Story image

Microsoft officially awarded with “Protected” data certification

03 Apr 2018

Microsoft has officially been awarded protected level certification for Microsoft Azure and Office 365, marking the tech giant as the first hyperscale cloud provider to attain certification for protected data in Australia.

25 of Microsoft Azure services and 10 Office 365 services have received the certification from the Australian Signals Directorate (ASD), an achievement the company says will accelerate the opportunity for all levels of Government and National Critical Infrastructure to advance their use of secure cloud computing.

The announcement comes off the back of the company officially launching its two new Azure regions - known as Azure Australia Central - this morning, in partnership with Canberra Data Centres (CDC). 

Microsoft says obtaining protected level certification creates a clear path for Government agencies to host higher classified data sets in Microsoft cloud services and will accelerate the ability for Commonwealth, State and Territory Governments to adopt cloud with an additional degree of confidence. 

Microsoft Australia managing director Steven Worrall says, “This injects new opportunities for public sector innovation, transformation and service agility thanks to the range of sophisticated Azure services already available and certified. 

“Office 365 will support the Australian government’s ambitions to streamline government processes and digitally transform public sector workplaces.  At the same time, agencies can avail themselves of the mature and open ecosystem of partners and developers who build on the Azure cloud.”

Microsoft currently has unclassified DLM certification for 40 Azure services and 10 Office 365 services.

Within those services, 35 were formally assessed for Protected Certification and have now been formally certified by the ASD for inclusion on the Certified Cloud Services List (CCSL). 

Minister for Law Enforcement and Cyber Security Angus Taylor said awarding the certification to Microsoft will accelerate the ability for Commonwealth, State and Territory Governments to adopt cloud technology.

“It has never been more important for government and Australian enterprises to strategically manage cyber security risks,” Minister Taylor says.

“Australia is under increasing cyber security threat and as government and critical infrastructure innovate and transform, it is imperative that we remove risk in our existing systems and use modern, secure cloud technology.

“Awarding Microsoft the Protected Certification reflects the Turnbull Government’s commitment to prioritise and deliver secure cloud services, ensuring a very high level of security for Australians.

“The Australian Government welcomes Microsoft’s investment in the Australian public sector as well as an initiative to deliver cloud computing skills to an additional 5,000 employees by 2020.”

The security and management of Government data is directed by the Protective Security Policy Framework (PSPF) and Information Security Manual (ISM) which provide mandatory guidance to ensure agencies remain compliant.

The security controls required for Protected Certification of Azure and Office 365 have been implemented in all Australian regions where the Microsoft cloud is available: Sydney, Melbourne and now Canberra. 

The Azure Central regions offer some unique additional capabilities for connectivity, resilience and hybrid flexibility, which Microsoft says provides further assurance to government and national critical infrastructure customers with mission-critical needs.  

Microsoft Azure engineering lead for A/NZ James Kavanagh says, “We embarked on this journey in 2014 with the first assessment of Microsoft Azure for compliance with Australian government security controls. 

“In the four years since, we’ve engineered new security innovations into our software, we’ve enhanced our personnel and physical security right across Australia, we’ve established new relationships and capabilities for cybersecurity and most recently we’ve opened new cloud regions dedicated to government and national critical infrastructure.

“Most importantly, we’ve done all of this in partnership with the Australian Government towards one shared goal – to ensure that government and critical infrastructure sectors of Australia have access to the best innovation, with absolute confidence in the rigorous level of security and privacy that Australians expect,” Kavanagh concludes.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.