SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Microsoft officially awarded with “Protected” data certification
Tue, 3rd Apr 2018
FYI, this story is more than a year old

Microsoft has officially been awarded protected level certification for Microsoft Azure and Office 365, marking the tech giant as the first hyperscale cloud provider to attain certification for protected data in Australia.

25 of Microsoft Azure services and 10 Office 365 services have received the certification from the Australian Signals Directorate (ASD), an achievement the company says will accelerate the opportunity for all levels of Government and National Critical Infrastructure to advance their use of secure cloud computing.

The announcement comes off the back of the company officially launching its two new Azure regions - known as Azure Australia Central - this morning, in partnership with Canberra Data Centers (CDC).

Microsoft says obtaining protected level certification creates a clear path for Government agencies to host higher classified data sets in Microsoft cloud services and will accelerate the ability for Commonwealth, State and Territory Governments to adopt cloud with an additional degree of confidence.

Microsoft Australia managing director Steven Worrall says, “This injects new opportunities for public sector innovation, transformation and service agility thanks to the range of sophisticated Azure services already available and certified.

“Office 365 will support the Australian government's ambitions to streamline government processes and digitally transform public sector workplaces.  At the same time, agencies can avail themselves of the mature and open ecosystem of partners and developers who build on the Azure cloud.

Microsoft currently has unclassified DLM certification for 40 Azure services and 10 Office 365 services.

Within those services, 35 were formally assessed for Protected Certification and have now been formally certified by the ASD for inclusion on the Certified Cloud Services List (CCSL).

Minister for Law Enforcement and Cyber Security Angus Taylor said awarding the certification to Microsoft will accelerate the ability for Commonwealth, State and Territory Governments to adopt cloud technology.

“It has never been more important for government and Australian enterprises to strategically manage cyber security risks,” Minister Taylor says.

“Australia is under increasing cyber security threat and as government and critical infrastructure innovate and transform, it is imperative that we remove risk in our existing systems and use modern, secure cloud technology.

“Awarding Microsoft the Protected Certification reflects the Turnbull Government's commitment to prioritise and deliver secure cloud services, ensuring a very high level of security for Australians.

“The Australian Government welcomes Microsoft's investment in the Australian public sector as well as an initiative to deliver cloud computing skills to an additional 5,000 employees by 2020.

The security and management of Government data is directed by the Protective Security Policy Framework (PSPF) and Information Security Manual (ISM) which provide mandatory guidance to ensure agencies remain compliant.

The security controls required for Protected Certification of Azure and Office 365 have been implemented in all Australian regions where the Microsoft cloud is available: Sydney, Melbourne and now Canberra.

The Azure Central regions offer some unique additional capabilities for connectivity, resilience and hybrid flexibility, which Microsoft says provides further assurance to government and national critical infrastructure customers with mission-critical needs. 

Microsoft Azure engineering lead for ANZ James Kavanagh says, “We embarked on this journey in 2014 with the first assessment of Microsoft Azure for compliance with Australian government security controls.

“In the four years since, we've engineered new security innovations into our software, we've enhanced our personnel and physical security right across Australia, we've established new relationships and capabilities for cybersecurity and most recently we've opened new cloud regions dedicated to government and national critical infrastructure.

“Most importantly, we've done all of this in partnership with the Australian Government towards one shared goal – to ensure that government and critical infrastructure sectors of Australia have access to the best innovation, with absolute confidence in the rigorous level of security and privacy that Australians expect,” Kavanagh concludes.