Amazon Web Services (AWS) has received certification from the Australian Cyber Security Centre (ACSC), allowing the cloud behemoth to provide storage for highly sensitive government workloads out of its AWS Asia Pacific (Sydney) Region.
Protected-level certification is currently the highest security level approved by the federal government.
The company has been given the green light for 42 AWS services at this level, including compute, storage, network, database, security, analytics, application integration, management, and governance.
See also: AWS re:Invent 2018: A guide for tech and business pros (free PDF)
Head of the ACSC Alastair MacGibbon said AWS has also been certified for an additional four services to AWS' existing unclassified dissemination limiting marker (DLM) Certified Cloud Services List (CCSL) offering.
"This provides Australian government agencies assurance that these services meet stringent Australian government security requirements," MacGibbon said.
The Digital Transformation Agency (DTA) is already using AWS to deliver its cloud-based platform for hosting website applications, cloud.gov.au.
The CCSL boasts 13 providers that can all store government data at the unclassified DLM level: AWS, Dell Virtustream, Dimension Data, Education Services Australia, Google, IBM, Macquarie Government, Microsoft, Rackspace, Salesforce, ServiceNow, Sliced Tech, and Vault Systems.
However, only six of these vendors are also certified at a protected level.
NTT-owned Dimension Data was then accredited to provide protected-level cloud services to Australian government entities despite being an international company, and one that has data centres outside of the country.
Microsoft was the fifth vendor to appear on the CCSL in a protected capacity, receiving accreditation in April for its "government-configured" clouds to be used for Australian government data classified up to that level. But unlike the previous certifications of its kind, Microsoft's certifications were provisional and came with what the ASD called "consumer guides".
CCSL certification from the ACSC -- a task previously performed by the Australian Signals Directorate -- is based on what the federal government has defined in Australia's Protective Security Policy Framework (PSPF) and Information Security Manual (ISM).
"The accreditation awarded to the AWS Sydney Region to run and store protected security classification workloads in Australia is a major milestone for our existing customers and paves the way for others who may have been waiting for this certification in order to begin their cloud journey on AWS," AWS Asia Pacific regional managing director of Worldwide Public Sector Peter Moore said on Thursday.
AWS CISO told ZDNet that security is job zero for the cloud behemoth.
After Microsoft's contentious addition to the Certified Cloud Services List, the Australian Signals Directorate has revealed it is working with another seven companies interested in providing cloud services to government.
Spruiking a public cloud-first approach, the Australian government has lifted the lid off its new Secure Cloud Strategy.
Senators are concerned that Microsoft has emerged with protected-level ASD certification, despite being located outside of Australia, with Alastair MacGibbon labelling the company a 'trusted' partner of government for many years.
Every cloud vendor is targeting AWS, but they don't seem to be landing any blows. Does it matter, given the low-hanging fruit elsewhere in the market?