Google cleared to handle Australian Government data
- 13 December, 2018 14:07
Google's cloud has been added to the Australian Cyber Security Centre (ACSC) Certified Cloud Services List (CCSL).
Google Cloud Platform (GCP) is the latest service, and first from Google, to get clearance to manage unclassified data from Government agencies.
The unclassified certification is the minimum government security standard. The certification will cover 16 GCP services and its physical data centre located in Sydney.
Specifically the services are compute (compute engine, app engine and Kubernetes engine), storage (cloud storage and persistent disk), networking (virtual private cloud, cloud load balancing and cloud DNS), security (cloud key management service and cloud IAM), management (stackdriver), data analytics (cloud dataflow, cloud dataproc and cloud datalab) and databases (cloud sql and cloud datastore).
"Attaining IRAP certification confirms that GCP’s physical, personnel and information security controls meet the requirements prescribed by the ASD," said Angelo Joseph, A/NZ head of customer engineering at Google Cloud.
Twelve providers, including Microsoft, IBM and AWS, have already gained entry to the CCSL list. AWS joined the list in March this year as part of an effort to eventually reach 'protected' status.
Just five suppliers have been granted the highest status for their services: Dimension Data, Macquarie Government, Sliced Tech and Vault Systems and, most recently, Microsoft for both Azure and Office 65.
According to ACSC, the certification was granted following an application by Google that met the Protective Security Policy Framework and Information Security Manual requirements.
"Protecting Australians from cyber threats is one of our greatest national security challenges. It’s important that we have rigorous standards for the management of our information,’ ACSC head Alastair MacGibbon said.
“If an agency’s security and risk needs can be met with a cloud certified to unclassified DLM, this increases their choices in meeting their business objectives.”
However, MacGibbon stressed that third-party solutions built on ACSC Certified Cloud Services do not automatically inherit ACSC certification, and must be listed separately on the CCSL.