Only two out of five of England’s largest councils can track and report on user activity in real time, a log management firm has found.
LogLogic said the fact that only a further two kept related log data for over six months could also potentially compromise their ability to identify and tackle security breaches.
The information was solicited from Birmingham, Leeds, Sheffield, Liverpool and Bradford councils as part of Freedom of Information (FoI) Act requests submitted by LogLogic in May 2011.
The requests were designed to establish what data management capabilities a number of UK councils had in place to track and record user activity, as a key access requirement of the Government Connect Secure Extranet (GCSx) – a public sector secure private Wide Area Network (WAN) enabling local authorities to share data with central government.
“Managing IT data – from collection to storage and being able to report on it in real time – is key to addressing the cornerstones of GCSx,” stated Bill Roth, LogLogic vice president.
In England, three of the five largest councils were fully GCSx compliant and the other two said they were still at the implementation stage. Three had implemented log management solutions to help achieve compliance.
Two kept their log data for up to three months, while another kept it for up to six months, despite the fact the recommendation for GCSx compliance is six months plus.
On a more positive note, all five carried out annual compliance audits and three of the five councils reported they had received extra funding for GCSx.
By comparison, all five of Wales’s largest councils were GSCx compliant, and four out of five had implemented log management to assist with tracking and audit in real time, as well as carrying out annual audits. But four out of five received no funding to achieve compliance.
“They were let down (the English authorities particularly) on being able to track and record in real time, which is essential for monitoring and preventing sensitive data from leaking out of the Government Connect Secure Extranet,” Roth said.
“Storing logs for the recommended six months-plus time period is also critical for compliance and a surprising number fell short of that measure.”
Bob Tarzey, director of IT analyst Quocirca, agreed user activity logs were an important part of the insight needed to report on activity around IT usage.
“Much of that information is of little use if it cannot be linked to users,” he told IT Pro.
“It is encouraging that standards are in place and that some councils are adopting them. They are as likely a target for hacking as any other organisation, either for politically motivated reasons (but less so then central government) or commercial ones, as councils store potentially useful personal data on citizens.”
Several Scottish and Northern Irish councils refused to answer LogLogic’s FoI requests on the grounds of national security.