Microsoft becomes the first global cloud provider to achieve Certification for Protected data in Australia


Assured with Protected Certification for both Azure and Office 365 

Microsoft is the first global cloud provider to be awarded Certification for Protected data in Australia, dramatically accelerating the opportunity for all levels of Government and National Critical Infrastructure to advance their use of secure cloud computing.

Microsoft Azure and Office 365 have been awarded Protected Certification by the Australian Signals Directorate (ASD), for inclusion in the Certified Cloud Services List (CCSL). This is a major milestone that Microsoft has been working towards in partnership with Government since 2014 and unleashes an enormous digital transformation opportunity across the public sector in both Australia and New Zealand.

This coincides with the announcement earlier today from Microsoft of the availability of Azure Australia Central regions, two new Microsoft Azure cloud regions located within highly secure, resilient, Australian-owned facilities of Canberra Data Centres. These regions are specifically designed to support mission-critical demands of government and critical national infrastructure.

This announcement creates a clear path for Government agencies to host higher classified data sets in Microsoft cloud services and will accelerate the ability for Commonwealth, State and Territory Governments to adopt cloud – confident in the knowledge that Azure and Office 365 have undergone this very high level of assurance.

Steven Worrall, managing director, Microsoft Australia was delighted that Microsoft’s Azure and Office 365 are the first global public cloud services to achieve Protected level certification in this country.

“This injects new opportunities for public sector innovation, transformation and service agility thanks to the range of sophisticated Azure services already available and certified. Office 365 will support the Australian government’s ambitions to streamline government processes and digitally transform public sector workplaces.  At the same time agencies can avail themselves of the mature and open ecosystem of partners and developers who build on the Azure cloud.” he said.

The Protected certification follows the announcement in 2017 that 40 Azure services and 10 Office 365 services had received ASD certification to handle Unclassified (DLM) data. Within those services 35 were formally assessed for Protected Certification.  With the announcement today, Australian Signals Directorate has formally certified those services for inclusion on the CCSL.

The clear appetite for more cloud-based solutions was reinforced by the Federal Government’s Secure Cloud Strategy[1] released in February. The Strategy illustrates how cloud offers reusable digital platforms at a lower cost and shifts service deliver to a faster more reliable digital channel. The Strategy notes that cloud services could make Government more responsive, convenient, available and user focused.  It enables flexibility for government agencies to advance with cloud services, while emphasising the central importance of the extensive assurance processes of the Australian Signals Directorate for widely used services like Azure and Office 365.

Minister for Law Enforcement and Cyber Security Angus Taylor said awarding the certification to Microsoft will accelerate the ability for Commonwealth, State and Territory Governments to adopt cloud technology, confident in the knowledge that Azure and Office 365 have undergone this rigorous level of assurance.

“It has never been more important for government and Australian enterprises to strategically manage cyber security risks,” Minister Taylor said.

“Australia is under increasing cyber security threat and as government and critical infrastructure innovate and transform, it is imperative that we remove risk in our existing systems and use modern, secure cloud technology.

“Awarding Microsoft the Protected Certification reflects the Turnbull Government’s commitment to prioritise and deliver secure cloud services, ensuring a very high level of security for Australians.

“The Australian Government welcomes Microsoft’s investment in the Australian public sector as well as an initiative to deliver cloud computing skills to an additional 5,000 employees by 2020.”

Microsoft Australia managing director Steven Worrall said the Protected Certification, in conjunction with the substantial investment in our existing Australian data centre regions to handle Protected data and the two new Canberra based Microsoft Azure cloud regions demonstrates Microsoft’s commitment to public sector. Microsoft will have four regions certified and able to service Protected workloads for our customers.

“That ensures service resilience, and our Protected certification demonstrates the high degree of trust that the Government places in Office 365 and Azure services,” added Worrall.

The security and management of Government data is directed by the Protective Security Policy Framework (PSPF) and Information Security Manual (ISM) which provide mandatory guidance to ensure agencies remain compliant.

James Kavanagh, Microsoft Azure Engineering Lead for Australia & New Zealand said; “We embarked on this journey in 2014 with the first assessment of Microsoft Azure for compliance with Australian government security controls.

In the four years since, we’ve engineered new security innovations into our software, we’ve enhanced our personnel and physical security right across Australia, we’ve established new relationships and capabilities for cybersecurity and most recently we’ve opened new cloud regions dedicated to government and national critical infrastructure”

“Most importantly, we’ve done all of this in partnership with the Australian Government towards one shared goal – to ensure that government and critical infrastructure sectors of Australia have access to the best innovation, with absolute confidence in the rigorous level of security and privacy that Australians expect.”

The security controls required for Protected Certification of Azure and Office 365 have been implemented in all Australian regions where the Microsoft cloud is available: Sydney, Melbourne and now Canberra.

The Azure Central regions offer some unique additional capabilities for connectivity, resilience and hybrid flexibility that will provide further assurance to government and national critical infrastructure customers with mission critical needs.  With the background of new legislation in the form of the Critical Infrastructure Security Bill that require national critical infrastructure organisations to monitor and report on the security of their information supply chain, the Australian ownership and premium security capabilities of Canberra Data Centres is also compelling.

Citadel Group uses Azure for national security app

A ground-breaking national security platform that would mobilise citizen’s smartphones as critical incident data sources is under development. The prototype app is being created by ASX-listed The Citadel Group and runs on Microsoft’s new Azure Australia Central.

The app is being designed to allow real time video uploads and information capture to enhance national security. The app would let users instantly collect data, such as video and audio, which along with telemetry information from the phone itself, can be transmitted to a centralised command and control centre.

The solution is being designed so that data coming from multiple sources can be instantly consolidated and analysed. It will perform analytics on the incoming data streams to generate real time intelligence about a situation to help direct rapid response when and where it is needed. The app could also be used to actively push notifications out to citizens and users with alerts as required.

Citadel CEO Darren Stanley said “The concept for the solution can be traced back to the day of the Lindt siege terror attack when it became clear the first responders did not have immediate access to real time information they needed to rapidly deal with the situation. We felt we could design and develop a citizen-centric solution to make that information available and keep people safe.

“In simple terms this turns a smartphone into an intelligence reporting device.  Citizens choose to report this information. From a national security perspective, you see something, you’re in a bad situation, you hear an explosion. Even if you can’t tell if it was actually an explosion or just a car backfiring, you’re able to submit your recording.

“Now emergency services can see what people are seeing, hear what people are hearing and understand whether it’s a single incident or co-ordinated attack.

“Instead of three separate incidents being called in separately and treated individually, the in-built analytics of this platform determines that there are three incidents reported within two kilometres of each other which are atypical and may be a co-ordinated attack. Traditionally that sort of insight may take hours to develop – this app makes it seamless.”