ABOUT two years ago, Canberra based SME Vault became one of the first ASD ap- proved cloud providers to Defence and the intelligence community.
“We’re focused on security, sovereignty, privacy, high performance, open standards, hyper-scale or scalability, also as well as pro- viding consistent outcomes to government from a value and cost perspective,” Vault founder and CEO Rupert Taylor-Price explained to ADM. “We’ve got a strong history of delivery now as well. Generally they’ve used us when they’re trying to ac- celerate that project to get a project back on schedule or on track because it’s sort of the nature of the cloud, obviously rapid to de- ploy, rapid to get stuff out.”
A veteran of the IT start up world, Taylor- Price has a history of involvement in large government IT programs with an empha- sis on security. From Hivetech 12 years ago working with privacy driven social security and medical data to the founding of Vault in 2012, sovereignty of secure data has been a driving force behind his companies.
Surveying the market for se- cure sovereign cloud services pro- duces a relatively small selection of providers: Macquarie Tele- com, Sliced Tech, and Dimen- sion Data, with many providing a hybrid services of managed hosting with cloud elements.
“So Vault really still today
sits somewhat standalone in the
fact that it is a fully NIST (Na-
tional Institute of Standards
and Technology) compliant API (applica- tion program interface) driven hyper-scale cloud, whilst it’s also sovereign and secure to Australian standards,” Taylor-Price outlined.
“At the moment you’ve kind of got a choice of secure, sovereign cloud – Vault, or public clouds. There’s not too much in the middle. If you put that into where the markets are, we’ve got private cloud being one market and whilst we do play in that market, it’s not our primary focus. Then you’ve got public cloud at the oth- er extreme. If you think of the average CIO, they must choose between ‘do we have the security and certainty of private cloud or do we have the extensibility and scalability and adaptability of public cloud?’ Then there’s a community cloud, which is a sector that’s very big globally. But in Australia it’s prob- ably a newer sector.”
A community cloud is essentially a cloud where it’s more than one private customer but it’s not public; it's just between a select group of customers.
“For instance, in Vault we run two com- munity clouds. One of the community clouds is government community, so you have to be government to use it. In the US, Amazon run a government cloud which is a government community cloud. In the UK there’s a company called UK Cloud that runs a community cloud. In Germany, Mi- crosoft run a government community cloud for government in Germany. So globally this has been quite a trend but really not much has happened in Australia until re- cently in this space."
Community cloud in action
That’s not to say that community cloud doesn’t carry any of the risks of public cloud. It is different to private cloud as well.
“If it was to be attacked through spectre or meltdown or any of those vulnerabili- ties from another government department, there are still some inherent risks there but they’re dramatically reduced from public cloud where you’re subject to attack from basically anyone,” Taylor-Price said.
Community cloud has a higher security posture than public cloud, but one of the problems with private cloud is, because they’re so individual and bespoke, the secu- rity that’s then applied them is challenging.
“Community cloud is sort of that sweet spot in the middle where you’ve got enough scale to drive the investment into security but you don’t have the same risks of public cloud as well.”
Rather than getting an existing system and adding security layers to it, Vault has worked with OpenStack, an open source cloud management tool, and worked down at the basic code level to ‘bake in’ security from first principles.
“We’ve then taken the entirety of the pro- tective security policy framework and the in- formation security manual, taken all of those controls and then actually altered the securi- ty natively at the code level or the DNA level of OpenStack and re-engineered to natively be compliant to Australian government
www.australiandefence.com.au | November 2018 | 39
“All of the defence and intelligence workloads that have come to us have all finished with a success.”
GETTY