Independently certified, owned, managed, and operated in Australia by Australian citizens, AUCloud is the nation’s sovereign cloud Infrastructure-as-a-Service (IaaS) provider. It services the country’s government agencies as well as enterprises that must maintain and protect sensitive information. The company operates from datacenters in Canberra and Eastern Creek (Sydney) that are independently accredited to host highly classified data for the Australian government.
We connected with Brad Bastow, AUCloud’s first CTO and former CTO of Australia’s Department of Prime Minister and Cabinet, to learn what organizations must keep in mind when considering the public cloud and the evolving data sovereignty landscape.
Q: What is the importance behind having access to a sovereign IaaS provider?
We believe it is vital that consumers of our services be assured that we are a safe haven for critically sensitive data. Protection underpins the smooth and safe operation of our economy and is crucial to ensure the wellbeing and safety of our citizens.
Australia has specific guidelines related to the consumption of cloud services by federal government agencies. AUCloud’s services are built from the ground up with compliance requirements incorporated into our technical and operational controls from the outset. This can be demonstrated by our Australian Sovereignty — our guarantee that data hosted in our cloud neverleaves Australia . All of our operational staff are also Australian security cleared.
Q: What are the most pressing risks when it comes to the cloud and the sovereignty of data?
Having led major adoptions of public clouds for several government departments, my advice is to be wary of the controls you must implement to secure data hosted in a public cloud in order to meet demanding security requirements.
Many cloud providers typically offer their services to everyone — from online dating sites to healthcare services and fashion retailers. While security is a necessary burden, or sometimes an afterthought for some of these entities, for government agencies, data security is paramount.
When using some of these services you will invariably need to wrap additional security services around your public cloud deployment to meet the regulatory and security requirements of your jurisdiction. This may include encryption at-rest, multifactor authentication, and network traffic protection. These additional services are not free and require a significant administrative burden to manage and maintain.
For many public cloud services, it is also difficult to know where services are hosted, as well as if and what metadata leaves the local datacenter. It is precisely for this reason that the sovereignty of services should be a fundamental consideration for any cloud project. It is also why AUCloud services are built to comply with government security requirements without the need for additional controls.
Q: Why is it important that AUCloud be VMware Cloud Verified?
There are three reasons. First, because the majority of on-premises workloads in our federal government are already hosted on vSphere, vCloud Director enables us to provide a seamless path to hybrid cloud, test/dev deployments, disaster recovery, and backup. Agencies are working with products they are familiar with and comfortable using.
Second, by employing the rich API library provided by vCloud Director, we can expose these APIs and enable our customers to deploy true infrastructure as code.
Finally, we value the extensibility of vCloud Director. Our soon-to-be deployed second iteration of Container Service Extensions for vCloud will allow our customers to consume and manage Kubernetes clusters on AUCloud. Using vCloud Director we help our customers manage the risks associated with transitioning to the cloud, without compromising the future proofing of their transition approach.
Learn more about AUCloud and its partnership with VMware here.