The federal government has certified the first four cloud service providers that are capable of storing protected public sector data under the new hosting certification framework.
Amazon Web Services, Vault Cloud, Sliced Tech and AUCloud received approval from the Digital Transformation Agency on Thursday as the first tranche of “certified strategic” cloud vendors.
A Certified Strategic Entity is the highest level of assurance within the structure, requiring hosting providers and data centres to allow the government to determine the terms of ownership and control.
The lesser certification is a “Certified Guaranteed Hosting Provider” —a minimum fee for data centres and managed service providers looking to host secure tier data or nationwide systems.
All data at the protected level and data from general government systems must now be stored in certified guaranteed or certified strategic data centres.
The four cloud providers join seven data centre providers – or “direct” government providers – that have already been certified at the strategic level.
Canberra Data Centres, Macquarie Telecom and Australian Data Centres were the first to gain coveted status in June, followed by NextDC, Equinix and Fujitsu in August.
DTA does not yet certify service providers or data centres with the lower Certified Assured certification level.
Panellists working on the government’s datacentre design were the first to qualify for certification in April, while “intermediate” providers such as cloud service providers began applying in September.
In a statement, AWS A / NZ Public Sector Director Iain Rouse said the certification would give confidence to government agencies that use its services and allow them to continue to innovate.
“AWS is very sensitive to the security needs of our customers in every location we operate,” he said.
“We know how important it is to mitigate risk in supply chains and data centres, and we understand that agencies need to identify and source technology from vendors they trust.
“AWS certification … reinforces our ongoing commitment to meet the highest digital security standards and means that Australian citizens now have even greater confidence that the government is protecting their data.
AUCloud CEO Phil Dawson said the certified strategic certification highlighted the company’s credentials as a “sovereign cloud provider” in support of the government.
He said this, combined with AUCloud’s investment in security, shows that the government can manage “mission-critical homeland security environments with complete confidence.”
“AUCloud’s security capabilities outperform Australian best practices for classifying data down to secure,” added Dawson.
Vault Cloud CEO Rupert Taylor-Price said that after years of investing in government-level security, “the additional authority and assurance provided in supply chains is a positive step in government data risk management.”
