VA Employees Using Unauthorized Cloud Services - InformationWeek
IoT
IoT
Cloud
News
12/23/2010
10:37 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

VA Employees Using Unauthorized Cloud Services

Department of Veterans Affairs staff have been using Google and Yahoo tools without the agency's knowledge, raising privacy, security concerns.

Top 10 Government Stories Of 2010
(click image for larger view)
Slideshow: Top 10 Government Stories Of 2010
The Obama administration might be pushing federal agencies to adopt cloud computing, but federal workers are already ahead of the curve, as the Department of Veterans Affairs recently discovered when it found out hospital employees were using Web-based tools from companies like Google and Yahoo on the job.

The discovery isn't shocking -- consumer adoption of cloud services has in many ways outstripped corporate and government adoption -- but it does raise security concerns, as the services being used haven't necessarily gone through the rigorous certification process required to comply with federal cybersecurity guidelines.

"The government can't keep up with Google, Apple, Yahoo, and others who are creating grey apps for healthcare usage," VA CIO Roger Baker said Thursday on a monthly cybersecurity conference call with reporters. "This is an issue we're going to continue to deal with going forward. These are great tools for patient care, but at the same time we can't use them. If we don't figure out how to embrace them, our users will figure it out without us."

Baker applauded companies like Google for moving forward with government security certifications for "moderate" risk information, but said that the VA requires even higher security standards for personally identifiable information like the type its employees are beginning to store online.

For now, the agency is treating the use of services like these as a security concern, and blocking access to sites as they became known. For example, last month the agency discovered that a few orthopedics department residents at the Jesse Brown VA Medical Center have been keeping a calendar of patient data on Yahoo Calendar for more than three years.

The residents had stored full names, dates, types of surgery, and the last four digits of Social Security numbers for 878 patients on the site, sharing the same user account. When the VA discovered this, it blocked access to the site, deleted all the entries, changed the password (which hadn't been changed once during the three years of use), and began mailing out letters of notification to all affected patients.

Such a scenario has played out numerous times in recent months, Baker said. The most popular use of cloud services was by employees using Google Docs to store shift-change information and residents using it to document what type of role they played in various procedures. "While these are password-protected accounts, the issue is that they leave the VA," Baker said. "We need to figure out how to meet this demand and still meet our requirements from the standpoint of security controls."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
6 Tech Trends for the Enterprise in 2019
Calvin Hennick, Technology Writer,  11/16/2018
Commentary
Tech Vendors to Watch in 2019
Susan Fogarty, Editor in Chief,  11/13/2018
Commentary
How Automation Empowers the CIO to Think Outside the IT Department
Guest Commentary, Guest Commentary,  11/20/2018
White Papers
Register for InformationWeek Newsletters
2018 State of the Cloud
2018 State of the Cloud
Cloud adoption is growing, but how are organizations taking advantage of it? Interop ITX and InformationWeek surveyed technology decision-makers to find out, read this report to discover what they had to say!
Video
Current Issue
Enterprise Software Options: Legacy vs. Cloud
InformationWeek's December Trend Report helps IT leaders rethink their enterprise software systems and consider whether cloud-based options like SaaS may better serve their needs.
Slideshows
Flash Poll