The Australian Cyber Security Centre (ACSC) and the Digital Transformation Agency (DTA) has released new Cloud Security Guidance to support the secure adoption of cloud services across government and industry.

The new guidelines, post the expiry of the Cloud Services Certification Programme, cover a range of assessment criteria, including the physical security of public cloud data centers, data protection, and other cloud security controls.

Linda Reynolds, Australia’s Minister of Defense, is of the view that the new guidelines that were co-designed with industry partners will help boost Australia’s cybersecurity resilience.

“The release of the new guidance coincides with today’s cessation of the Certified Cloud Services List [CCSL], which will open up the Australian cloud market, allowing more homegrown Australian providers to operate and deliver their services,” Reynolds said. “This will provide opportunities for commonwealth, state and territory agencies to tap into a greater range of secure and cost-effective cloud services,” she added.

“The new guidelines will help and guide organizations to assess the suitability of a range of secure and cost-effective cloud service providers to securely handle their data and ultimately boost Australia’s cybersecurity resilience,” said Stuart Robert, Australia’s Minister of Government Services.

The ACSC also contributes to the advancement of the Information Security Registered Assessors Programme (IRAP) that will help the government and industry in implementing appropriate cloud security measures.

Recently, in July 2020, Amazon Web Services (AWS) successfully completed its third protected-level IRAP evaluation for its Asia Pacific Sydney area and now has 92 protected services for the area.

Amazon Web Services (AWS) has released documentation to help plan, architect, and self-assess systems built on AWS to help agencies navigate these new requirements.

Country Director of AWS Public Sector in Australia and New Zealand, Iain Rouse, said the changes to the Cloud Services Certification Programme create an opportunity for Australian government agencies to strengthen their secure cloud skills, knowledge, and resources to foster ongoing innovation.

“AWS provides government customers with the most comprehensive set of security services and features to help them protect and secure their data. Australian organizations in the AWS Partner Network are ready to play their part in accelerating digital innovation across Australian government agencies,” he added.

Accepting newly released guidelines

Macquarie Government Managing Director, Aidan Tudehope, said that although the company was not happy with the verdict to discontinue the CCSL certification regime, it accepted the new guidelines with a positive approach.

At the beginning of July 2020, Robert said that the government should decide that such government datasets should be proclaimed sovereign and would only be hosted in Australia at an approved local data center, through Australian networks and only open to government and Australian service providers.