What is a PROTECTED cloud?

March 30 2023, by James Rabey | Category: Government

A PROTECTED cloud is a cloud computing service that has been assessed by the Australian Signals Directorate (ASD) to meet the security standards required for handling classified information by Australian government agencies.

The DTA requires all classified:PROTECTED (and whole-of-government) data to be hosted in a Certified Strategic or Certified Assured Data Centre.

Security Requirements for PROTECTED cloud in Australia.

To be considered a PROTECTED cloud, a cloud service provider must meet a number of stringent security requirements. These requirements include compliance with the Australian Government Information Security Manual (ISM), which outlines the security protocols and policies that must be followed by government agencies to ensure the confidentiality, integrity, and availability of government information.

Some of the key security requirements that a cloud service provider must meet to be considered a PROTECTED cloud include:

  • Physical security: The cloud service provider must have a secure facility that is physically protected against unauthorized access, theft, and damage. This includes controls such as access controls, surveillance, and environmental controls.
  • Personnel security: The cloud service provider must have stringent personnel security controls in place, including background checks and ongoing security training for staff.
  • Network security: The cloud service provider must have robust network security controls in place to protect against unauthorized access, intrusion, and denial-of-service attacks.
  • Application security: The cloud service provider must have rigorous application security controls to protect against vulnerabilities and attacks, such as SQL injection and cross-site scripting.
  • Data security: The cloud service provider must have strong data security controls to protect against unauthorized access, theft, and data leakage. This includes encryption, data backup, and data loss prevention measures.
  • Incident response: The cloud service provider must have robust incident response procedures in place to respond quickly and effectively to security incidents and breaches.
  • Compliance: The cloud service provider must comply with all relevant laws, regulations, and standards related to information security, data privacy, and data protection.
  • Auditing and reporting: The cloud service provider must provide regular auditing and reporting to ensure that all security controls are working effectively and to provide transparency to government agencies.

Once a cloud service provider has met all of these security requirements, it can engage an assessment under the Infosec Registered Assessors Program (IRAP) . This involves a rigorous assessment of the cloud service provider’s security controls, policies, and procedures, as well as ongoing monitoring and auditing to ensure ongoing compliance with the security standards.

For Australian government agencies, using a PROTECTED cloud service can provide a number of benefits, including increased security, scalability, and flexibility. By using a cloud service provider that has been certified as PROTECTED, government agencies can be assured that their data and applications are being stored and processed in a secure and reliable environment that meets the highest standards of security. This can help to reduce the risk of data breaches, theft, and other security incidents, as well as improve the efficiency and effectiveness of government operations.

Get in touch with us.

Macquarie Government PROTECTED cloud sits behind physical and logical defence-in-depth layers combined with round the clock active threat monitoring by AGSVA cleared government security specialists. If you are interested in learning more about how a PROTECTED cloud can improve your security posture, get in touch using the form below.

Get in touch.

1800 004 943

Enquiry Sent.

Thank you for contacting us. Our specialists will get in touch with you shortly.

From the Blogs.

Essential Eight and Legacy Systems

In the many discussions I’ve had with our agency customers around their efforts to implement Essential Eight security, the most common obs...

Read More

Sovereign Cloud and AI: Where do I want ...

In 2006, Clive Humbly coined the term, “Data is the new oil.” Today, data and the significance of where and how it is stored, processed,...

Read More

Safeguarding Against Cyber Supply Chain ...

The recent cyber-attack on XZ Utils, a popular software used for file compression, underscores the escalating threat landscape targeting sof...

Read More