ASD awards new sensitive data certification to Microsoft
- 27 June, 2017 00:01
Australian Microsoft partners are set to get greater traction among government clients after the Australian Signals Directorate (ASD) expanded the range of Microsoft Azure and Office 365 services for inclusion on its Certified Cloud Services List (CCSL).
The certification provides assurance to public sector customers in government that cloud service providers have appropriate and effective security controls in place for the processing, storage, and transmission of sensitive data, the majority of government, healthcare, and education data in Australia.
Just two suppliers have attained the classification level of “protected” under the certification system, Sliced Tech and Vault Systems.
However, Amazon Web Services (AWS), IBM, Macquarie Telecom and Salesforce have all been granted the “unclassified DLM [Dissemination Limiting Markers]” status by the government intelligence agency.
In April 2015, the ASD announced CCSL certification of both Azure and Office 365 and, in November 2015, of Dynamics 365.
Now, with the ASD formally certifying dozens of additional Microsoft cloud services across Azure and Office 365 as “unclassified DLM”, the company now has around 50 cloud services included approved by the certification scheme.
Within Microsoft Azure, the services that can process and store unclassified information holding Australian government DLM status will expand from six to 40, covering all the core services appropriate for infrastructure and applications in the hyperscale cloud. These include services like Azure Log Analytics, ExpressRoute and Azure Security Centre.
For the first time, according to Microsoft, the new certification enables Australian government, education and healthcare organisations to innovative with services like Azure Machine Learning, Azure Internet-of-Things Hub and Azure Application Services.
In addition, 11 services within Office 365, including those for voice communications, cloud PABX, email, information protection and collaboration, have also received certification at the Unclassified DLM level.
The scope of certification includes advanced cybersecurity services for threat and information protection, according to Microsoft.
“The biggest thing for our partners, is that it really simplified their work. They can build on our platform knowing that the government trusts that foundation,” Microsoft Australia national technology officer, James Kavanagh, told ARN.
“We want to drive forward the durability of innovation, and we know that sometimes the barrier to that is the level of confidence that governments have, and that other jurisdictions have.
“Any data from any sector can be delivered from the cloud and delivered confidently,” he said.
The new certification comes just over five months after the ASD completed a remodelling of its guidelines for government departments to mitigate cyber risks.
The move saw the ASD’s "Top 4" cyber security controls expanded to what the agency is calling the "essential eight".
The controls are mandatory for all government agencies and are also used by business as part of cyber security strategy.
“Incorporating the Top 4, the eight mitigation strategies with an 'essential' rating are so effective at mitigating targeted cyber intrusions and ransomware that ASD considers them to be the cyber security baseline for all organisations,” the ASD said at the time.