The federal government has added Rackspace to its Certified Cloud Services List (CCSL), allowing the company to provide cloud services to government agencies, up to an unclassified dissemination limiting marker (DLM) level.
The Rackspace DHE environment in Australia consists of three data halls in Sydney, with acting head of the Australian Cyber Security Centre (ACSC) Lynn Moore explaining that one of the company's data halls -- data hall 140 -- meets the required physical security for hosting Unclassified DLM data and is recommended for Commonwealth entities to use.
The decision by the ACSC certifies Rackspace to provide customers with a dedicated virtualised or physical compute Infrastructure as a Service (IaaS) or Platform as a Service (PaaS).
Rackspace is the second addition to the CCSL in as many months, with Google also handed unclassified DLM status in December.
The CCSL now boasts 13 providers that can all store government data at the unclassified DLM level: Amazon Web Services, Dell Virtustream, Dimension Data, Education Services Australia, Google, IBM, Macquarie Government, Microsoft, Rackspace, Salesforce, ServiceNow, Sliced Tech, and Vault Systems.
However, only five of these vendors are also certified at a protected level, which is currently the highest security level approved by the federal government.
Local vendors Sliced Tech and Vault Systems were the first to receive protected status and were shortly followed by Macquarie Government, part of the Macquarie Telecom Group.
NTT-owned Dimension Data was then accredited to provide protected-level cloud services to Australian government entities despite being an international company, and one with data centres outside of the country.
Microsoft was the fifth and final vendor to appear on the CCSL in a protected capacity, receiving accreditation in April for its "government-configured" clouds to be used for Australian government data classified up to that level. But unlike all previous such certifications, Microsoft's certifications were provisional, and came with what the ASD called "consumer guides".
During Senate Estimates last year, head of the ACSC Alastair MacGibbon was asked if there had been any negative feedback received regarding Microsoft, with the committee pointing to concerns over the legitimacy of Microsoft's accreditation.
MacGibbon in May defended the government's decision to hand out conditional protected-level certification to Microsoft, saying he was confident the data on Australians is safe in the hands of Microsoft despite the Washington-headquartered company having staff scattered around the globe.
CCSL certification from the ACSC -- a task previously performed by the Australian Signals Directorate -- is based on what the federal government has defined in Australia's Protective Security Policy Framework (PSPF) and Information Security Manual (ISM).
By announcing that Rackspace has received certification, Moore highlighted that third-party solutions built on ACSC Certified Cloud Services do not automatically inherit ACSC certification.
"The ACSC does not assess third-party solutions and therefore cannot confirm if their security meets Australian government standards," she said.
"The ACSC recommends that organisations considering third-party solutions built on ACSC certified cloud services perform their own independent security assessment, certification and accreditation activities to determine if the solution or service meets their business and security needs."
Seven cloud vendors lining up for government security clearance
After Microsoft's contentious addition to the Certified Cloud Services List, the Australian Signals Directorate has revealed it is working with another seven companies interested in providing cloud services to government.
DTA shifts to Microsoft's protected cloud
DTA is the first government entity to move to Microsoft's secure cloud environment after it received accreditation in April.
Commonwealth pushes public cloud by default
Spruiking a public cloud-first approach, the Australian government has lifted the lid off its new Secure Cloud Strategy.
Clouds from Microsoft, Google, Alibaba all booming, but they still can't touch Amazon(TechRepublic)
Every cloud vendor is targeting AWS, but they don't seem to be landing any blows. Does it matter, given the low-hanging fruit elsewhere in the market?
Hybrid cloud: A cheat sheet (TechRepublic)
This comprehensive guide covers the common use cases, technical benefits and limitations, and what to know for adopting hybrid cloud in your organization.