blue_wave-wide.png
blue_wave-wide.png
blue_wave-wide.png
blue_wave-wide.png
SCASD3.png
blue_wave-wide.png

Intro


Get on the SaaS Wave with Confidence

Platform as a Service (PaaS) Specifically for Government.

SCROLL DOWN

Intro


Get on the SaaS Wave with Confidence

Platform as a Service (PaaS) Specifically for Government.

With over 30 years experience in supplying high-quality technology services to commercial and government clients, Secure Collaboration provide secure (ISM Compliant), fully managed cloud services designed specifically for Australian Government Agencies.

blue_wave-wide.png

Services intro


SERVICES

READ MORE

Services intro


SERVICES

READ MORE

Architecture, Design, Security as a Service, IT Expertise, IRAP Assessments

Windows, Linux (Redhat | CentOs | Ubuntu)

OS Patching, managed back ups, system upgrades

Windows Apps SQL, CRM, Share Point, Exchange, My SQL, and more

Dual Sites Sydney and Canberra

Secured behind 2 Geographically Separated ASD Certified Gateways

Full IRAP Assessment and report

Multi Zone Availability, replication, DR, BC

Full Visibility, Managed, Monitoring, Reporting

SLG up to 99.99%

blue_wave-wide.png

Partners intro


PARTNERS

READ MORE

Partners intro


PARTNERS

READ MORE

ACCELION KiteWorks: Secure File Sharing

REQUAL HP Objective SaaS

PROTECHT Risk Management SaaS

 

 

 

SECTRA Health Records

ISOBAR  Secure Web sites

DENTSU MITCHEL WOG Advertising

KENSLER  Secure Voice Messaging

VENIX IT Consulting Services

INTRON Mgmt Consulting Services

MACQUARIE GOVERNMENT ASD Certified Secure  Internet Gateway (SIG)

blue_wave-wide.png

Clients intro


CLIENTS

READ MORE

Clients intro


CLIENTS

READ MORE

Australian Tax Office

Department of Defence

Australian Prudential Regulation Authority

 

Australian Securities and Investments Commission

Department of Foreign Affairs and Trade

NSW Health

QLD Health

Department of Finance

SCASD3.png

News & Media


NEWS UPDATE

News & Media


NEWS UPDATE

Politicians like us to believe that the governments support small businesses because we are told they, “are the backbone of our economy” (so says the Australian Liberal Party’s website), yet recent events have shown in fact, that the government actively favours large multi-nationals and treats the small business with disdain, even specifically suppressing their involvement.

In April 2018 the Australian Federal Government awarded a coveted Certification for the supply of Cloud Services (CCS) to the Microsoft Corporation, but with major warnings concerning the lack of security of their service. Yet two week’s earlier they had rejected a local small business that had none of the security issues listed for Microsoft and had been positively assessed twice in two years.

The major reason cited being, “unfortunately the demand from wider Government is not there.

In other words: ‘you are too small.’

Background

The small business, called Secure Collaboration Pty Ltd (SC), has been providing secure cloud services to seven Federal Government agencies since 2014. These include the big agencies such as  Defence, Finance, ASIC and DFAT. Some of these services are managing data that is classified to PROTECTED security level and all have been audited and security tested by independent bodies. Furthermore, the IT systems are secured inside data centres managed by the highly respected Australian company, Macquarie Government, whose service is already certified by the Australian Signal Directorate (ASD).

Aussie Battler takes the challenge

When it was announced that the ASD would accept applications for certification of cloud services (CCS), Secure Collaboration immediately began a project to bring its processes, people and systems to conform to the required standards.

They engaged an approved IRAP assessor to produce a detailed report to the ASD, delivered in June 2016. It recommended that the ASD award a PROTECTED level certificate to SC’s for its cloud services.

No acknowledgement was received and an email inquiry was ignored. Everyone knew they were busy, so best to wait.

Finally, in March 2017 contact was made with the ASD but the report hadn’t even been looked at. After a quick review, the ruling was that the format of the report was incorrect and the incorrect process had been followed. The recommendation was that SC should get another assessor to do it all again – updated to the new standard (ISM 2016).

Second attempt

A new IRAP assessor was engaged at triple the cost and the correct process was followed: multiple emails, conference calls ending in SC flying to Canberra to meet the ASD face-to-face. After an intense two hour meeting and a physical inspection of the installation the verbal response was positive and by early August 2017, the second report was officially submitted.

Once again, the IRAP Assessor recommended that SC should get PROTECTED level certification.

Once again the ASD did not review it for a full six months, but when they did there were only a few minor items that needed clarification. There were no showstoppers (so they said).

SC escalated to ASD management and assurances were given that the ASD wanted to support small business and, “you’re in the final stage.”

The Grilling

The final stage was another face-to-face meeting. This time in  Sydney to review the other installation. Facilities were booked, the expensive consultant was flown in from Japan, and four hours of grilling ensued on every item in the report. Were they being very thorough, or were they just trying to find a problem? Once again the verbal indication was positive, just a few residual risks that SC would need to clarify or remedy, but still no “show-stoppers.”

 Slap in the face

Two weeks later SC received a surprise email, “…. regrettably ASD are unable to award Secure Collaboration ASD Certification…. apologies for the length of time it has taken.

$80,000 and almost two years later, one lost customer and a dozen lost prospects.

Punch in the guts

Two weeks later Microsoft announced it had achieved its certification “12 months after the IRAP assessment.”

Two weeks after that the ASD announced that even though Microsoft were certified it was with a published Consumer Guide (unprecedented), stating that, “Additional compensating controls are to be implemented ….. by individual agencies “ and   “Residual risks …… can be reduced through agency implementation of additional configuration and security controls”, but that they are “working with Microsoft to ensure general compensating security control blueprints are made available.”

Press responds

Very soon the press jumped on this, saying  things like “Azure needs extra security controls before it's fit for government use, says Australia and “ASD puts a cloud over Azure

One report said: “It is understood the company has been given special dispensation that would enable non-citizens offshore staff, without Australian Government security clearances to perform work on the platform in a system administration or dev-ops capacity…. from outside of Australia.

[and] … they would not necessarily be known to the Australian security services.”

Why?

So why would Microsoft be given priority, publicly endorsed, given time to comply and a public commitment to help them fix any issues?

Why is a multinational company who is known not to pay its taxes, and is regulated by a foreign law be given easy access to our taxpayer's money, while clearly there are huge risks of this data being accessed by unknown off-shore entities that could leak the data.

Whereas SC, a Sydney-based small business that:

  • pays its taxes,
  • only employs Australian people,
  • is dedicated to federal government service,
  • can clearly resolve all 6 items identified,
  • and provides the lowest cost and highest value for Australia

… get thrown on the scrap heap?