Microsoft offers pathway to cloud for govt’s mission-critical apps
- 03 April, 2018 00:01
Microsoft Australia Azure engineering lead James Kavanagh and Canberra Data Centres CEO Greg Boorer.
Microsoft today officially launched the latest regions for its Azure cloud computing service: Australia Central 1 and Australia Central 2. The new Azure regions, based in Canberra, are designed to host the mission-critical applications of government departments and agencies as well as those of some of Australia’s most important private sector enterprises.
“Australia is one of the fastest growing cloud regions in the world,” Microsoft Australia’s Azure engineering lead, James Kavanagh, told a Canberra press briefing held last week ahead of today’s launch.
The new regions have been designed from the ground-up to cater to the needs of government and organisations in the energy, food, water, transport, communications, health, and banking and finance sectors.
Access to the new Azure regions will be restricted to Australian and New Zealand government customers, private- and public-sector operators of critical infrastructure, and their vetted technology partners.
Restrictions on the use of the new regions are enforced by an in-depth whitelisting process administered by Microsoft.
Microsoft last year foreshadowed the launch of the two new regions. The vendor in late 2014 launched its first two Australian Azure regions: Australia East and Australia Southeast.
All of the company’s Azure regions have “slightly different characteristics” to ensure they meet the needs of customers, Kavanagh said. “We have a philosophy of trying to innovate at a global level but listen locally and adapt to what we’re hearing,” he added.
The two new regions are squarely focused on the “mission critical applications of government and critical infrastructure,” he said.
The infrastructure to deliver the new Azure regions is located in facilities owned and operated by Canberra Data Centres. CDC offered the “best possible infrastructure” that Microsoft could find within Australia to host the new regions, Kavanagh said.
“Physical security, supply chain security, personnel security, are all addressed in these highly resilient data centres,” he said. CDC’s data centres are designed to meet the Australian government’s standards for hosting Top Secret data and are accredited for handling data classified at the Secret level.
The data centres are directly connected to the government’s ICON fibre network and already host hardware owned or operated on behalf of many of the biggest federal government departments.
Offering Azure from within CDC’s data centres gives government customers the option of directly connecting to Microsoft’s cloud from their own hardware, Kavanagh said.
Because CDC offers highly secure co-location options for government and private sector organisations, the new Azure regions offer a progressive cloud migration pathway, he added.
“The hardest problem in cloud is modernising a mission-critical application,” Kavanagh said. Modernising mission-critical applications “doesn’t happen overnight.”
“A bank could bring their mainframe system here, that they know they want to modernise, and could run that mainframe directly connected to the public cloud, progressively take workloads and functions off the mainframe, modernising into the cloud and at a point in time — in a year or two — remove the mainframe,” he said.
A government department will be able directly access its own co-located infrastructure and Microsoft’s Azure infrastructure through a single secure connection over ICON, Kavanagh said.
The two Azure sites run identical infrastructure and are located 10 kilometres apart, delivering resilience and network access over multiple fibre paths, but also offering the ability for active-active configurations.
Enterprises will be able access hosted private cloud, co-located infrastructure, public cloud and cloud applications “under one roof,” Kavanagh said. There is a “small premium” on some Azure services from the Canberra-based regions.
At launch, some 47 technology companies have been whitelisted to provide services leveraging the new Microsoft infrastructure. SAP, Telstra Health, AXON, DXC, Accenture, Dimension Data, Veritas, Citrix, and Leidos are among the launch partners named by Microsoft.
Although the regions are designed to handle unclassified but sensitive government data and data classified at the Protected level, the physical and personnel security have been implemented to the standards required for handling Secret information.
“Even though we serve Protected, we have physical security designed for Secret or higher,” Kavanagh said.
CDC’s CEO, Greg Boorer, said that all of data centre operator’s staff require Secret clearance. Its facilities are the only commercial buildings built to a Top Secret standard and the only commercial data centres with Secret accreditation, the CEO said.
The data centres’ design offers 2n redundancy, he added.
“It’s even better than that [implies] because it’s a very granular deployment of infrastructure… which means that we have far higher levels of resilience than even 2n configuration would provide and that delivers 100 per cent up-time,” Boorer said.
“We are the only commercial data centre operator in Australia that contracts to 100 per cent up-time and we have an impeccable history of delivering that level of service,” the CEO added.
ASD certification
Although Microsoft’s new services are built to handle Protected data, Kavanagh told Computerworld that the vendor is yet to have Protected services added to the Australian Signals Directorate’s Certified Cloud Services List (CCSL).
Currently, Microsoft has Azure services and Office 365 listed on the CCSL for use with unclassified but sensitive data (Unclassified DLM). Microsoft submitted the IRAP assessment required for listing at the Protected level around a year ago, Kavanagh told Computerworld.
“I am very, very confident that in short order we’ll get that but at this stage we’re waiting on ASD,” he said.
Update: The government has now accepted Microsoft's certification for handling Protected data.
The use of cloud services with Protected data doesn’t require a listing on the CCSL, although having a service on the list can make the associated risk assessment process easier for a government agency.
The government’s recently launched Secure Cloud Strategy called for increased use of cloud and noted that there were limitations to the ASD’s capacity to certify cloud services.
Kavanagh said that, in line with the strategy, when adopting cloud services agencies can perform their own risk assessments according to the government’s security standards.
“We’re actually working with quite a number of agencies to move forward even before that formal Protected certification comes through, and they’re doing that by doing their own risk assessment, their own certification on top of what we produced [for the IRAP assessment],” he told Computerworld.
Amazon Web Services last month detailed a favourable IRAP assessment of its Sydney region for the storage and processing of Protected data, but like Microsoft it is yet to see that assessment reflected on the CCSL.
The author traveled to Canberra as a guest of Microsoft.