Menu
Menu
Microsoft goes for government with Azure

Microsoft goes for government with Azure

Reveals independent ISM compliance assessment for local cloud services

As the official launch of Microsoft's local region for its Azure cloud computing approaches, the vendor has announced the completion of an Industry Security Registered Assessors Program (IRAP) audit.

The successful completion of a four-month-long security compliance assessment by Foresight Consulting in line with the government's Information Security Manual (ISM) and Protective Security Policy Framework means the service has been certified for handling so-called unclassified but sensitive information.

Microsoft Australia chief security advisor James Kavanagh said that the certification should streamline the process for government agencies that want to use Azure services.

"People have been undertaking these kinds of processes themselves to a certain extent," Kavanagh said.

"It is a requirement in federal government, Victorian government, if you're in sensitive areas of other state governments, that you undertake this kind of process and so [agencies have] been doing it themselves.

"This is the first time that we're aware of where a public cloud provider has undertaken this work according to the correct process with an independent assessor and has offered to provide those letters of compliance and reports of compliance to customers."

Foresight Consulting's audit of Azure's security controls covered its virtual machines, storage services, virtual network services, Azure SQL DB, Azure Active Directory, and Azure's physical infrastructure including its Australian data centre facilities.

The two-stage assessment looked at whether Azure implemented ISM-compliant security controls and whether those security controls were operating effectively.

"The bar that we've reached in terms of the federal government requirements is a really high bar," Kavanagh said.

He added that the process meant that maybe "80 per cent" of the work government IT teams would have to do in terms of compliance before using Azure has now been done for them.

At the start of September Microsoft said it was preparing to provide Azure services from within Australia within "a matter of months".

The company said in May last year that it would roll out two new Australian subregions for its cloud services. The data centres for the service are located in New South Wales and Victoria.

Follow Rohan on Twitter: @rohan_p

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the CIO newsletter!

Error: Please check your email address.

More about ForesightISMMicrosoft

Show Comments

Market Place

Computerworld
ARN
Techworld
CMO