AWS joins Australia’s ‘protected’ classification club

By Harley Dennett

Thursday January 24, 2019

A second international tech giant has been certified by the Australian government to host ‘protected’ classified data on a cloud computing service.

AWS, the cloud computing offshoot of Jeff Bezos’ Amazon, is the latest of only six providers to have passed a series of requirements set by the Australian Signals Directorate to handle classified material. Forty-two of its services have been certified up to ‘protected’, including compute, storage, network, database, security, analytics, application integration, management and governance.

The government has not yet allowed for any provider to host material classified above ‘protected’.

The AWS data centre, with its Australian site in Sydney, joins four other Australian providers, Vault Systems, Sliced Tech, Macquarie Government, Dimension Data, and fellow US provider Microsoft Azure/Office 365 — which is hosted at Canberra Data Centres.

Federal government departments and agencies can also use a longer list of cloud computing providers for unclassified material, including AWS and Microsoft’s chief cloud rival, Google Cloud Platform, along with other notable cloud services from Salesforce, IBM and Dell.

ASD certification doesn’t cover other requirements government agencies may require under legislation, including due diligence reviews of the legal, financial and privacy risks. The directorate also warns agencies to consult the Australian Government Information Security Manual from the Australian Cyber Security Centre on additional configuration requirements for the two US-owned providers.

In a media statement, head of the Australian Cyber Security Centre, Alastair MacGibbon said:

“The ACSC has certified 42 AWS services at PROTECTED, and we have certified an additional four services to AWS’s UDLM CCSL offering. This provides Australian Government agencies assurance that these services meet stringent Australian Government security requirements.  The government provides a robust risk-management framework to assess cyber security risks.  The ACSC recommends customers review the certification documentation and make sound risk based decisions when choosing a cloud service.

“Cloud technology is in huge demand, and in line with that, the ACSC is also evolving its programs to continue lifting cyber security standards across the whole of the Australian economy. It’s another way we are making Australia the safest place to live, work and play online.”

The Digital Transformation Agency joined in the endorsement statement, with DTA’s CEO Randall Brugeaud adding:

“The Digital Transformation Agency is already using AWS to deliver, a secure cloud-based platform for hosting website applications that helps government agencies build digital services quickly. Cloud is a critical part of the DTA’s whole of government transformation agenda. The PROTECTED certification of AWS makes it easier for agencies to leverage cloud services.”

About the author
Inline Feedbacks
View all comments

The essential resource for effective
public sector professionals