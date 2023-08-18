Report: Victorian government agencies don’t understand third-party cybersecurity services

By on
Cybersecurity

A report by the Victorian Auditor-General’s Office (VAGO) reveals that the state’s government agencies don’t properly understand and oversee cybersecurity services delivered by third-party providers.

In Victoria, government agencies can use a third-party service provider to manage their cybersecurity. However, agencies remain accountable for cybersecurity risks and must understand the responsibilities they have under any shared service arrangement.

State-owned ICT services provider Cenitex, which manages the suite of Microsoft 365 products used by Victoria’s government agencies, is responsible for determining and configuring cybersecurity controls for the tenancy.

Agencies are users, not owners, of these products and therefore are only responsible for their data in the Microsoft 365 tenancy.

VAGO’s ‘Cybersecurity: Cloud Computing Products’ report examined the effectiveness of Microsoft 365 cloud-based identity and device management controls across local and state government agencies.

The report concluded that Victoria’s agencies are not clear about their security roles and responsibilities under their shared service agreement with Cenitex.

“Not all audited agencies properly understand and oversee cybersecurity services delivered by third-party providers,” the report said.

“For example, some agencies who are part of the shared [Microsoft 365] tenancy think they are the owners of the tenancy and should be able to determine and configure cybersecurity controls.”

"If Cenitex and its clients are unclear on who is responsible for determining, implementing and overseeing controls, agencies may not be able to adequately manage their cybersecurity risks."

Among other key findings, the report concluded that agencies do not have fully effective Microsoft 365 cloud-based identity and device controls.

It also found that the Victorian public sector does not use its size and economy of scale to address cybersecurity risks in a coordinated way.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © CRN Australia. All rights reserved.
Tags:
cenitex cybersecurity cybersecurity cloud computing products security thirdparty service providers victorian auditorgeneral&8217s office victorian government

Partner Content

A large number of companies are moving to the cloud
A large number of companies are moving to the cloud
As transformation accelerates, sustainability has never been more important
As transformation accelerates, sustainability has never been more important
Opportunity in the ANZ market for UCaaS with Zoom and Tradewinds
Opportunity in the ANZ market for UCaaS with Zoom and Tradewinds
Bringing the cyber security lessons of 2022 into 2023
Bringing the cyber security lessons of 2022 into 2023
Nominations for the 2023 CRN Fast50 are now open!
Nominations for the 2023 CRN Fast50 are now open!

Sponsored Whitepapers

As transformation accelerates, sustainability has never been more important
As transformation accelerates, sustainability has never been more important
Sustainability in the IT Channel: Electricity 4.0 Strategy 2023
Sustainability in the IT Channel: Electricity 4.0 Strategy 2023
Opportunity in the ANZ market for UCaaS with Zoom and Tradewinds
Opportunity in the ANZ market for UCaaS with Zoom and Tradewinds
How can partners develop sustainability strategies? A Canalys ebook for Schneider Electric
How can partners develop sustainability strategies? A Canalys ebook for Schneider Electric
ArrowSphere: The cloud delivery and management platform for powering digital growth
ArrowSphere: The cloud delivery and management platform for powering digital growth

Most Read Articles

Dell slapped with $10 million fine for false monitor pricing

Dell slapped with $10 million fine for false monitor pricing
Salesforce to debut Data and Marketing Clouds on Hyperforce locally next year

Salesforce to debut Data and Marketing Clouds on Hyperforce locally next year
NextDC launches Pilbara's first of its kind data centre

NextDC launches Pilbara's first of its kind data centre
TPG launches Ericsson-based network analytics offering

TPG launches Ericsson-based network analytics offering

Log In

Email:
Password:
  |  Forgot your password?