Dynatrace on Microsoft Azure achieves PROTECTED status in Australian government IRAP assessment

Dynatrace SaaS on Microsoft Azure received independent validation that it meets the PROTECTED level of the Australian government’s Information Security Manual (ISM) following an assessment conducted by an Information Security Registered Assessors Program (IRAP) certified assessor against the ISM.  

The Australian Cyber Security Center (ACSC) created the ISM framework to provide practical guidance and principles to protect organizations’ IT and operational technology systems, applications, and data from cyber threats. The Australian Signals Directorate created the IRAP to create a pool of assessors capable of conducting high-quality assessment services. Endorsed IRAP Assessors independently assess organizations’ cybersecurity postures, identifying security risks and suggesting mitigation measures. All Australian Commonwealth entities must comply with the Protective Security Policy Framework. The ISM is the cybersecurity framework that facilitates compliance.

Dynatrace previously achieved PROTECTED status for deploying the Dynatrace platform on Amazon Web Services (AWS). The new assessment demonstrates that Australian government agencies and highly regulated enterprises, such as utilities, healthcare, and financial services providers, can deploy Dynatrace on Microsoft Azure. This empowers these organizations to deliver automation and intelligence at scale, unlocking deeper business insights and faster time to value, knowing that their data resides in a Microsoft Azure environment in Sydney that meets high standards.

Breaking down the advantages of a unified observability platform

With the Dynatrace unified observability platform, Australian government agencies can:

• Gain real-time visibility into the performance and availability of infrastructure and applications.
• Deliver high-quality, cloud-native applications to accelerate innovation.
• Identify, prioritize, and resolve service-affecting issues to deliver seamless user experiences.
• Automate repetitive and time-consuming manual tasks, freeing skilled IT resources to focus on strategic initiatives and automation that can be triggered anytime without manual interaction.
• Adopt shift-left development practices to make applications more secure by automating vulnerability detection and resolution before they can be exploited.
• Overcome the complexity of cloud-native environments and stay ahead of regulatory reporting rules by automating continuous discovery, proactive anomaly detection, and optimization across the software development lifecycle.
• Create a single source of truth about the health of IT services to facilitate closer collaboration between development, operations, and security teams, as well as support the adoption of DevSecOps practices.

Data protection is a growing challenge

All organizations must implement adequate controls to ensure the integrity and security of their data. Government agencies are under added pressure, and as they continue to digitally transform, the complexity of their systems increases.

Data is distributed across multiple platforms and applications, making it more difficult to ensure adequate controls. Common challenges include the following:

• Data residency. Government agencies need to maintain complete control and transparency of where their data is stored, especially when using cloud services. Highly sensitive data is subject to stringent residency requirements, meaning it can’t be stored outside the country of origin.
• Securing data throughout the vendor ecosystem. The process of assessing a vendor’s security, privacy, and compliance posture and validating they meet the stringent requirements of the Australian government is often time-consuming and cumbersome.
• Continuous compliance. It’s essential to remain compliant with security and privacy requirements on an ongoing basis rather than treat them as an annual check-box exercise. With rapidly evolving threats and regulatory requirements, it’s crucial for organizations to stay ahead of the curve and continuously improve their security posture.

Keep your data secure with Dynatrace

Dynatrace was purpose-built to process and query massive volumes of data. Therefore, it has comprehensive controls to protect customer data and is constantly investing in these capabilities to stay ahead of evolving market standards and regional and sector-specific needs.

Key Dynatrace capabilities that help Australian government agencies protect their data include the following:

• Dynatrace operates its AI-powered unified observability and security platform as a SaaS solution in 20 worldwide regions. By allowing customers to choose where their data resides, Dynatrace assists them in meeting their country- and sector-specific regulations.
• Dynatrace proactively engages with highly qualified and independent assessors to validate its security, privacy, and compliance posture against the ISM control framework. This simplifies and accelerates the due diligence process for Australian government agencies and other highly regulated enterprises.

Independent software vendors (ISVs) such as Dynatrace can demonstrate their security posture level according to the Australian government’s ISM. This process evaluates risk assessments, access controls, incident response strategies, and sensitive data handling to ensure the vendor maintains robust security practices.

Completing this additional assessment for Dynatrace on Azure is the latest validation of its rigorous security, privacy, and compliance posture. The Dynatrace Trust Center provides a complete overview of the certifications, laws, and standards with which the Dynatrace platform complies.

Get started with Dynatrace on Azure

Australian government agencies that want to learn more about how Dynatrace on Azure can improve their operations and accelerate innovation should contact us or check out our free trial via the marketplace.

Microsoft Azure is a registered trademark of the Microsoft group of companies.

Dynatrace and the Dynatrace logo are trademarks of the Dynatrace, Inc. group of companies. All other trademarks are the property of their respective owners.