Microsoft added to govt data sovereignty scheme

Joseph Brookes
Senior Reporter

Microsoft has been quietly added to the federal government’s list of certified cloud providers more than a month after its rivals, giving it clearance to process sensitive and whole-of-government data under the new data sovereignty scheme.

Microsoft was not part of the first tranche of cloud providers added to the government’s new Hosting Certification Framework (HCF) in October, needing another month and a half to negotiate on the scheme which imposes tighter controls and oversight for government.

Microsoft Azure Cloud was quietly added to the new HCF website this week as a Certified Strategic provider — the highest level of the new scheme — for its Australian regions.

DCI Data Centers was also added to the list of certified providers this month. It operates data centres in Sydney and Adelaide, and has a new one planned for Darwin to capitalise on Defence and space customers.

Microsoft headquarters. Credit: Microsoft

A spokesperson for Microsoft confirmed the certification to InnovationAus.

“We can confirm that Microsoft has set a new high watermark in terms of our certification under the Federal Government’s Hosting Certification Framework,” a Microsoft spokesperson said.

“More than 180 of our core online services – including Dynamics 365, Microsoft 365 and Azure – are now certified under the framework. Microsoft’s HCF certification includes all three Australian Microsoft regions.”

Even without certification, Microsoft’s whole-of-government sourcing deal has swelled to more than $800 million, including more than doubling in the last two months.

The tech giant was understood to have been close to achieving certification when the first tranche of cloud providers were added in early October, and it is unclear why it needed another month than its biggest rival, Amazon Web Services (AWS).

AWS was certified despite its links to a Chinese owned data centre which helped sparked the development of the HCF. Amazon has also declined to disclose its undertakings for full compliance with the HCF, contributing to concerns in the local industry about supply chain risks.

Some HCF providers, including data centre companies, are understood to have been certified by the government based on undertakings which are not published. Some companies have committed to releasing their undertakings in a bid to improve transparency and confidence.

Do you know more? Contact James Riley via Email.

Leave a Comment