​DTA shifts to Microsoft's protected cloud

DTA is the first government entity to move to Microsoft's secure cloud environment after it received accreditation in April.

The Digital Transformation Agency (DTA) is the first department to take up Microsoft's secure cloud, after the tech giant received the tick of approval for its "government-configured" clouds to be used for Australian government data classified up to that level from the Australian Signals Directorate (ASD) in April.

The DTA said it will shift its day-to-day operations onto Microsoft's Office 365 at protected level by the end of the year, having already conducted trials of the technology with 20 DTA staff.

"The move towards cloud-based services is a core component of the government's digital transformation agenda, and the DTA's early adoption will serve as a 'proof point' for other agencies also seeking to harness the benefits cloud systems can deliver," the agency wrote in a statement.

The DTA expects that the change will result in improved functionality and productivity, as moving workloads to the protected cloud will allow work to be performed in one place, regardless of security classification.

The old arrangements required staff to maintain two separate email accounts, as well as separate logins, passwords, and calendars, the DTA explained.

"In addition to increased productivity, the scalability of cloud services and the reduced maintenance costs associated with traditional on-premises systems will produce cost savings for the agency," it added.

Microsoft was the fifth and final vendor to appear on the CCSL in a protected capacity, with the honour extended to Sliced Tech, Vault Systems, Macquarie Government, and Dimension Data already.

But unlike all previous such certifications, Microsoft's certifications were provisional, and came with what the ASD called "consumer guides".

The legitimacy of Microsoft's accreditation came under fire a month later during Senate Estimates where Australia's Cyber Coordinator Alastair MacGibbon defended the government's decision to hand conditional protected-level certification out to Microsoft, saying he was confident the data on Australians is safe in the hands of Microsoft, despite the Washington-headquartered company having staff scattered around the globe.

According to Microsoft, the solution -- developed in partnership with the DTA, the Department of Prime Minister and Cabinet, and Microsoft partner Delivery Quality Assurance -- has potential for use not just by the agency itself, but for similar sized agencies across government.

Access to the platform will also be provided to staff from other agencies working with the DTA on transformational initiatives, including on the digital identity program.

The federal government has decided to take the hosting element of its digital identification play, Govpass, in-house, ending the contract with Vault Systems as a result.

A spokesperson for the DTA told ZDNet earlier this month that Vault Systems, operating as the wholesale provider for Gulanga, was engaged for a period of 12 months and that the contract has since lapsed.

Vault was charged from January 2017 with providing a hosting environment for the digital identity system prototypes.

RELATED COVERAGE

Commonwealth pushes public cloud by default

Spruiking a public cloud-first approach, the Australian government has lifted the lid off its new Secure Cloud Strategy.

Seven cloud vendors lining up for government security clearance

After Microsoft's contentious addition to the Certified Cloud Services List, the Australian Signals Directorate has revealed it is working with another seven companies interested in providing cloud services to government.

Home Affairs denies Microsoft in breach of Signals Directorate conditions

Senators are concerned that Microsoft has emerged with protected-level ASD certification, despite being located outside of Australia, with Alastair MacGibbon labelling the company a 'trusted' partner of government for many years.

Microsoft cloud cybersecurity attacks up 300% in last year, report says (TechRepublic)

In volume 22 of Microsoft's Security Intelligence Report, the Redmond giant outlined some of the biggest cyberthreats facing its users.