CyberCX Uses ATO on AWS to Help Customers Enhance Security and Speed up Regulatory Compliance

Learn More or Participate in the Authority to Operate (ATO) on AWS Program

Executive Summary

CyberCX, one of Australia’s leading cybersecurity services providers, became the first Australian-based AWS Partner to join the Authority to Operate on AWS Program. Through the program, CyberCX is focused on supporting AWS customers in meeting their regulatory and public sector compliance requirements, as exemplified by its support of Industry Capability Network Limited.

Partner Success Story – CyberCX

CyberCX is one of Australia’s leading providers of end-to-end cybersecurity services to private and public enterprises across the globe. It helps organizations manage their cyber risk and offers services including IT governance, compliance support in both preparation and assessment, incident response, security integration and engineering, managed security services, identity and access management, secure digital transformation, privacy advisory, and cybersecurity training.
 
CyberCX became an Amazon Web Services (AWS) Partner when it supported AWS by conducting its Infosec Registered Assessors Program (IRAP) assessment. IRAP ensures that organizations looking to work with the Australian government have implemented and maintained the requisite cybersecurity capabilities and processes to safeguard sensitive data. “After working closely with AWS, we realized that there was a lot of overlap between our customers,” says Peter Baussmann, Executive Director of Cloud Security and Solutions at CyberCX. “It made sense to work together to achieve the best outcomes for those customers.”
 
More recently, CyberCX needed to respond to increasing requests from customers to enhance security for their AWS Cloud environments. For example, its customer Industry Capability Network Limited (ICNL), an Australian supply chain procurement and consulting company, sought to increase its security capabilities. “ICNL provides business-to-government transactions, and it needed to go through a specialized process for authorization, which is required for enterprises working inside governments,” Baussmann says. 
“As a partner, we can now better help our customers prepare for IRAP assessments and even conduct them ourselves, depending on the customer.”

– Peter Baussmann, Executive Director, Cloud Security and Solutions, CyberCX

Increasing Customer Confidence through the ATO on AWS Program

To help AWS customers meet their Australian regulatory and compliance requirements, CyberCX joined the Authority to Operate (ATO) on AWS Program. By doing so, it has joined a community of like-minded organizations and AWS security strategists focused on delivering new capabilities that both support and accelerate customers’ abilities to meet their cybersecurity goals. “We were interested in the ATO on AWS Program because of its focus on compliance and assurance, which is right in line with the work we do,” Baussmann says.

To qualify for the program, CyberCX underwent a thorough and comprehensive evaluation process to meet specific technical requirements. “Some of the requirements were standard and others were specific to the government work we do,” says Baussmann. “Although the process was arduous at times, it ensured that we were well-qualified to join the program.”

Once CyberCX qualified, it became the first Australian company to gain the ATO on AWS designation. “The ATO on AWS Program helps us give our customers an extra level of assurance that their AWS workloads are meeting Australian government security requirements,” explains Baussmann. “As a partner, we can now better help our customers prepare for IRAP assessments and even conduct them ourselves, depending on the customer.”

“Because of our ATO on AWS designation, we are helping improve our customers’ security postures and giving their end customers—such as the Australian government—more confidence that the right authorizations are in place.”

– Peter Baussmann, Executive Director, Cloud Security and Solutions, CyberCX

Simplifying Security Processes

Through the ATO on AWS Program, CyberCX has simplified security processes for its customers with workloads on AWS. “Because of our ATO on AWS designation, we are helping improve our customers’ security postures and giving their end customers—such as the Australian government—more confidence that the right authorizations are in place,” says Baussmann.

For example, CyberCX worked with ICNL to clearly understand the complexities around meeting IRAP compliance requirements. It separated ICNL’s AWS accounts and helped AWS security services such as AWS Security Hub and then completed the documentation of ICNL’s system security plans, risk management framework, and security policies. CyberCX also supports ICNL with continuous monitoring of its application environment. “We helped ICNL uplift its security environment to meet Australian government standards,” says Baussmann. “Now, government and defense industry organizations can see that the information ICNL provides is properly protected.” Adds Warren Jansen, Executive Director at ICNL, “My experience working with CyberCX to date has been collaborative and positive. I encourage others to have a chat with them about their cybersecurity needs.”

Accelerating Time to IRAP Compliance

CyberCX helped ICNL become compliant with IRAP regulations quickly, completing 13 of its authorization documents over a period of eight weeks. Baussmann says, “That’s a very rapid timeline. Risk assessments alone typically take up to five weeks to complete, so incorporating the entire authorization package in eight weeks helped ICNL accelerate the IRAP compliance process more than it could on its own.”
 
Additionally, CyberCX is collaborating with other ATO on AWS Partners. Baussmann concludes, “We have engaged the AWS team and other program partners to share best practices. We are getting insights into how those partners manage regulatory compliance in the US, which will help us as we look to grow our business globally.”
Learn More or Participate in the Authority to Operate (ATO) on AWS Program
F5

About CyberCX

CyberCX is a provider of end-to-end cybersecurity services in Australia. With more than 900 professionals in 20 locations, the company helps both private and public sector organizations realize better cybersecurity.

APN Program Participation

Published February 2022