By Stuart Bayliss - Director, Product Management - Cloud Infrastructure, Skyhigh Security
June 3, 2024 3 Minute Read
I’m proud to share we have announced that our Security Service Edge (SSE) portfolio has completed an assessment update for the Australian Information Security Registered Assessors Program (IRAP) and achieved the PROTECTED security classification level.
The latest update builds on past IRAP assessments in 2023 and 2020, validating that the Skyhigh SSE Portfolio meets current security standards for collaboration with Australian government agencies.
Understanding the IRAP Assessment
IRAP is an initiative led by the Australian Signals Directorate (ASD) to provide high-quality information and communications technology (ICT) security assessment services to the Australian federal government. The IRAP assessment process is documented in the Australian Government Information Security Manual (ISM), which provides cybersecurity guidance and standards to help Australian government organizations protect their vital information and systems.
In simple terms, the IRAP assessment provides assurance to business, public sector organizations, police, military, health and government organizations that the Skyhigh SSE portfolio has the appropriate and effective security controls and policies in place that meet or surpass ISM requirements.
What’s New in the 2024 IRAP Assessment?
The updated IRAP assessment for 2024 builds upon the previous assessments completed in 2020 and 2023. In 2020, Skyhigh Cloud Access Security Broker (CASB) was assessed to the protected level. The 2023 assessment introduced additional Skyhigh SSE Portfolio technology: Skyhigh Secure Web Gateway (SWG), and Skyhigh Private Access, which includes Remote Browser Isolation as a key capability.
The 2024 update includes Skyhigh Cloud Firewall and Oracle Cloud Infrastructure (OCI). These components provide a comprehensive, integrated cloud platform that protects data and stops threats in the cloud across all software-as-a-service applications, infrastructure-as-a-service environments, and Shadow IT, from a single, cloud-native enforcement point.
As a cloud service, SSE provides organizations visibility and control of their data in the cloud, regardless of where it resides. It provides a single Data Loss Prevention (DLP) engine with one simple-to-use centralized management and reporting dashboard, a unified policy framework across all data exfiltration vectors and multi-layered security technologies to cover all possible use cases in the Australian government environment.
The Significance of the IRAP Protected Classification for Skyhigh Security
Achieving the IRAP PROTECTED security classifications gives Skyhigh Security and its partners an advantage in the Australian marketplace. It demonstrates the company’s commitment to security and a willingness to undergo independent assessments of its data-aware SSE technology. This assessment allows government agencies to progress digital transformation initiatives and deliver improved citizen outcomes with confidence, leveraging powerful cloud capabilities delivered from Australian data centers.
Other Certifications and Recognitions
In addition to IRAP, AV-TEST recently confirmed the high threat protection efficacy of the SSE Portfolio. Skyhigh CASB and Skyhigh SWG have also been evaluated by the Federal Risk and Authorization Management Program (FedRAMP), a U.S. government program that evaluates cloud security vendors based on a standardized security framework for cloud products and services. Skyhigh Security retains both ISO 27001:2022 and SOC 2 certifications. Lastly, Skyhigh CASB achieved U.S. Department of Defense (DoD) Provisional Authorization to Operate at Impact Level 5 in 2022, reinforcing the clear benefits of Skyhigh Security’s data-aware technology to government organizations. For more details, please visit our certifications and compliance page.
About IRAP
IRAP is a security compliance framework comprising security assessment processes and a security assessor program. It was developed by the Australia Signals Directorate (ASD) and the Australian Cyber Security Centre (ACSC) within the Australian government. IRAP supports Australian commonwealth government entities in maintaining their security assurance and risk management as well as assessing cloud service providers and their cloud services’ security controls against the Australian government security policies and guidelines.
Learn more about why Skyhigh Security was most recently named a Visionary for the second year in a row in the 2024 Gartner® Magic Quadrant™ for SSE, which evaluates vendors based on their Ability to Execute and Completeness of Vision, and scored highest in the Protect Data Use Case in the Gartner® Critical Capabilities for SSE, an adjunct report to the Gartner® Magic Quadrant™ for Security Service Edge.
Disclaimer:
Gartner, Magic Quadrant for Security Service Edge (SSE), Charlie Winckless, Thomas Lintemuth, Dale Koeppen, 15 April 2024
Gartner, Critical Capabilities for Security Service Edge (SSE), Thomas Lintemuth, Charlie Winckless, Dale Koeppen, 17 April 2024
Gartner does not endorse any vendor, product or service depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and MAGIC QUADRANT is a registered trademark of Gartner, Inc. and/or its affiliates and are used herein with permission. All rights reserved.
Back to Blogs