Ticks off a few compliance items prior to launch.
Microsoft has moved to win the favour of Australian government agencies by volunteering to have its Azure cloud service assessed against the Australian Signals Directorate's information security manual (ISM).
Microsoft employed ASD-accredited assessor Foresight Consulting to complete an Industry Security Registered Assessors Program (IRAP) compliance assessment (i.e. audit) of Azure for storage and transmission of unclassified data by Australian Government agencies.
The IRAP is an ASD initiative which allows experts in the private sector to provide cyber security assessments to Australian government agencies based on checklists in the ASD's information security manual, which is updated annually.
The scope of Foresight Consulting's four-month audit covered the physical data centres, the processes used by Microsoft’s IT operations team, plus a set of products including Azure Virtual Machines, Cloud Services, Storage Services, Virtual Network, Azure SQL DB and Azure Active Directory.
Foresight assessor Peter Baussmann first compared Azure's system architecture and information security documentation against all applicable controls recommended in the ISM, and further checked that these controls were implemented and operating effectively in a functioning system.
The assessment covered 'unclassified' data up to but not including data classified 'top secret'. Read the full story by itnews at: http://www.itnews.com.au/News/396470,microsoft-crowns-azure-ready-for-aus-govt-workloads.aspx#ixzz3FQTN4fBX