Menu
MSD probes use of all-of-government SharePoint application

MSD probes use of all-of-government SharePoint application

A decision to use the government Shared Workspace to collect sensitive external data appears flawed.

The use of an all-of-government shared workspace to collect sensitive external data will be investigated after a Ministry of Social Development security failure.

The use of an all-of-government shared workspace to collect sensitive external data will be investigated after a Ministry of Social Development security failure.

A Microsoft SharePoint application used by over 30 of the largest government agencies will be at the centre of an independent security review announced by Social Development Minister Anne Tolley yesterday.

The review, into the ministry's use of the government Shared Workspace for a sensitive data collection programme and a subsequent security failure, follows an internal report Tolley described as "disappointing".

"It's extremely disappointing that the report appears to raise more questions than answers on the security of the IT system and the governance of the project," she said.

The Ministry of Social Development decided to use the Department of Internal Affairs' all-of-government Shared Workspace as an interim platform to collect individual client data from external social services providers funded by the government.

MSD said the data was being collected to help government understand who was using such external services and the impact of the programmes.

However, shortly after roll-out, one external provider was able to access another's folder where individually identifiable data was due to be lodged.

No data was in the folder at the time, but the issue was serious enough for the ministry to cancel all external access permissions to the portal.

The independent review will look into the circumstances that led to the privacy failure, the decisions made about why the Shared Workspace was used and security measures taken.

SharePoint can be deployed securely, but this is considered tricky when external parties are included. However, a description on the Department of Internal Affairs' ICT services website appears to describe it as suitable for use with external parties.

"Shared Workspace is a secure, online collaboration tool for government agencies to share information with each other and with their third party project partners."

Explaining the failure, MSD's head of the data collection programme, Peter Galvin, told Radio New Zealand the ministry's own IT people suggested using the Shared Workspace after security reviews provided confidence it would be fit-for-purpose.

Each provider was to have their own folder for uploading data but an error with access permissions settings led to the failure.

“We’d set up permissions on who could see what folder, and we found there had been an error in setting up the permissions on a folder, which meant that other providers when they went into the shared workspace could see that particular folder," Galvin said.

Social Development Minister Anne Tolley
Social Development Minister Anne Tolley

That gave the ministry "significant pause for thought", Galvin said. The ministry had to make a call on whether to persist with using that platform, he said.

"On balance and in the interests of security we couldn't in good conscience continue to pursue that platform."

Galvin said the Shared Workspace was always supposed to be an interim solution. The ministry is now working on a permanent replacement.

Seeming to throw further doubt on the decision to use the Shared Workspace, Galvin said the new system will be standalone, not a shared space, so there would be no risk of one provider seeing another's data.

The final terms of the replacement system were still under negotiation, he said, but it would be controlled directly by MSD.

The Department of Internal Affairs is currently using SharePoint 2010 to run the workspace, but is developing a roadmap to upgrade to SharePoint 2016.

A spokesperson said the Shared Workspace would continue to be available to eligible agencies for as long as they consider it meets their needs.

Microsoft referred queries about the issue to the ministry.

The independent review will be led by former Deloitte NZ consultant Murray Jack, supported by private sector IT and privacy specialists. It is due to be completed by the end of the month. The review will also look into the governance and management of the project.

Providers are continuing to collect data to be uploaded into the new IT system, once it is launched.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags governmentprivacyMicrosoftSharepointNew ZealandMinistry of Social Developmentmsd

Featured

Slideshows

Reseller News kicks off awards season in 2019 with Judges' Lunch

Reseller News kicks off awards season in 2019 with Judges' Lunch

The 2019 Reseller News Innovation Awards has kicked off with the Judges Lunch in Auckland with 70 judges in the voting panel. The awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors. Photos by Christine Wong.

Reseller News kicks off awards season in 2019 with Judges' Lunch
Reseller News welcomes industry figures for 2019 Hall of Fame lunch

Reseller News welcomes industry figures for 2019 Hall of Fame lunch

Reseller News welcomed 2018 inductees - Chris Simpson, Kendra Ross and Phill Patton - to the third running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing landscape of the technology industry in New Zealand, while outlining ways to attract a new breed of players to the ecosystem. Photos by Gino Demeer.

Reseller News welcomes industry figures for 2019 Hall of Fame lunch
Upcoming tech talent share insights at inaugural Emerging Leaders Forum 2019

Upcoming tech talent share insights at inaugural Emerging Leaders Forum 2019

The channel came together for the inaugural Reseller News Emerging Leaders Forum in New Zealand, created to provide a program that identifies, educates and showcases the upcoming talent of the ICT industry. Hosted as a half day event, attendees heard from industry champions as keynoters and panelists talked about future opportunities and leadership paths and joined mentoring sessions with members of the ICT industry Hall of Fame. The forum concluded with 30 Under 30 Tech Awards across areas of Sales, Entrepreneur, Marketing, Management, Technical and Human Resources. Photos by Gino Demeer.

Upcoming tech talent share insights at inaugural Emerging Leaders Forum 2019
Show Comments