Story image

Microsoft officially awarded with “Protected” data certification

03 Apr 2018

Microsoft has officially been awarded protected level certification for Microsoft Azure and Office 365, marking the tech giant as the first hyperscale cloud provider to attain certification for protected data in Australia.

25 of Microsoft Azure services and 10 Office 365 services have received the certification from the Australian Signals Directorate (ASD), an achievement the company says will accelerate the opportunity for all levels of Government and National Critical Infrastructure to advance their use of secure cloud computing.

The announcement comes off the back of the company officially launching its two new Azure regions - known as Azure Australia Central - this morning, in partnership with Canberra Data Centres (CDC). 

Microsoft says obtaining protected level certification creates a clear path for Government agencies to host higher classified data sets in Microsoft cloud services and will accelerate the ability for Commonwealth, State and Territory Governments to adopt cloud with an additional degree of confidence. 

Microsoft Australia managing director Steven Worrall says, “This injects new opportunities for public sector innovation, transformation and service agility thanks to the range of sophisticated Azure services already available and certified. 

“Office 365 will support the Australian government’s ambitions to streamline government processes and digitally transform public sector workplaces.  At the same time, agencies can avail themselves of the mature and open ecosystem of partners and developers who build on the Azure cloud.”

Microsoft currently has unclassified DLM certification for 40 Azure services and 10 Office 365 services.

Within those services, 35 were formally assessed for Protected Certification and have now been formally certified by the ASD for inclusion on the Certified Cloud Services List (CCSL). 

Minister for Law Enforcement and Cyber Security Angus Taylor said awarding the certification to Microsoft will accelerate the ability for Commonwealth, State and Territory Governments to adopt cloud technology.

“It has never been more important for government and Australian enterprises to strategically manage cyber security risks,” Minister Taylor says.

“Australia is under increasing cyber security threat and as government and critical infrastructure innovate and transform, it is imperative that we remove risk in our existing systems and use modern, secure cloud technology.

“Awarding Microsoft the Protected Certification reflects the Turnbull Government’s commitment to prioritise and deliver secure cloud services, ensuring a very high level of security for Australians.

“The Australian Government welcomes Microsoft’s investment in the Australian public sector as well as an initiative to deliver cloud computing skills to an additional 5,000 employees by 2020.”

The security and management of Government data is directed by the Protective Security Policy Framework (PSPF) and Information Security Manual (ISM) which provide mandatory guidance to ensure agencies remain compliant.

The security controls required for Protected Certification of Azure and Office 365 have been implemented in all Australian regions where the Microsoft cloud is available: Sydney, Melbourne and now Canberra. 

The Azure Central regions offer some unique additional capabilities for connectivity, resilience and hybrid flexibility, which Microsoft says provides further assurance to government and national critical infrastructure customers with mission-critical needs.  

Microsoft Azure engineering lead for A/NZ James Kavanagh says, “We embarked on this journey in 2014 with the first assessment of Microsoft Azure for compliance with Australian government security controls. 

“In the four years since, we’ve engineered new security innovations into our software, we’ve enhanced our personnel and physical security right across Australia, we’ve established new relationships and capabilities for cybersecurity and most recently we’ve opened new cloud regions dedicated to government and national critical infrastructure.

“Most importantly, we’ve done all of this in partnership with the Australian Government towards one shared goal – to ensure that government and critical infrastructure sectors of Australia have access to the best innovation, with absolute confidence in the rigorous level of security and privacy that Australians expect,” Kavanagh concludes.

‘Buy-now-pay-later’ taking consumer markets by storm
A new survey shows that young people are embracing this new method of purchasing, with over 1.5 million users in the last year in Australia alone.
Versent acquires AI specialist Contexti
Versent announced its acquisition of Sydney-based, actionable insights business, Contexti.
8x8 launches X series contact centre cloud solution in A/NZ
“With X Series, organisations throughout Australia and New Zealand can now integrate all of their employee communications and contact centre solutions on one cloud platform.”
How Australia can access the connected supply chain
"Australia’s logistics industry now needs to set its eyes on how it can go about digitalising all the areas of the traditional supply chain."
Aerohive achieves ISO/IEC 27001 cloud platform certification
Aerohive is the first cloud-managed networking vendor recognized by a global standard for commitment to information security management systems.
Better data management: Whose job is it?
An Experian executive’s practical advice on how to structure data-management roles within a modern business environment.
Opinion: BYOD can be secure with the right measures
Companies that embrace BYOD are giving employees more freedom to work remotely, resulting in increased productivity, cost savings, and talent retention.
Sonatype and HackerOne partner on open source vulnerability reporting
Without a standard for responsible disclosure, even those who want to disclose vulnerabilities responsibly can get frustrated with the process.