Iconic Australian software company TechnologyOne has earned a ‘Protected’ level security assessment through the Information Security Registered Assessors Program (IRAP) program, significantly raising the federal government cybersecurity posture at no cost to the budget.
The company is the first enterprise software to achieve Protected credentials under the Australian Signals Directorate-administered IRAP program.
TechnologyOne chief executive officer Ed Chung told InnovationAus that the company would transition all its federal government shared services customers using its software as a service ERP from the ‘Official: Sensitive’ cyber rating to the higher-level ‘Protected’ status at no cost, and with no operational impact.
The credentialed upgrade is a game-changer for government and has huge implication for other suppliers into the government sector. ‘Protected’ becomes the default posture for federal customers using the TechOne platform from now on.
The company sees this as a significant competitive advantage. Government in its cloud strategy had sought a general cybersecurity uplift through its private sector suppliers of both cloud infrastructure and application providers and Tech is the first enterprise software across that line.
“Our federal government customers will get access to a more secure service at no additional cost to the taxpayer, and we are confident that this is what Australia needs, and expects, of its homegrown technology companies,” Mr Chung said.
“As an Australian citizen, as well as the CEO of an Australian company, it’s important to me that the data that the federal government holds in trust for us – such as personal financial data – will now be protected with an additional level of security,” Mr Chung said.
The biggest beneficiaries of the ‘Protected’ by default security posture would be the smaller and medium-sized government agencies, which have been acknowledged as the ‘weakest link’ within the public sector cybersecurity battle, he said.
“Many agencies operate in both ‘Official’ and ‘Protected’ – often requiring two environments. We are pleased to be able to meet the unique, and specific needs of our federal government customers by removing this friction.
The security uplift among these smaller agencies would – due to the interconnection of modern systems – benefit the broader Australian government information infrastructure.
Mr Chung said TechnologyOne had been under assessment on the road to ‘Protected’ level IRAP credentials for the past two years and had invested heavily in attaining the certification.
The former head of the Australian Cyber Security Centre and current strategy chief at Australian security outfit CyberCX Mr Alastair MacGibbon said the TechOne accreditation was a strong contribution to uplifting the government’s broader online security.
“The more protected systems across government the better. In security, you’re only as strong as the weakest link. Smaller government agencies are exposed to the same risk and threats as their larger counterparts, but often have fewer resources to mitigate them,” MacGibbon said.
“I applaud any company, particularly a sovereign Australian one, that is looking to raise security by design and default.”