2022 Reports 5 to 8 of the Auditor General of Canada to the Parliament of CanadaFederal government must strengthen its use of controls to prevent, detect, and respond to threats on personal information stored in the cloud
Ottawa, 15 November 2022—A report from Auditor General Karen Hogan tabled today in the House of Commons found that the requirements the federal government put in place to reduce the security risks of storing information in the cloud were not always clear and that departments did not effectively implement them. This means an increased risk of security breaches as cyberattacks are becoming more frequent and sophisticated throughout the world.
The audit found that 4 years after the Treasury Board of Canada Secretariat first directed departments to consider moving information to the cloud, it had still not provided a long‑term funding plan for cloud adoption. It had also not given departments the tools they need to calculate the costs of moving to cloud applications or operating and securing the information stored in it. Without these tools or a funding plan, departments cannot ensure that they will have the people, expertise, and resources they need to not only secure cloud‑based information but also prevent and address security threats.
“When federal organizations decide to store Canadians’ personal information in the cloud, they are responsible for securing and protecting that information,” said Ms. Hogan. “The government needs to act now—while departments are in the early stages of transitioning to the cloud—to strengthen the use of controls to prevent, detect, and respond to cyberattacks.”
- 30 -
The 2022 Reports of the Auditor General of Canada, Report 7—Cybersecurity of Personal Information in the Cloud is available on the Office of the Auditor General of Canada website.
Please visit our Media Room for more information.