20 September 2021

Are all your data centres Certified Strategic by the DTA?

By Adam Scully – Chief Sales Officer

Data sovereignty moved to the forefront of digital transformation conversations in recent weeks as the Digital Transformation Agency (DTA) announced a cluster of new service providers had been approved under the Commonwealth Government’s Hosting Certification Framework.

This is a significant development for organisations of all shapes and sizes. It forces a rethink of partnering strategy across the digital economy.

As the focus on accelerating cloud migration and agility collides with rising urgency around managing the risk, compliance and business continuity challenges associated with embracing the benefits of virtual infrastructure and interconnectivity, choosing the right hosting partner is an imperative.

Why is it important?

Working with hosting providers that have achieved ‘Certified Strategic’ status under the DTA’s Framework will eventually become standard across the economy for every business that wants to engage public sector opportunities. As the volume and sensitivity of data held by Government agencies at the local, state and Commonwealth levels – indeed, all organisations – compounds, so too does the need to bolster safeguards around it.

The digitisation of society has elevated the need for stricter controls around the management and location of data, now the world’s most valuable resource. Meanwhile, there are sophisticated, well-resourced malicious actors everywhere and digital supply chains that have metastasised to every corner of the planet and which therefore operate under an equally diverse range of regulatory controls.

In our complex, interconnected world, depending on where data is created, captured, stored or just passing through on content delivery and other networks, the ‘sovereign’ controls over it can vary from an Orwellian Big Brother-like surveillance regimen to Wild West-ish anarchy.

It has never been more important to understand exactly where on that spectrum your data, and that of your customers, resides at any point in time. Particularly if you want to transact with Government agencies.

Foundations laid for data sovereignty

The DTA is to be applauded for doing the hard yards to build a framework that clearly defines acceptable security standards, operational controls and guiding principles that are applicable across whole of Government. This approach paves a clear and tested path for industry to follow.

It will serve to mitigate risks and define the processes by which agencies and their suppliers can take full advantage of the present and emerging digital megatrends that deliver cost efficiencies, productivity gains and public service improvements.

In short, it will allow Government to leverage cloud, connectivity and data management advances to deliver better bang for buck from tax-payer investments in digital transformation. DTA’s Certified Strategic status delivers the market clear guidance and surety of hosting facilities that are best positioned to protect data and ensure it’s always kept onshore.

Partner strategically on security

The DTA’s Hosting Framework applies to individual facilities, not companies. If your data centre provider has invested in the certification of all of its facilities, it’s the independent verification you need that the platform in its entirety meets all of the rigorous audit requirements.

It is, however, just the starting point on your journey to achieving optimal security posture and data sovereignty compliance. Look for partners that have gone to the next level including having their facilities audited end-to-end and passed as compliant with the highest level of physical security as defined under ASIO’s Security Construction and Equipment Committee (SCEC) Zone 4 guidelines.

This set of standards represent the minimum acceptable physical protections and operational controls required by every facility that hosts ‘classified’ Government data.

Supporting the No.1 priority

Hybrid- and Multi-Cloud architecture leveraging colocation is here to stay. With digital infrastructure elevated to the number one priority for organisations, having that assurance that every byte of your critical data is protected is essential to compete in the digital age. This is something that is problematic in a world where dispersed infrastructure, edge strategies and resilience planning sees organisations – both Government and enterprise – needing multiple points of presence across the country and around the world.

As Government agencies at Commonwealth, state and local levels continue investing in leveraging cloud and other virtualisation services, this new whole-of-Government approach to engagement with certified hosting services providers impacts everyone who does any business with the Government.

Comprehensive, nation-wide compliance

Organisations supplying digital services to Government must now factor in the where and how they handle data end-to-end. With this new hosting strategy in place, it calls for all organisations to reconsider whether the Australian data centres they use are DTA certified. In the future, any engagement with Government will come with the caveat that all sovereign data is demonstrably kept in Australia.

Threats from malicious actors, including hostile nation states, are being taken very seriously by the DTA when it comes to protecting sovereign data and there will continue to be deep scrutiny by procurement agencies to avoid every potential point of breach. It has now become an imperative for all managed service providers, cloud service providers, carriers and systems integrators to be able to validate that all facilities they use are certified under the DTA’s Hosting Framework.

Reach out to NEXTDC and speak with one of our specialists about the broad-reaching implications DTA’s hosting framework has on the way you will do business with agencies and how you can provide assurance that none of their sovereign data will ever fall through the cracks.