Share this article
Our client is a large Federal Government agency with a national footprint who is trusted to safeguard information regarding the majority of Australians. As the agency evolves and migrates their technology to the cloud, they need a plan to ensure their cloud architecture is ready for the storage and processing of PROTECTED classified information.
Tesserent, one of Australia's largest Cyber Security company, was engaged by the agency to identify the processes, resources and capabilities required to uplift their cloud environments to PROTECTED.
We worked with a large cross-section of stakeholders including the agency’s Information Systems security, cloud engineering and cloud operations teams to understand and analyse the agency’s current systems and processes to design, implement, authorise and sustain cloud-based systems for PROTECTED classified information.
A key driver being the need for common standards for the encryption of the agency’s information in cloud-hosted systems and implementation of automated credential rotation in production environments.
We assessed these existing systems and processes against the Information Security Manual (ISM), Protective Security Policy Framework (PSPF), Digital Transformation Agency (DTA) blueprints, cloud service provider (CSP) best-practice guidance and our own expertise in cloud computing and sensitive Federal Government systems.
Throughout our analysis, we considered each finding through the lens of the agency’s legislation, which applies extremely strict controls on how the agency’s information is collected, stored and used and presents a unique challenge in the use and authorisation of cloud for PROTECTED information. Guided by the principle that using cloud services for sensitive information is based on a clear understanding of both the potential benefits and risks, we focused on providing accurate and actionable information to inform strategic risk-based decision making.
Tesserent delivered a clear and actionable roadmap for the agency’s cloud and security experts that defined two high-level lines of effort:
- Engineering the cloud for PROTECTED
- Assessing and authorising the cloud for PROTECTED
Within these lines of effort, we detailed necessary technology, policy, and process changes and defined the key skills, resources, dependencies, and timeframes needed to implement these changes across the agency’s cloud services and identified the agency stakeholders responsible and accountable for the successful delivery of the overall program. Working with Tesserent has provided the agency with a scalable, consistent, and sustainable strategic program to develop, implement, authorise and monitor cloud services for PROTECTED.
Speak with a Tesserent
Tesserent is a full-service cybersecurity and secure cloud services provider, partnering with clients from all industries and all levels of government. Let’s talk.