Wednesday, April 21, 2010

High Risk in the Canadian Government Systems

The Auditor General of Canada released her spring report on Monday. In it, she identified a serious lack of spending on government IT systems, with the result that many systems are so obsolete that they carry a considerable risk of interfering with the ability of the affected departments to deliver on their services. These are services on which many Canadians rely, including payment of UI benefits, Canada Pension Plan Payments and Old Age Security. This is indeed a serious state of affairs and one that should not have been allowed to happen. Even the departmental risk assessments have identified these issues for the past several years, but have not had the funds to replace the old and outdated equipment.

Clearly, the Canadian government has been under considerable pressure to limit their IT spending. Not stressed in the AG's report, although it was mentioned, is the fact that whenever an organization is under pressure to reduce or limit its IT spending, the first area to suffer reduction is that of security and control. This is a fact of life. It means that security and control measures are not improved. Moreover, the old equipment simply cannot support the kinds of security measures that are needed in the modern world, where the hackers and crackers are often endowed with state-of-the-art equipment.

In an era when the government is hosting more and more of our private information, this is simply unacceptable. It is an area where IS Assurance providers can play an important role.

For the AG's report on outdated systems, click this link.

No comments: