Macquarie Government has gained security clearance to bid for Department of Defence cloud, telecommunications and data centre contracts.
The subsidiary of Macquarie Telecom has joined the Defence Industry Security Program (DISP), certifying it to contract with the department.
The move comes as the Australian Signals Directorate (ASD) prepares to end its Cloud Services Certification Program (CSCP) at the end of July, which had previously granted partners certifications for supplying cloud services to government entities.
The CSCP was originally due to end at the beginning of July, but is understood to have been extended until the end of the month.
Although the DISP has been around for some time and is not a replacement for the CSCP, the program will fill a temporary gap for providers looking to join the ASD’s Certified Cloud Services List (CCSL).
“Many agencies are large enough to have a qualified security team and/or a CISO, but many are not,” said Aidan Tudehope, managing director at Macquarie Government.
“Without the guiding hand of the CCSL, smaller agencies in particular will become increasingly reliant on independent assessments and validation of cloud service providers to make informed decisions and keep the whole of Government secure.”
Tudehope added that he believed the other certification, the Information Security Registered Assessors Program (IRAP), were “limited to providing a point-in-time ‘snapshot’ of security validation”.
“There’s a certification gap forming as CCSL ends and we await expansion to IRAP’s existing functions. Agencies need to take into account other accreditations such as DISP to make informed decisions, particularly at a time when they’re so dependent on cloud services and cyber security is high on the national agenda,” he said.
Previously, the ASD’s CCSL gave cloud services suppliers – along with certain resellers partnering with the selected vendors – the ability to pitch for public sector work requiring an IRAP security assessment, along with other security checks and balances.
In April 2018, Microsoft Australia was awarded ‘protected’ status on the CCSL, giving the vendor the ability to handle classified and highly sensitive government data.
In January 2019, Amazon Web Services (AWS) was finally awarded ‘protected’ certification status, joining Microsoft, Dimension Data, Macquarie Government, Sliced Tech and Vault Systems on the CCSL
The DTA has been contacted for comment regarding the future of the CSCP.