Our findings on this were that employees within the federal public service were given access they didn't need to carry out their duties, so it wasn't related to outsourcing of an aspect of housing a data centre or using the cloud service provider. It wasn't related to that; it was really related to the access privileges were granted by an employer to an employee.
When someone has access they don't need to do their jobs, at times it could be incompatible or conflicting processes or transactions they can do that would require segregation of duties to ensure good stewardship of funds.
It had nothing to do with outsourcing, but more with the fact that certain doors were left open that should be closed to properly safeguard information and data in the government.