Australian government gives Amazon Web Services protected level certification

The cloud giant can now store highly sensitive workloads for Australian government entities.
Written by Asha Barbaschow, Contributor

Amazon Web Services (AWS) has received certification from the Australian Cyber Security Centre (ACSC), allowing the cloud behemoth to provide storage for highly sensitive government workloads out of its AWS Asia Pacific (Sydney) Region.

Protected-level certification is currently the highest security level approved by the federal government.

The company has been given the green light for 42 AWS services at this level, including compute, storage, network, database, security, analytics, application integration, management, and governance.

See also: AWS re:Invent 2018: A guide for tech and business pros (free PDF)

Head of the ACSC Alastair MacGibbon said AWS has also been certified for an additional four services to AWS' existing unclassified dissemination limiting marker (DLM) Certified Cloud Services List (CCSL) offering.

"This provides Australian government agencies assurance that these services meet stringent Australian government security requirements," MacGibbon said. 

The Digital Transformation Agency (DTA) is already using AWS to deliver its cloud-based platform for hosting website applications, cloud.gov.au.

The CCSL boasts 13 providers that can all store government data at the unclassified DLM level: AWS, Dell Virtustream, Dimension Data, Education Services Australia, Google, IBM, Macquarie Government, Microsoft, Rackspace, Salesforce, ServiceNow, Sliced Tech, and Vault Systems.

However, only six of these vendors are also certified at a protected level.

Local vendors Sliced Tech and Vault Systems were the first to receive protected status, shortly followed by Macquarie Government, part of the Macquarie Telecom Group.

NTT-owned Dimension Data was then accredited to provide protected-level cloud services to Australian government entities despite being an international company, and one that has data centres outside of the country.

Microsoft was the fifth vendor to appear on the CCSL in a protected capacity, receiving accreditation in April for its "government-configured" clouds to be used for Australian government data classified up to that level. But unlike the previous certifications of its kind, Microsoft's certifications were provisional and came with what the ASD called "consumer guides".

CCSL certification from the ACSC -- a task previously performed by the Australian Signals Directorate -- is based on what the federal government has defined in Australia's Protective Security Policy Framework (PSPF) and Information Security Manual (ISM).

"The accreditation awarded to the AWS Sydney Region to run and store protected security classification workloads in Australia is a major milestone for our existing customers and paves the way for others who may have been waiting for this certification in order to begin their cloud journey on AWS," AWS Asia Pacific regional managing director of Worldwide Public Sector Peter Moore said on Thursday.


How Amazon Web Services runs security at a global scale

AWS CISO told ZDNet that security is job zero for the cloud behemoth.

Seven cloud vendors lining up for government security clearance

After Microsoft's contentious addition to the Certified Cloud Services List, the Australian Signals Directorate has revealed it is working with another seven companies interested in providing cloud services to government.

Commonwealth pushes public cloud by default

Spruiking a public cloud-first approach, the Australian government has lifted the lid off its new Secure Cloud Strategy.

Home Affairs denies Microsoft in breach of Signals Directorate conditions

Senators are concerned that Microsoft has emerged with protected-level ASD certification, despite being located outside of Australia, with Alastair MacGibbon labelling the company a 'trusted' partner of government for many years.

Clouds from Microsoft, Google, Alibaba all booming, but they still can't touch Amazon (TechRepublic)

Every cloud vendor is targeting AWS, but they don't seem to be landing any blows. Does it matter, given the low-hanging fruit elsewhere in the market?

Editorial standards