AWS can now carry protected Australian govt data

Amazon Web Services is now the second hyperscale cloud provider to be certified to carry protected Australian government data, ending Microsoft’s nine-month advantage in that space.

The company said in a statement that it had achieved protected security classification for the AWS Sydney region.

“The accreditation awarded to the AWS Sydney region to run and store protected security classification workloads in Australia is a major milestone for our existing customers and paves the way for others who may have been waiting for this certification in order to begin their cloud journey on AWS,” the provider’s worldwide public sector regional managing director Peter Moore said.

Australian Cyber Security Centre head Alastair MacGibbon said 42 AWS services could be used for protected data.

MacGibbon also said that an “additional four services” provided by AWS could now also carry unclassified data.

Moore said he expected the ability to carry protected level data to provide a boost to AWS partners.

This has similarly occurred for Microsoft. In Microsoft’s case, a small ecosystem of partners emerged to create security controls and mitigations that enabled agencies to use protected Azure or Office 365 with some level of comfort.

Both AWS and Microsoft's protected certifications come with advice that "agencies must configure in line with the guidance in the ACSC certification report and consumer guide."

This is likely a reference to additional security controls that agencies must implement when consuming public cloud services for protected level data.

Microsoft's meeting of those requirements was conducted in the public spotlight, most likely because it was the first hyperscale operator to go through the process.