One of our politicians (I think it was one of ours)...
...several years back, admitted he couldn't watch Yes Minister because it was too disturbingly close to reality.
Auditor to Oz PM&C: Don’t use Webmail for leaks
Australian cloud computing chauvinists are prepping the “#GovDoesn’tGetIt” hashtag after the Australian National Audit Office (ANAO), with a bit of help from the spooks in the Defence Signals Directorate, identified services like Hotmail and Gmail as key vulnerabilities in government information security. As noted many years …
-
Thursday 24th March 2011 01:50 GMT Anonymous Coward
Humph
back in the day PM&C were convinced their network was "highly protected" when it was only "protected" - "We need access to the HP room", "Why, your boxes are here". "No, they're in there". "Hmm, let's go in the HP room and SSH into your boxes from there"
Yes Minister script writers could have turned that into pure green.
Paris - 'cause she knows where her box is
-
Thursday 24th March 2011 01:50 GMT Anonymous Coward
Britain is as bad
The NHS in the UK has done better than that. They have set up their own webmail system!
It has been officially labelled as secure. Staff are being told to use it to send confidential data from one location to another. They are told that as long as they send to another address on this system, it is secure. Presumably, they have ignored the possibility of any reading it from an unsecure computer. Yes, it can be seen on non-NHS computers - public libraries, your own virus ridden one or apparently ones abroad if you ask them.
Lets have a competition to see who can have the biggest official security hole.
-
Thursday 24th March 2011 10:11 GMT dave 46
unnecessary title
To be fair it's more secure than using just about any desktop mail client, assuming you allow it to be used on anything other than heavily locked down it controlled desktops.
In reality it needs to be accessed from many more locations and devices than IT could ever provide support and assure security for, so yeah, webmail is okay. I'd add 2-factor security for unknown / new login locations but that's all (needn't be too onerous, sms would do).
-
Thursday 24th March 2011 10:46 GMT Anonymous Coward
NHS
The NHS Trust my husband works at has provided an MS Exchange/Outlook webmail service in recent years. This does require interaction with his phone to get a session specific code by text message - which was better than the previous system.
Unfortunately they allow him to set up forwarding rules from his system to ANY external address. This means that he can and does receive all sorts of confidential material when he switches on his out of office reply and forwarding.
Inept staff in the NHS, generally female managers above him, seem to delight at copying as many people as possible on trivial matters - without ever trimming material.
Posting anonymously this week as he is being made redundant from the end of next week.
-
-
Thursday 24th March 2011 10:26 GMT Destroy All Monsters
There is a difference...
State handles "confidential information" - It SHOULD leak. Sometimes it MUST leak.
State also handles "privacy-sensitive information" data - It SHALL NOT leak.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.
This topic is closed for new posts.
Biting the hand that feeds IT
