Google latest cloud to be Australian government certified
The Google Cloud Platform has been added to the federal government’s Certified Cloud Services List (CCSL), allowing the search engine giant to provide cloud services to government agencies, up to an unclassified dissemination limiting marker (DLM) level.
The certification was handed out by the Australian Cyber Security Centre (ACSC), which took the responsibility off the Australian Signals Directorate earlier this year.
“Google sought entry into the certification program for hosting data classified up to Unclassified DLM. Because of this, Google was only assessed for this purpose,” head of the ACSC Alastair MacGibbon said.
“Protecting Australians from cyber threats is one of our greatest national security challenges. It’s important that we have rigorous standards for the management of our information.”
The ACSC’s decision certifies 16 Google Cloud Platform services and a physical datacentre located in Sydney, in categories including: Compute Engine, App Engine, and Kubernetes Engine for computing; Cloud Storage and Persistent Disk for storage; Virtual Private Cloud, Cloud Load Balancing, and Cloud DNS for networking; Cloud Key Management Service and Cloud IAM for security; Stackdriver where management is concerned; Cloud Dataflow, Cloud Dataproc, and Cloud Datalab for data analytics; and for databases, Cloud SQL and Cloud Datastore.
The CCSL now boasts 12 providers that can all store government data at the unclassified DLM level: Dimension Data, Macquarie Government, Microsoft, Sliced Tech, Vault Systems, Amazon Web Services, Dell Virtustream, Education Services Australia, IBM, Salesforce, and ServiceNow.
However, only five of these vendors are certified at a protected level, which is currently the highest security level approved by the federal government.
NTT-owned Dimension Data was then accredited to provide protected-level cloud services to Australian government entities despite being an international company, and one with datacentres outside of the country.
Microsoft was the fifth and final vendor to appear on the CCSL in a protected capacity, receiving accreditation in April for its “government-configured” clouds to be used for Australian government data classified up to that level. But unlike all previous such certifications, Microsoft’s certifications were provisional, and came with what the ASD called “consumer guides”.
During Senate Estimates earlier this year, MacGibbon was asked if there had been any negative feedback received regarding Microsoft, with the committee pointing to concerns over the legitimacy of Microsoft’s accreditation.
MacGibbon in May defended the government’s decision to hand conditional protected-level certification out to Microsoft, saying he was confident the data on Australians is safe in the hands of Microsoft despite the Washington-headquartered company having staff scattered around the globe.
Google Cloud landed in Australia in July last year.
After Microsoft’s contentious addition to the Certified Cloud Services List, the Australian Signals Directorate has revealed it is working with another seven companies interested in providing cloud services to government.
DTA is the first government entity to move to Microsoft’s secure cloud environment after it received accreditation in April.
Spruiking a public cloud-first approach, the Australian government has lifted the lid off its new Secure Cloud Strategy.
Platform providers lack adequate support resources for developers, according to an Accenture report.
Google Cloud Platform: A cheat sheet (TechRepublic)
This comprehensive guide covers the history of Google Cloud Platform, the products and services GCP offers, and where it fits in the overall cloud market.