The Australian Cyber Security Centre (ACSC) and the Digital Transformation Agency (DTA) have released new Cloud Security Guidance to support the secure adoption of cloud services across government and industry.
The Cloud Security Guidance aims guide government, cloud service providers (CSP) and Information Security Registered Assessors Program (IRAP) assessors on how to perform a comprehensive assessment of a cloud service provider and its services.
A risk-informed decision can then be made about a cloud service’s suitability to handle an organisation’s data.
Minister for Defence, Senator the Hon Linda Reynolds CSC said the new guidance, which has been co-designed with industry partners, will boost Australia’s cyber security resilience.
“The release of the new guidance coincides with today’s cessation of the Certified Cloud Services List (CCSL) which will open up the Australian cloud market, allowing more homegrown Australian providers to operate and deliver their services,” Reynolds said.
“This will provide opportunities for Commonwealth, State and Territory agencies to tap into a greater range of secure and cost-effective cloud services.”
Minister for Government Services, Stuart Robert said the ACSC and DTA worked closely with industry to develop the new guidelines.
“Having been co-designed with industry, this will help and guide organisations to assess the suitability of a range of secure and cost effective cloud service providers to securely handle their data and ultimately boost Australia’s cyber security resilience,” Minister Robert said.
In addition, the ACSC will grow and enhance the Information Security Registered Assessors Program (IRAP) to further support government and industry in implementing appropriate cloud security measures and increase their cyber security resilience.
Information relating to the new guidance can be found at www.cyber.gov.au/acsc/government/cloud-security-guidance.