Tuesday, September 25, 2007

Security Breaches in IT

Interesting new item here-


The state of Connecticut is suing technology consulting company Accenture over the loss of a data tape containing personal information on 58 taxpayers and nearly 460 state bank accounts.

"Accenture deserves censure -- to be held accountable for allowing valuable secret data to be stolen and putting at risk state taxpayers, bank accounts and purchasing cards," Blumenthal said.

"Transferring this data to Ohio is inexplicable and inexcusable," Blumenthal said. "Confidential information can have the value of cash -- especially in the wrong hands -- but Accenture treated it like scrap paper. Its breach of contract and negligence exposed state taxpayers to identity theft and other harm."

A $98 million contract to develop this payroll, inventory and accounting system ought to have been better monitored for security. Even with security measures that are robust and mature in place such as at most Indian or global IT giants' offshore delivery centers,occasional slip-ups such as the breach at MPhasis are a major concern for clients. Incidents such as the Accenture-Connecticut case point to such breaches even when the information is kept onshore; and call into question giving away contracts upwards of $5 million without ensuring necessary conditions against breach, such as the inadmissibility of storage devices in associates' laptops, policies against accessing client resources except under monitoring or in a 'time and material' billing without attached SLAs and so on.

No comments: