PM's dept vows to block Hotmail, Gmail

PM's dept vows to block Hotmail, Gmail

Summary: The department which houses Prime Minister Julia Gillard and the Cabinet yesterday signalled it would bow to a request from the Federal Auditor-General and block access to public email services such as Hotmail and Gmail from 1 July, with the auditor seeing the platforms as an inherent security risk.

SHARE:

The department which houses Prime Minister Julia Gillard and the Cabinet yesterday signalled it would bow to a request from the Federal Auditor-General and block access to public email services such as Hotmail and Gmail from 1 July, with the auditor seeing the platforms as an inherent security risk.

In a report on the security of information held by government agencies, the Auditor-General Ian McPhee recommended that "agencies should not allow personnel to send and receive emails on agency ICT systems using public web-based email services", specifically calling out Hotmail and Gmail as examples of such platforms.

The problem with such services, according to McPhee, is that they provide "an easily accessible point of entry for an external attack" and they subject departments and agencies to "the potential for intended or unintended information disclosure".

The auditor's examination of the information security of several agencies — including the Department of Prime Minister and Cabinet (PMC), Medicare, ComSuper and the Australian Office of Financial Management — found that webmail accounts were accessible by staff in PMC, with logs showing that some staff were using the accounts "on a regular basis". The auditor recorded over one million hits on webmail accounts in a two-month period from PMC.

If staff do require access to webmail accounts, the auditor has suggested the use of an "internet cafe" approach, wherein single stand-alone desktops within these agencies can allow access to these websites.

In response to the auditor's recommendation, PMC said it would shut down access to the webmail platforms.

"Current access arrangements for web-based email will cease on 1 July 2011," the department wrote. "While access to web-based email was in response to business requirements, there were control measures in place. However, we accept the threat and risk assessment has changed and access will no longer be permitted from departmental systems."

The move raises questions about the technical differences between what the auditor's office deems to be public webmail services, and corporate-focused email platforms such as Microsoft's Business Productivity Online Suite and Google's Apps platform.

Microsoft's BPOS platform uses much of the same underlying technology as its Windows Live platform (including Hotmail), and is based on its Global Foundation Services infrastructure spanning datacentres around the world. The same is true of Google's Apps platform, which is targeted at business and government use but shares the same infrastructure with its public Gmail offering.

Several large Australian organisations have recently shifted to cloud-based email solutions from either Microsoft or Google as part of a wave of interest in the area spanning the past several years. In addition, some organisations are even recommending some workers use private email services for professional purposes — such as Qantas with its flight attendants — to simplify administration of staff who might not need daily access to email.

Microsoft and Google have not yet responded to requests for comment.

In general, the auditor's report found that agencies had implemented government security requirements well. "The agencies had established information security frameworks, had implemented controls to safeguard information, to protect network infrastructure and prevent and detect unauthorised access to information; and had controls in place to reduced loss, damage or compromise to ICT assets," the auditor wrote. However, it noted some areas, such as the complexity of passwords, regular patching of software, could be improved.

Josh Taylor contributed to this article.

Topics: Google, Collaboration, Government, Government AU, Microsoft, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

6 comments
Log in or register to join the discussion
  • I think one of the key issues with allowing web based email is the lack of audit logging it provides for messages sent.

    If someone in the department leaks some confidential information they have a better chance of knowing who it is if it went through the departments email system and gets logged rather than over a https connection to the web.
    Steve123-b6932
  • Why should the tax payer have to fund any personal computer use for public service employees?

    Every company I have ever worked for has a "no personal use" clause in relation to office computer use and bans access to gmail and hotmail.

    What's so special about civil servants they they should have their personal email use (/abuse) funded by the tax payer?
    Pachanga-4184c
  • Well, if they're serious about security risk they'll have to ban the use of web-based email on smartphones too. Good luck with that one!
    splinters
  • The story mentions that BPOS shares common infrastructure with Hotmail - this is flat out wrong and one of the big differences between BPOS and GAPE......BPOS is a seperate commercial service completely disconnected to Windows Live / Hotmail......Gmail is Google whether your a home user or commerical user.
    another_view
  • I would like to see what OS they run and what controls they have on it. It can be more dangerous if it is already connected to the Internet. Someone who really wants to leak out anything to the Internet can do it anyway and of course, if they are using any of the virus-prone OS, no need to discuss anything further!
    syampillai
  • The author should make certain that they are clear about the fact that this is Gov't offices only. The title & the first part of this indicates that these services is across the board. You Jerk!
    alfielee9