June 28, 2023
By Stuart Bayliss - Lead Product Manager - Cloud Infrastructure
A few months ago, the Security Service Edge (SSE) portfolio completed the Australian Information Security Registered Assessors Program (IRAP) assessment to the and achieved PROTECTED security classification level.
To be IRAP assessed
IRAP is an initiative led by the Australian Signals Directorate (ASD) to provide high-quality information and communications technology (ICT) security assessment services to the Australian federal government. The IRAP assessment process is documented in the Australian Government Information Security Manual (ISM), which provides cybersecurity guidance and standards to help Australian government organizations protect their vital information and systems.
In simple terms, the IRAP assessment provides assurance to business, public sector organizations, police, military, health and government organizations that the Skyhigh SSE portfolio has the appropriate and effective security controls and policies in place that meet or surpass Australian Government Information Security Manual requirements.
I thought Skyhigh Security had already achieved the IRAP PROTECTED security classification level?
The new IRAP assessment for 2023 builds upon the previous assessment that was completed in 2020 when Skyhigh Cloud Access Security Broker (CASB) was assessed to the PROTECTED level by now adding in additional Skyhigh SSE Portfolio items: Skyhigh Secure Web Gateway (SWG), and Skyhigh Private Access, which includes Remote Browser Isolation as a key capability.
These components provide a comprehensive integrated cloud platform that protects data and stops threats in the cloud across all Software-as-a-Service applications, Infrastructure-as-a-Service environments, and Shadow IT, from a single, cloud-native enforcement point.
As a cloud service, SSE provides organizations visibility and control of their data in the cloud, regardless of where it resides. It provides a single Data Loss Prevention (DLP) engine with one simple-to-use centralized management and reporting dashboard, a single policy framework across all data exfiltration vectors and multi-layered security technologies to cover all possible use cases in the Australian government environment.
What does being IRAP PROTECTED security classification mean for Skyhigh?
IRAP gives Skyhigh Security and our partners an advantage in the Australian marketplace, by demonstrating Skyhigh Security’s commitment to security and a willingness to undergo independent assessments of its data-aware SSE technology. This assessment allows government agencies to progress digital transformation initiatives and deliver improved citizen outcomes with confidence, leveraging powerful cloud capabilities delivered from Australian data centers.
What other certifications does Skyhigh have?
In addition to IRAP, the Skyhigh SSE portfolio has also been evaluated by the Federal Risk and Authorization Management Program (FedRAMP), a U.S. government program that evaluates cloud security vendors based on a standardized security framework for cloud products and services. Skyhigh SWG for cloud recently achieved FedRAMP Moderate Authorization. Skyhigh CASB also achieved U.S. Department of Defense (DoD) Provisional Authorization to Operate at Impact Level 5 in 2022, and FedRAMP High Authorization in 2020, reinforcing the clear benefits of Skyhigh Security’s data-aware technology to government organizations.
The Information Security Registered Assessor Program (IRAP) is a security compliance framework comprised of security assessment processes and a security assessor program. It was developed by the Australia Signals Directorate (ASD) and the Australian Cyber Security Centre (ACSC) within the Australian government. IRAP supports Australian commonwealth government entities in maintaining their security assurance and risk management as well as assessing cloud service providers and their cloud services’ security controls against the Australian government security policies and guidelines.
To learn more about SSE, request a demo today.
Back to Blogs