Obsidian Security completes IRAP assessment for SaaS
Obsidian Security announced it has completed the Infosec Registered Assessors Program (IRAP) Assessment, enhancing its credentials in the public sector and making its SaaS security platform available to Australia's Federal Government agencies.
The IRAP, developed by the Australian Signals Directorate, serves as an independent assessment of system security controls, with federal agencies relying on its outcomes to evaluate a system's suitability for their security requirements. The completion of the IRAP Assessment now provides Australian public sector agencies with greater confidence in deploying Obsidian Security to protect their SaaS identities, applications, and data.
Obsidian Security has observed a marked increase in SaaS breaches, which have surged 300% year-over-year, with identity-based attacks becoming prevalent. Consequently, the availability of Obsidian to Australian federal government agencies for a security strategy covering configuration, identity protection, detection, and response comes at a critical time.
Glenn Chisholm, Australian Co-Founder of Obsidian Security, highlighted the threats entities face with the rise of SaaS applications. "All these applications adopted by public and private organisations create all sorts of blind spots for security teams, especially around identity," Chisholm said. "Threat actors are increasingly focused on exploiting these gaps. Completing the IRAP assessment means we can protect government agencies from these sophisticated attacks in the same way we do for Australia's largest telcos, banks, and healthcare providers."
Chisholm further noted the inherent risk many organisations take by depending on their SaaS providers for application configuration, which can lead to the unintentional exposure of sensitive data. "While SaaS providers ensure the security of the application's infrastructure, the user is responsible for implementing appropriate security measures around their human and non-human identities – this includes things like multifactor authentication and privilege controls," he explained. "Compounding the risk, these apps are often implemented outside the purview of the organisation's security team. Obsidian offers a single platform for visibility, control, and global enforcement over the organisation's entire SaaS ecosystem."
Obsidian's completion of the IRAP Assessment to the PROTECTED security classification complements its existing global certifications, which include SOC 2 and ISO certifications 27001 and 27701. Moreover, in October, the company fortified its investment in the region with a new datacentre in Sydney, established on AWS infrastructure to bolster data sovereignty for local customers.