Macquarie Government: Providing Australia’s Federal Agencies with the Cloud and Security Solutions They Need to Safeguard the Most Sensitive Data

With five state-of-art data centers located in the Sydney and Canberra metropolitan areas, including a facility created to manage cloud applications and data that require PROTECTED, SECRET and higher classifications, Macquarie Government, as part of the ASX listed Macquarie Telecom Group, was one of the first companies to provide sovereign IT services to Australia’s government agencies. It’s a journey that began nearly a decade ago when it became the first Australian cloud to be certified by the Australian Signals Directorate (ASD). Today, 42% of the nation’s federal agencies rely on Macquarie Government’s cloud solutions and services to address the most stringent security and sovereignty requirements.

We recently connected with Aidan Tudehope, managing director of Macquarie Government, to see what he believes is driving the demand for more sovereign cloud services and to learn what it means for the company to have earned the VMware Sovereign Cloud distinction. We also took the opportunity to see what he sees as the greatest misconception about data sovereignty.

“We have been championing the importance of sovereign clouds for more than a decade,” says Tudehope. “Earning the VMware Sovereign Cloud distinction is an important validation of our message, particularly given our close partnership with VMware for so many years.”

Tudehope notes that in addition to offering a wide range of VMware Cloud Verified services, the company’s private cloud offerings, including its OFFICIAL Cloud, a robust private cloud designed for non-classified workloads, and its PROTECTED Cloud – a high-security cloud built for the Australian government in Macquarie Government’s secure gateway – are all built on VMware technologies.

“Our customers use and trust VMware,” he says. “When they use our clouds built on VMware technologies they can still use the tools they are familiar with to safely deploy workloads containing sensitive information for Australia’s government agencies and citizens into the cloud without losing sovereign control. Another benefit of being based on VMware technology is that it is far easier for agencies to migrate, deploy or extend workloads into the cloud, or alternatively to move data back-and-forth with consistent information security controls already applied. This reduces the time and effort that otherwise would be required to have their cloud deployments assessed by the Infosec Registered Assessors Program.”

In Australia, government agencies are required to host data classified as “PROTECTED” or above in a facility with the highest level of certification. It’s a requirement that also applies to all “whole of government systems” provided or used by numerous agencies. Macquarie Government was one of the first companies to be certified “strategic”, the highest level of certification, and the only company to have this certification for both it’s cloud and datacentre offerings.

Macquarie Government also created Australia’s first purpose-built cloud exchange designed specifically for federal agencies. Coupled with a security layer, it enables government agencies to implement a multi, hybrid-cloud strategy through Amazon Web Services, Microsoft Azure and other cloud providers when appropriate.

Tudehope stresses though that data sovereignty is not just about where data resides. It also means that agencies maintain authority and control over the data at all times.

“The greatest misconception that my colleagues and I encounter is that data residency and data sovereignty are synonymous and can be used interchangeably. Data residency of course refers to where data is located. That’s important, but data sovereignty enables government not only to ensure that data remains in its jurisdiction, but that it cannot at any point be accessed by foreign contractors, support teams, or any individuals that do not possess required security clearances,” says Tudehope. “Data sovereignty is crucially important for regulatory and data security purposes.”

He points to the Australian Government Information Security Manual to convey just how important it is. The manual states, “outsourced cloud services may be located offshore and subject to lawful and covert data collection without their customers’ knowledge. Additionally, use of offshore services introduces jurisdictional risks as foreign countries’ laws could change with little warning. Finally, foreign owned suppliers operating in Australia may be subject to a foreign government’s lawful access to data belonging to their customers.”

It’s an important reality Tudehope believes can’t be stressed enough and one of the reasons Macquarie Government employs more than 200 Australian citizens with the proper security certifications, to oversee not only its cloud solutions and services, but also its many security offerings for federal agencies. These include a security operations center with threat monitoring and proactive threat hunting, and Security Incident and Event Management-as-a-Service – offerings that enable the company’s security experts to analyze more than 7 billion security events each day.

“Digital services make government more accessible and more effective, but citizens will only use them if their personal information is safeguarded with exceptional vigilance here in Australia,” says Tudehope. “That requires the right cloud, the right employees to oversee it, and robust security services to keep it all safe.”

Learn more about Macquarie Government and its partnership with VMware here.

Data and Information Security, IT Leadership