The federal government has certified the first four cloud service providers able to hold protected-level public sector data under its new hosting certification framework.
Amazon Web Services, Vault Cloud, Sliced Tech and AUCloud received sign-off from the Digital Transformation Agency as the first tranche of ‘certified strategic’ cloud providers on Thursday.
Certified strategic is the highest level of assurance under the framework, and requires hosting providers and data centres to allow the government to specify ownership and control conditions.
The lesser certification is ‘certified assured hosting provider’ – the minimum buy-in for data centre and managed service providers wanting to host protected-level data or government-wide systems.
All protected-level data and data from whole-of-government systems is now required to be stored in either certified assured or certified strategic data centres.
The four cloud providers join seven data centre providers – or ‘direct’ providers to government – that have already been certified to the strategic level.
The DTA is yet to certify any service providers or data centres at the lesser certification level of certified assured.
Panellists on the government’s data centre arrangement were the first to become eligible for certification in April, while ‘indirect’ providers like cloud providers began applying in September.
In a statement, AWS’ A/NZ public sector director Iain Rouse said the certification would give the government agencies that use its services confidence and allow them to continue innovating.
“AWS is highly sensitive to the security needs of our customers in every location in which we operate,” he said.
“We know how important it is to [government] to mitigate risks in supply chains and data centres, and we understand that agencies need to identify and source technology from providers they trust.
“AWS’ certification... reinforces our ongoing commitment to meet the highest standards of digital security and means Australian citizens now have even greater confidence that the government is securing their data.
AUCloud managing director Phil Dawson said the certified strategic certification highlighted the company’s credentials as a “sovereign cloud provider” supporting the government.
He said that this, combined with AUCloud’s investment in security, demonstrates government can operate “mission critical national security environments with complete confidence”.
“AUCloud’s security capabilities exceed Australian best practice for data classification up to protected,” Dawson added.
Vault Cloud CEO Rupert Taylor-Price said that after investing in government grade security over many years, the "additional goverance and assurance that the [framework] provides over supply chains is a positive step in the government managing risks to data".