sb-au logo
Story image

Microsoft officially awarded with “Protected” data certification

Microsoft has officially been awarded protected level certification for Microsoft Azure and Office 365, marking the tech giant as the first hyperscale cloud provider to attain certification for protected data in Australia.

25 of Microsoft Azure services and 10 Office 365 services have received the certification from the Australian Signals Directorate (ASD), an achievement the company says will accelerate the opportunity for all levels of Government and National Critical Infrastructure to advance their use of secure cloud computing.

The announcement comes off the back of the company officially launching its two new Azure regions - known as Azure Australia Central - this morning, in partnership with Canberra Data Centres (CDC). 

Microsoft says obtaining protected level certification creates a clear path for Government agencies to host higher classified data sets in Microsoft cloud services and will accelerate the ability for Commonwealth, State and Territory Governments to adopt cloud with an additional degree of confidence. 

Microsoft Australia managing director Steven Worrall says, “This injects new opportunities for public sector innovation, transformation and service agility thanks to the range of sophisticated Azure services already available and certified. 

“Office 365 will support the Australian government’s ambitions to streamline government processes and digitally transform public sector workplaces.  At the same time, agencies can avail themselves of the mature and open ecosystem of partners and developers who build on the Azure cloud.”

Microsoft currently has unclassified DLM certification for 40 Azure services and 10 Office 365 services.

Within those services, 35 were formally assessed for Protected Certification and have now been formally certified by the ASD for inclusion on the Certified Cloud Services List (CCSL). 

Minister for Law Enforcement and Cyber Security Angus Taylor said awarding the certification to Microsoft will accelerate the ability for Commonwealth, State and Territory Governments to adopt cloud technology.

“It has never been more important for government and Australian enterprises to strategically manage cyber security risks,” Minister Taylor says.

“Australia is under increasing cyber security threat and as government and critical infrastructure innovate and transform, it is imperative that we remove risk in our existing systems and use modern, secure cloud technology.

“Awarding Microsoft the Protected Certification reflects the Turnbull Government’s commitment to prioritise and deliver secure cloud services, ensuring a very high level of security for Australians.

“The Australian Government welcomes Microsoft’s investment in the Australian public sector as well as an initiative to deliver cloud computing skills to an additional 5,000 employees by 2020.”

The security and management of Government data is directed by the Protective Security Policy Framework (PSPF) and Information Security Manual (ISM) which provide mandatory guidance to ensure agencies remain compliant.

The security controls required for Protected Certification of Azure and Office 365 have been implemented in all Australian regions where the Microsoft cloud is available: Sydney, Melbourne and now Canberra. 

The Azure Central regions offer some unique additional capabilities for connectivity, resilience and hybrid flexibility, which Microsoft says provides further assurance to government and national critical infrastructure customers with mission-critical needs.  

Microsoft Azure engineering lead for A/NZ James Kavanagh says, “We embarked on this journey in 2014 with the first assessment of Microsoft Azure for compliance with Australian government security controls. 

“In the four years since, we’ve engineered new security innovations into our software, we’ve enhanced our personnel and physical security right across Australia, we’ve established new relationships and capabilities for cybersecurity and most recently we’ve opened new cloud regions dedicated to government and national critical infrastructure.

“Most importantly, we’ve done all of this in partnership with the Australian Government towards one shared goal – to ensure that government and critical infrastructure sectors of Australia have access to the best innovation, with absolute confidence in the rigorous level of security and privacy that Australians expect,” Kavanagh concludes.

Story image
High-tech heist: why fending off ransomware attacks is more challenging than ever in 2020
The COVID-19 crisis has unleashed a wave of sophisticated and disruptive ransomware attacks, and the onus is on businesses to ramp up their security measures if they’re to avoid falling victim, writes Attivo Networks regional director for A/NZ Jim Cook.More
Link image
Phishing campaigns aren't stopping - but neither are their opponents
COVID-19 is presenting the perfect opportunity to cyber attackers to mount potentially devastating spear-phishing campaigns against organisations via their remote workers. Learn how to fight back.More
Story image
Check Point acquires Odo Security to bolster remote security offering
The deal will integrate Odo’s remote access software with Check Point’s Inifinity architecture, bolstering the latter company’s remote security capabilities in a time where working and learning from home has become the norm, and looks to largely remain that way in the near future.More
Story image
Phishing scam imitates SharePoint & OneNote for nefarious clicks
Sophos researchers say that the attackers take a slightly different approach to the standard ‘fake login’ phishing email.More
Link image
Gartner report: Why SD-WAN is becoming the de-facto option
Network service providers are increasingly challenged by established and new competition in the overlay SD-WAN management as well as in the underlay WAN transport, the report says.More
Story image
Proofpoint launches new SMB focused security awareness training
Proofpoint has launched security awareness training for small to medium businesses (SMBs) with the aim of reducing successful phishing attacks and malware infections to almost zero. More