Dell Virtustream is the latest global player to secure a spot on the Australian Signals Directorate's (ASD) Certified Cloud Services List (CCSL).
As a result of the listing, the Dell Technologies-owned company is now able to host unclassified dissemination limiting marker (DLM) government information on its local Dell Virtustream Cloud.
Virtustream joins Amazon Web Services (AWS), Education Services Australia, IBM, Macquarie Government, Microsoft, Salesforce, ServiceNow, Sliced Tech, and Vault Systems in offering Unclassified DLM classification.
Sliced Tech and Vault Systems received protected-level certification for their respective cloud services in March last year, currently the highest security level approved by the ASD CCSL.
The companies were joined in September by Macquarie Government, part of the Macquarie Telecom Group, in receiving "protected" level accreditation; NTT-owned Dimension Data in February; and then Microsoft in April for its Office 365 platform and specific Azure services.
Microsoft's accreditation was last week probed during Senate Estimates, with Australia's Cyber Coordinator Alastair MacGibbon, facing the committee in his policy capacity that reports to the Secretary of the Department of Home Affairs, defending the Australian government's decision to give the Washington headquartered company a spot on the protected-level list.
MacGibbon was asked whether the information stored on the Australian instance of the Microsoft Azure Cloud will be able to be accessed by overseas staff, as a requirement of the CCSL is that the data be accessed only in Australia.
"I am satisfied that Microsoft Azure, in its protected form as certified by the Signals Directorate -- or the Australian Cyber Security Centre within the Signals Directorate -- will be stored in Australia," MacGibbon said.
"Data can reside anywhere in the world, you can demand data stay in Australia but it doesn't always make it more secure that it's in a particular geography ... it's good that we hold data in Australia, that means that data comes under Australian law, that means that agencies and others have more access to it and other country's agencies theoretically don't have access to that data."
MacGibbon, refusing to answer specifically if Microsoft staff overseas could access data located in Australia, said he is satisfied that the Microsoft staff that will have access to data will be "appropriately cleared".
When asked if the ASD requires the provider to be based in Australia to be CSSL approved, MacGibbon said "not necessarily".
"It depends on the architecture and it depends on the mitigations in place in an architecture, and the policies and procedures -- it's important that I clarify it -- therefore it's not as black and white as some people would portray it," he said.
Dell Australia made its annual financial results available to the Australian Securities and Investments Commission this week, reporting after-tax profit of AU$52.4 million, on revenue of AU$347.7 million.
The local arm of Dell paid AU$22.8 million in tax last year, partially settling its outstanding ATO bill.
PREVIOUS AND RELATED COVERAGE
Senators are concerned that Microsoft has emerged with protected-level ASD certification, despite being located outside of Australia, with Alastair MacGibbon labelling the company a 'trusted' partner of government for many years.
When you have most of the cyber talent in the public service, why should you defer to an agency without a cybersecurity team?
A prime minister that understands the seriousness of cybersecurity combined with cross-government and public-private information sharing initiatives has sent Australia to the fore, according to Minister for Law Enforcement and Cyber Security Angus Taylor.
A new report from Commvault shows that IT executives are concerned about missing out on cloud advancements in their business.