilot program.
Meanwhile, Lockheed Martin built a private cloud for the agency in its data center. The private cloud uses technology from CSC's Terremark cloud, RackSpace, Univa as well as Amazon's virtual private cloud.
The process for ensuring security was turned on its head in the cloud project, Soderstrom said.
In the past, the NASA security team was brought in at the end of a project. "IT security was always saying no to me," he said. "I'd say, 'What are you talking about? 'Not secure' is meaningless. What do you mean?'"
In the cloud project, Soderstrom said his team rewrote the security process to bring the experts in at the beginning. And he said, he set one major rule for the security team; they could not say, "No Tom, that's a stupid idea. You can't do it," he said.
"They can say, 'OK, Tom. I hear what you're trying to do. How about this way in order to secure it?'," he said. "So instead of the buck stops here, the buck starts here with security."
Changing the way NASA approached security took three years of slow culture change, but it was worth it, Soderstrom said.
Sign up for CIO Asia eNewsletters.