The long road to Microsoft finally launching its Australian Azure data centres continues, with the company announcing it has completed IRAP (Industry Security Registered Assessors Program) compliance assessment for the local operations — a crucial step to trying to attract government customers to using the centres.
Government users are likely to resist using any offshore data centres for both political and security reasons. While being able to host data onshore eliminates part of that issue, merely placing the centres on Australian soil doesn't ensure government users will sign up. The IRAP assessment certifies that the basic Azure storage and processing services, and the local data centres they are hosted in, can be used for "Unclassified Sensitive" data.
The assessment took around four months to complete, according to James Kavanagh, chief security advisory for Microsoft Australia. The letter of compliance from Foresight Consulting, which completed the assessment, is being released today. Companies will be able to see the entire assessment once the local centres officially launch (something expected later this year)
"It really comes down to government agencies need to consider these requirements when they are building their systems," Kavanagh told Lifehacker. "They're happy the data is in Australia, but they need to deal with compliance. It's not a cheap process and it's not a process that's without a lot of difficult conversations and difficult work. We are really committed to making it work."
Individual solutions built on top of Azure will still need to be assessed for IRAP compliance, but the Azure components used won't need to be reassessed, Kavanagh said.