Audit slams security, other lapses at state tech agency

shutterstock_559086571

I hate to overstate the findings of any report, but my first thought while reading the latest audit of the Agency for State Technology was:

“Jeez, is this joint as potentially ‘leaky’ as I think it is?”

The report by Florida Auditor General Sherrill F. Norman’s office, which I got a copy of on Thursday, lays out a laundry list of security and other problems at the relatively new agency.

And the best defense that state Chief Information Officer Jason Allison, appointed by Gov. Rick Scott, can muster is to deflect blame and point fingers.

Among the many audit findings are that “access privileges for some AST users … did not restrict (them) to only those functions appropriate and necessary for assigned job duties or functions.”

Gee, no security problem there.

Also, some “accounts remained active when no longer needed and some … inappropriately allowed interactive logon, increasing the risk that the confidentiality, integrity, and availability of AST data and IT resources may be compromised.”

I’m no expert, but that sounds downright dangerous.  

The AST also failed to “review user access privileges for the mainframe, open systems environments, and the network domains,” kept an inaccurate “inventory of IT resources at the State Data Center,” and “State Data Center backup tape records were not up-to-date and some backup tapes could not be located and identified.”

The agency, created by the Legislature in 2014, was aimed at avoiding all the problems of its predecessor, the Agency for Enterprise Information Technology, effectively abolished in 2012.

Mission not accomplished.

Allison, in a weak-beer response included in the audit report, says he just inherited problems from the Northwood and Southwood Shared Resource Centers, which his agency took over.

“It is important to note that AST has combined two separate data centers into a new state agency with a single, cohesive team,” he said.

Yes, a team that apparently doesn’t know when to tell people to change their freaking passwords.

Peter Schorsch

Peter Schorsch is the President of Extensive Enterprises and is the publisher of some of Florida’s most influential new media websites, including Florida Politics and Sunburn, the morning read of what’s hot in Florida politics. Schorsch is also the publisher of INFLUENCE Magazine. For several years, Peter's blog was ranked by the Washington Post as the best state-based blog in Florida. In addition to his publishing efforts, Peter is a political consultant to several of the state’s largest governmental affairs and public relations firms. Peter lives in St. Petersburg with his wife, Michelle, and their daughter, Ella.


One comment

  • Concerned Resident

    February 1, 2017 at 6:00 pm

    It is my opinion that:
    It should be a audit finding that the AST and AG consider this report to be public information. An IG investigation needs to look at the how the AST and AG classifies and reports on discovered vulnerabilities. This story is a social engineering opportunity, diminishes the public trust, and placing Floridians’ information at risk .

Comments are closed.


#FlaPol

Florida Politics is a statewide, new media platform covering campaigns, elections, government, policy, and lobbying in Florida. This platform and all of its content are owned by Extensive Enterprises Media.

Publisher: Peter Schorsch @PeterSchorschFL

Contributors & reporters: Phil Ammann, Drew Dixon, Roseanne Dunkelberger, A.G. Gancarski, Anne Geggis, Ryan Nicol, Jacob Ogles, Cole Pepper, Gray Rohrer, Jesse Scheckner, Christine Sexton, Drew Wilson, and Mike Wright.

Email: [email protected]
Twitter: @PeterSchorschFL
Phone: (727) 642-3162
Address: 204 37th Avenue North #182
St. Petersburg, Florida 33704




Sign up for Sunburn


Categories