In October of 2021, AUCloud was named a “certified strategic” cloud provider by Australia’s Digital Transformation Agency for meeting the requirements to hold protected public sector-data as specified by its new Hosting Certification Framework. The framework requires all “whole of government” systems and those that are classified as “protected” to be hosted only by certified strategic service providers and data centers by June 30, 2022.
We recently connected with Phil Dawson, managing director of AUCloud and the company’s co-founder, to learn why he believes the mandates within the framework are crucial for Australia’s government agencies. We also discussed what he believes makes cloud services truly sovereign and what it means for AUCloud to be one of just 10 enterprises worldwide to have earned the VMware Cloud Verified Sovereign Cloud distinction.
“The new Hosting Certification Framework includes myriad requirements to ensure that the data of Australia’s government agencies is hosted ‘with the appropriate level of privacy, sovereignty, and security controls,’” says Dawson. “Together with the Australian Cyber Security Centre’s Cloud Assessment and Authorization Framework, the requirements play a crucial role in safeguarding the trust of Australia’s citizens. Citizens want to know that the services that host their data have complete jurisdictional control and authority over it.”
Dawson is quick to point out that merely ensuring that data is kept within the country is not enough. Ensuring the sovereignty of the “data supply chain” is crucial.
“The reality is that regardless of where in the world many cloud providers hold data, foreign-owned providers are subject to the laws of their own nation, such as the United States CLOUD Act, that could force them to hand over data on Australian citizens,” he adds. “While foreign-owned providers may claim to keep Australian data onshore, the nature of their global operations means that a lot of metadata, and data linked to analytics and support operations, can still find its way into data centers around the world. Even if this is not the case, because they are foreign owned and hence subject to the laws of the country where they are owned, they can be compelled to provide access to the data they hold irrespective of if it is the sovereign data of another country. Genuine sovereign cloud services mitigate that risk and help maintain trust in a national digital infrastructure. That’s why Australia’s specific sovereign cloud requirements are not only well-founded, but worthy of emulation.”
AUCloud’s services are engineered to include the security controls and standards associated with the protected data the company’s customers work with. These customers include Australia’s federal and state government agencies, enterprises in critical industries and technology partners that support applications in these areas as well as those used in the national defense and intelligence fields.
Cloud services the company offers include Compute-as-a-Service, Storage-as-a-Service, Backup-as-a-Service, Disaster Recovery-as-a-Service, Security Operations Center-as-a-Service and more recently, Desktop as a Service and Workspace ONE.
‘Data security is our DNA’
AUCloud’s customers and partners typically work with a wide range of personal and sensitive information. Examples include personally identifiable data that’s important in healthcare settings or for the purpose of delivery services to citizens, and information sensitive to the operation of agencies and the execution of their business.
“Data security is our DNA,” says Dawson. “Our customers demand the highest levels of security. Compliance and transparency in meeting those standards is equally important. Critically, we support our customers regardless of where they are in their digital maturity, whether it’s initial work to transition from on-premises legacy systems to developing tomorrow’s next generation of cloud native services for Australia’s citizens.”
Dawson also says that the move to the cloud is inevitable for most government entities. As with their private-sector counterparts, cloud solutions enable new ways of working and are more cost effective – an attribute AUCloud strengthens through its transparent pricing arrangements and commitment to no hidden or additional costs such as ingress or egress charges or exit fees.
Notably, citizens’ increasing reliance on digital technologies, the related exponential increase in data volumes, and the growing interest in cloud-native applications are also pushing traditional infrastructure to the limit. Much more agile and scalable cloud-based approaches are necessary to not just ensure the cost-effective movement and effective storage of data but to ensuring data is appropriately secure and accessible. He points to VMware as an important partner in helping agencies make this transition successfully and with confidence.
“Many government agencies rely on VMware in mission-critical roles,” he says. “For these agencies in particular, using VMware-based cloud solutions within a sovereign cloud environment makes the transition to the cloud easier and reduces risks and costs. That’s why it’s so important to AUCloud that we received the VMware Cloud Verified Sovereign Cloud distinction. It’s an important validation that gives our customers the peace of mind knowing that they can access the cloud with the security, compliance, and interoperability they expect and associate with VMware’s technologies.
“We are very proud of our work,” says Dawson. “Everything we do reflects our commitment to ensure that the nation’s data – namely, citizen data, and all the metadata, support, analytics etc data associated with it, remains safe and secured in Australia and not exposed to the risk of extraterritorial access by non-sovereign jurisdictions.”
Learn more about AUCloud and its partnership with VMware here.