Edmonton, Alberta, Canada … An audit of Travel Alberta found Alberta’s tourism agency is not managing the risks of its use of cloud computing, potentially exposing itself to data loss, privacy breaches and business interruptions.
In a December 2019 report on Managing the Risks of Cloud Computing at Travel Alberta, Auditor General Doug Wylie found board oversight over cloud-related risks was lacking, and it had no processes to assess, respond, monitor, report and document the risks associated with its use of cloud computing.
“Cloud computing can offer service improvements and a more cost efficient level than traditional IT systems, but as data travels over the Internet and is housed in the cloud, it could potentially expose sensitive data to unauthorized users,” Wylie said. “Effective processes to manage the risks of cloud computing are essential to protect both Travel Alberta’s corporate information, as well as the data it retains on behalf of its tourism partners and clients.”
Wylie said Travel Alberta needs to do a better job in:
- managing its contracts with its cloud service providers to ensure the contract terms address identified risks and the provider’s performance meets the expected level of service quality
- classifying its data to identify the level of sensitivity, and implement appropriate contractual terms to protect confidential information
- identifying laws that apply to its information being hosted outside of Canada and ensure compliance with those laws, as well as with provincial privacy requirements
Wylie conducted the audit on Travel Alberta as an early adopter of cloud computing technology, having moved to the cloud in 2011 – six years before any cloud computing guidance or policies were developed by the Government of Alberta. The Government of Alberta plans to transition many of its computing systems and applications to the cloud in the near future.
“While our audit examined how Travel Alberta is managing the risks related to its use of the cloud, the findings in this audit can provide valuable lessons to be learned and shared with other government organizations to maximize the benefits of cloud computing, and at the appropriate level of risk,” Wylie said.
Appointed under Alberta’s Auditor General Act, the Auditor General is the legislated auditor of every provincial ministry, department, public post-secondary institution, and most provincial agencies, boards, commissions, and regulated funds. The audits conducted by the Office of the Auditor General report on how government is managing its responsibilities and the province’s resources. Through our audit reports, we provide independent assurance to the 87 Members of the Legislative Assembly of Alberta, and the people of Alberta, that public money is spent properly and provides value.
– 30 –
For more information, please contact:
Executive Director, Stakeholder Engagement
Telephone: 780.644.4806 | Mobile: 780.909.5841