What is a PROTECTED cloud?
A PROTECTED cloud is a cloud computing service that has been assessed by the Australian Signals Directorate (ASD) to meet the security standards required for handling classified information by Australian government agencies.
The DTA requires all classified:PROTECTED (and whole-of-government) data to be hosted in a Certified Strategic or Certified Assured Data Centre.
Security Requirements for PROTECTED cloud in Australia.
To be considered a PROTECTED cloud, a cloud service provider must meet a number of stringent security requirements. These requirements include compliance with the Australian Government Information Security Manual (ISM), which outlines the security protocols and policies that must be followed by government agencies to ensure the confidentiality, integrity, and availability of government information.
Some of the key security requirements that a cloud service provider must meet to be considered a PROTECTED cloud include:
- Physical security: The cloud service provider must have a secure facility that is physically protected against unauthorized access, theft, and damage. This includes controls such as access controls, surveillance, and environmental controls.
- Personnel security: The cloud service provider must have stringent personnel security controls in place, including background checks and ongoing security training for staff.
- Network security: The cloud service provider must have robust network security controls in place to protect against unauthorized access, intrusion, and denial-of-service attacks.
- Application security: The cloud service provider must have rigorous application security controls to protect against vulnerabilities and attacks, such as SQL injection and cross-site scripting.
- Data security: The cloud service provider must have strong data security controls to protect against unauthorized access, theft, and data leakage. This includes encryption, data backup, and data loss prevention measures.
- Incident response: The cloud service provider must have robust incident response procedures in place to respond quickly and effectively to security incidents and breaches.
- Compliance: The cloud service provider must comply with all relevant laws, regulations, and standards related to information security, data privacy, and data protection.
- Auditing and reporting: The cloud service provider must provide regular auditing and reporting to ensure that all security controls are working effectively and to provide transparency to government agencies.
Once a cloud service provider has met all of these security requirements, it can engage an assessment under the Infosec Registered Assessors Program (IRAP) . This involves a rigorous assessment of the cloud service provider’s security controls, policies, and procedures, as well as ongoing monitoring and auditing to ensure ongoing compliance with the security standards.
For Australian government agencies, using a PROTECTED cloud service can provide a number of benefits, including increased security, scalability, and flexibility. By using a cloud service provider that has been certified as PROTECTED, government agencies can be assured that their data and applications are being stored and processed in a secure and reliable environment that meets the highest standards of security. This can help to reduce the risk of data breaches, theft, and other security incidents, as well as improve the efficiency and effectiveness of government operations.
Get in touch with us.
Macquarie Government PROTECTED cloud sits behind physical and logical defence-in-depth layers combined with round the clock active threat monitoring by AGSVA cleared government security specialists. If you are interested in learning more about how a PROTECTED cloud can improve your security posture, get in touch using the form below.