Twenty-five Microsoft Azure cloud services and ten Office 365 services have been awarded ‘Protected’ certification by the Australian Signals Directorate (ASD).
The listing on the ASD’s Certified Cloud Services List (CCSL) makes it far easier for government agencies to host Protected level data sets on the Microsoft cloud, significantly reducing the procurement effort and associated risk assessment process.
The certification applies across Microsoft’s four cloud regions in Australia, two of which – Central 1 and 2 in Canberra –were made available today.
Achieving the award has been hard fought by Microsoft over a number of years, requiring significant investment and the dedication of full time engineering teams assigned to achieving it.
“We’re pretty excited about it because it’s the culmination of quite a number of years of work to get to this stage where the government is comfortable, and it opens up a broad range of options for government to accelerate and move faster on their adoption of cloud,” explained James Kavanagh, Microsoft Azure Engineering Lead for Australia New Zealand.
The assessment process for Microsoft’s Protected certification began in 2014, at the same time as for Unclassified certification which was grantedlast year. The assessment involves Microsoft proving its products meet close to a thousand distinct security controls laid out in the ASD-maintainedInformation Security Manual,before the claims are verified by independent IRAP assessors and multiple ASD reviews.
Microsoft was required to engineer “new security innovations into our software” as well as enhancements to “personnel and physical security” to gain the certification.
The pay-off is that Microsoft is the first global cloud provider to be awarded Certification for Protected data in Australia, “dramatically accelerating the opportunity for all levels of Government and National Critical Infrastructure” to advance their use of secure cloud computing, the company said.
They join a limited number of smaller providers – namely Dimension Data, Macquarie Government, Sliced Tech and Vault Systems – in offering Protected classification level cloud services.
The government’s recently releasedSecure Cloud Strategycalled for increased use of cloud by agencies.
“Awarding Microsoft the Protected Certification reflects the Turnbull Government’s commitment to prioritise and deliver secure cloud services, ensuring a very high level of security for Australians,” said Minister for Law Enforcement and Cyber Security Angus Taylor.
Steven Worrall, managing director, Microsoft Australia, said the certification created a “clear path” for agencies to host Protected datasets.
“This injects new opportunities for public sector innovation, transformation and service agility thanks to the range of sophisticated Azure services already available and certified. Office 365 will support the Australian government’s ambitions to streamline government processes and digitally transform public sector workplaces. At the same time agencies can avail themselves of the mature and open ecosystem of partners and developers who build on the Azure cloud.” he said.
Rival AWS is closing in on Protected approval for its cloud services. However, certification may be some time off with the company last week announcing it had only finalised its IRAP.