Source URL: https://blog.cloudflare.com/irap-protected-assessment/
Source: The Cloudflare Blog
Title: Cloudflare is now IRAP assessed at the PROTECTED level, furthering our commitment to the global public sector
Feedly Summary: Cloudflare is now assessed at the IRAP PROTECTED level, bringing our products and services to the Australian Public Sector.
AI Summary and Description: Yes
Summary: The announcement discusses Cloudflare’s public sector services specifically designed for Australia, highlighting their achievement of the Infosec Registered Assessor Program (IRAP) PROTECTED assessment. This validates their commitment to security in government services and regulated industries, allowing them to leverage a global network for enhanced data management and regional compliance.
Detailed Description:
– **Overview of Cloudflare for Government – Australia**:
– Announcement of a suite of services specifically tailored for the Australian public sector.
– Achieved IRAP PROTECTED assessment under the Australian government’s stringent standards for cloud security, showcasing a commitment to secure services for governmental and regulated bodies.
– **Importance of IRAP**:
– The Infosec Registered Assessor Program (IRAP) is critical for ensuring that cloud products and services meet security requirements.
– Achieving this status signals to clients that Cloudflare adheres to high security standards.
– **Global Strategy**:
– The IRAP assessment is part of a larger strategy to expand Cloudflare’s services to various regions worldwide.
– Their global network capabilities allow them to guarantee low latency (within 50ms of 95% of Internet users) along with robust data security measures.
– **Key Areas of Compliance and Security**:
– The services include critical controls focused on:
– **Traffic Processing**: Ensuring secure and efficient handling of user traffic.
– **Management**: Effective governance of cloud operations while maintaining compliance.
– **Metadata Storage**: Secure storage solutions that are compliant with local laws.
– **Technological Advantages**:
– Implementation of a software-defined regionalization strategy allows for:
– Global flood protection while adhering to jurisdiction-specific compliance requirements (e.g., decrypting traffic within the IRAP boundary).
– Key management and metadata storage programs that respect local data sovereignty.
– **User Experience Considerations**:
– The infrastructure is designed not only for compliance but also to improve user experiences.
– Traffic management ensures users are directed to the nearest certified processing location, balancing security and performance needs.
– **Integration of Services**:
– The platform encapsulates a myriad of Cloudflare products:
– Application security offerings (CDN, WAF, API Shield, etc.) and Zero Trust Products (Secure Web Gateway, Magic Transit, etc.) are included in the compliance scope.
– A holistic approach is taken to integrate security into all aspects of their offerings, demonstrating a commitment to security from the start.
– **Call to Action**:
– Invitation for public and private partners to collaborate on enhancing security in complex environments.
This information is strategically significant for security and compliance professionals in both the AI and cloud security sectors, especially given the emphasis on meeting stringent regulatory standards in cloud service delivery for governments and other highly regulated industries. The detailed integration of Zero Trust principles and regionalized compliance mechanisms exemplify a modern approach to security solutions, which aligns with industry best practices.