Please support our IT Water Cooler advertiser: Affiliate Marketing
Featured Entry 
Feb 24th, 2008, 6:04 am
Last year I exposed a security breach involving the online collection of applications for visa documents allowing Indian citizens to visit the UK, an expose that ended up with the UK government itself being found guilty of breaking the Data Protection Act and which kick-started something of a sea change in the way that such online applications are handled. You might think, therefore, that the company at the heart of that scandal would have cleaned up its act when it came to security. Unfortunately, communications with a former VP responsible for business development at VFS suggests otherwise.
Suprit Roy used to be responsible for new project rollouts at VFS before resigning from the company on 10th December 2007. He claims that the whole visa application database security scandal was caused by an underlying lack of commitment to enforcing discipline, standards and ethics at a senior management level. "It was only after your expose got broadcast on Channel 4 and the FCO sent in Independent Investigator Linda Baker-Costelloe that the company acted reactively to enforce some IT security practices" Roy says. He also says that despite this, not enough has been done at the most basic levels of security and cites his own corporate email account as evidence.
Most companies which not only understand security issues but take them seriously are quick to act when any employee leaves, let alone someone of VP status, to sanitize the email account associated with them. There are plenty of methods that fall within best practice to ensure that incoming corporate email is forwarded to another account without leaving access open to the ex member of staff. However, Roy claims that when speaking to a former colleague this weekend it was revealed in passing that his former official email account continued to be live within the company system. Using the Outlook Web Access browser to enter his user name, Roy discovered this to indeed be the case.
So why is Roy telling us this? Certainly there seems to be a certain amount of antagonism in his parting from VFS. He readily admits that he "left the company in disgust because I felt that the top management was unwilling to enforce the discipline and best practices required to run a business in an ethical manner." Yet whatever his motives, it does seem to reveal another apparent lack of regard for basic security principles within VFS. It also exposes the kind of problem which is all too often assumed to be of so little importance that it does not matter within the grand scheme of things. Truth be told, security and confidentiality and ethics are all wrapped up together and should be treated with the same level of respect no matter how big or small the particular issue at hand. Being sloppy with the small sketches has a nasty tendency to indicate that the bigger picture is not being drawn with a sharp enough pencil either…
Suprit Roy used to be responsible for new project rollouts at VFS before resigning from the company on 10th December 2007. He claims that the whole visa application database security scandal was caused by an underlying lack of commitment to enforcing discipline, standards and ethics at a senior management level. "It was only after your expose got broadcast on Channel 4 and the FCO sent in Independent Investigator Linda Baker-Costelloe that the company acted reactively to enforce some IT security practices" Roy says. He also says that despite this, not enough has been done at the most basic levels of security and cites his own corporate email account as evidence.
Most companies which not only understand security issues but take them seriously are quick to act when any employee leaves, let alone someone of VP status, to sanitize the email account associated with them. There are plenty of methods that fall within best practice to ensure that incoming corporate email is forwarded to another account without leaving access open to the ex member of staff. However, Roy claims that when speaking to a former colleague this weekend it was revealed in passing that his former official email account continued to be live within the company system. Using the Outlook Web Access browser to enter his user name, Roy discovered this to indeed be the case.
So why is Roy telling us this? Certainly there seems to be a certain amount of antagonism in his parting from VFS. He readily admits that he "left the company in disgust because I felt that the top management was unwilling to enforce the discipline and best practices required to run a business in an ethical manner." Yet whatever his motives, it does seem to reveal another apparent lack of regard for basic security principles within VFS. It also exposes the kind of problem which is all too often assumed to be of so little importance that it does not matter within the grand scheme of things. Truth be told, security and confidentiality and ethics are all wrapped up together and should be treated with the same level of respect no matter how big or small the particular issue at hand. Being sloppy with the small sketches has a nasty tendency to indicate that the bigger picture is not being drawn with a sharp enough pencil either…
This blog entry was written by Davey Winder, staff writer aka happygeek. It has received 1,602 views, 0 comments, and 15 linkbacks. 1 voter has rated this entry 5 out of 5 stars. It was promoted to featured status Feb 24th, 2008.
•
•
•
•
advertising apple blog browser business crime daniweb data database development email environment europe facebook firefox forensic gaming google hacking hardware help ibm internet iphone ipod law legal linux malware microsoft mobile mozilla news phishing privacy research search security social networking software spam survey technology trojan virus vista web windows yahoo youtube
All Recent Tags Post Comment
•
•
•
•
Only community members can start a blog or comment on blog entries. You must register or log in to contribute.
•
•
•
•
•
•
•
•
DaniWeb IT Water Cooler Marketplace
Related Blog Entries
- Crystal Ball Sunday #7: Embedded Devices (3 Hours Ago)
- Apple slow to patch iPhone security holes (1 Day Ago)
- 12,000 laptops lost in US airports EVERY WEEK (2 Days Ago)
- Xandros Picks Up Linspire and Freespire (3 Days Ago)
- Dish Network Cracking Up? (3 Days Ago)
- Solar Energy Technology Spreading Sunshine on Wall Street (3 Days Ago)
- Microsoft Shoots and Scores with Powerset Purchase (3 Days Ago)
- Eee, that's clever (4 Days Ago)
- Seeing double, twice, with Matrox M-Series QuadHead GPU (4 Days Ago)
- Vonage Scrambling For Financing - Investors Hanging Up (5 Days Ago)
