Two of Australia’s top cyber institutions have released a new Cloud Security Guidance, which provides information about the secure adoption of cloud services across government and industry. The news comes on the back of growing concerns about Australia’s cyber capabilities and a changing strategic environment.
The report was published jointly by the Australian Cyber Security Centre (ACSC) – an ASD division, and the government's lead cyber agency – and the Digital Transformation Agency (DTA), which in turn provides strategic leadership on whole-of-government and shared ICT and digital services.
This builds on the successful completion of the Cloud Services Certification Program (CSCP) and the associated Certified Cloud Services List.
Developed in collaboration with leading industry bodies and experts, the new Cloud Security Guidance supports the secure adoption of cloud services across both government and industry and the protection of sovereign information, by allowing individuals and businesses alike to easily assess the security of cloud services.
In addition, the ACSC will grow and enhance the Information Security Registered Assessors Program (IRAP) to further support government and industry in implementing appropriate cloud security measures and increase their cyber security resilience.
The Cloud Security Guidance is supported by forthcoming updates to the Australian government Information Security Manual (ISM), the Attorney-General’s Protective Security Policy Framework (PSPF), and the DTA’s Secure Cloud Strategy.
Minister for Defence Linda Reynolds said that the new initiative is certain to boost Australia’s cyber security resilience.
“The release of the new guidance coincides with today’s cessation of the Certified Cloud Services List which will open up the Australian cloud market, allowing more homegrown Australian providers to operate and deliver their services,” Minister Reynolds said.
“This will provide opportunities for Commonwealth, state and territory agencies to tap into a greater range of secure and cost-effective cloud services.”
Her comments were mirrored by Minister for Government Services Stuart Robert, who emphasised the public-private interface that contributed to the new guidelines.
“Having been co-designed with industry, this will help and guide organisations to assess the suitability of a range of secure and cost effective cloud service providers to securely handle their data and ultimately boost Australia’s cyber security resilience,” Minister Robert said.