Retirement of compromised FTA product was achieved in full for all Australian and New Zealand clients in 2020-21. Kiteworks IRAP assessment to PROTECTED level controls demonstrates the company’s commitment to clients in the Australian and New Zealand (ANZ) market.
Sydney, Australia, March 8, 2022 – Kiteworks, the leading platform for ensuring regulatory compliance and effectively managing risk with every send, share, receive, and save of sensitive content, announced today it completed and achieved compliance with the Information Security Registered Assessors Program (IRAP) assessed for up to PROTECTED level data classification. This achievement further extends Kiteworks’ extensive compliance with global industry standards overseen by the Australian Cyber Security Centre (ACSC). The IRAP recognition demonstrates Kiteworks’ commitment to a defense-in-depth security approach and emergence from the breach of its retired File Transfer Administration (FTA) product.
Kiteworks’ IRAP-hosted environment is delivered as a Platform-as-a-Service (PaaS) secure cloud with premium support on AWS and is available to federal, state, and local Australian agencies as well as any company in the world conducting business with Australian federal and state agencies. The IRAP-hosted environment is single tenant and delivers geographic sovereignty of data governance, ensuring that customers are the only entities able to access their data. Kiteworks Secure Cloud Hosting With Premium Support also includes patching and update services, named service representatives, enhanced service level agreements (SLAs), and other high-touch services.
“While the cyberattack only affected our retired FTA product, we sought to take lessons learned to further enhance the security architecture for the Kiteworks platform,” said Jonathan Yaron, Chairman and CEO of Kiteworks. “We hardened different areas of the security architecture such as key encryption and management and implemented proactive defense-in-depth measures to ensure real-time alerts, an embedded WAF, and incident response in the event that an attack does occur.”
IRAP Assessed to Australian Cyber Security Centre Requirements
Australian agencies use IRAP to validate that appropriate controls are in place to address requirements established by the Australian Government Information Security Manual (ISM) that are published by the ACSC. For federal and state agencies conducting business with third parties like contractors, vendors, and suppliers, IRAP compliance helps protect those agencies against supply chain cyberattacks that can have far-reaching and malicious impact. To achieve IRAP compliance, a certified independent assessor reviewed Kiteworks’ people, processes, and technology in over 800 risk areas against requirements of the ISM.
Kiteworks is the only global vendor in the sensitive content communications solutions space with IRAP compliance. Federal and state agencies in Australia and private sector businesses in ANZ conducting business with those agencies know that they retain control of privacy of their data that is hosted in single-tenancy clouds via Kiteworks—meaning there is no intermingling of data, metadata, or shared application resources.
“Cyber criminals and nation-states see the multiplication value of the supply chain and have reaped significant rewards via supply chain attacks over the past year,” said Yaron. “Industry standards like IRAP enable public sector agencies to vet and manage their supply chain based on a codified list of security and governance controls that mitigates risks. Kiteworks already adheres to numerous global industry standards, and the addition of IRAP compliance extends our coverage even more. We are fully committed to the Australian market, with a local office in Sydney for over 12 years and hundreds of federal and state government customers, and we take compliance standards like IRAP very seriously. We see IRAP assessment to PROTECTED level controls as a confirmation of our commitment to our Australian customers, enabling them to track, control, and secure their sensitive content communications.”
Realizing the Value of Kiteworks and IRAP Compliance
The Kiteworks platform empowers public and private sector organizations to manage every send, share, receive, and store of sensitive content across numerous communication channels—email, file sharing, managed file transfer, web forms, and application programming interfaces (APIs). This minimizes risk while creating a detailed record of sensitive content communications as data moves within, into, and out of an organization.
“We’ve relied on the Kiteworks platform to exchange sensitive content with our public and private sector clients for several years,” said Sunil Saale, the Head of Cyber and Information Security at MinterEllison, Australia’s largest law firm providing legal and consulting services through a global network of affiliated firms and associated companies. “Using Kiteworks and other IRAP-compliant solutions makes it easier for us to do business with Australian government agencies, as it provides assurance that the platform has appropriate and effective controls and that it has been validated independently against Australian government policies and guidelines. Kiteworks also minimizes onboarding friction for new clients and improves operational efficiencies for our team. Kiteworks IRAP assessed to PROTECTED level controls demonstrates its commitment to us and the Australian market in general.”
“Achieving IRAP compliance demonstrates Kiteworks’ ongoing commitment to the Australian market as an investment in its security posture and confirmation that Kiteworks has instituted rigorous governance controls and tracking that adhere to global risk standards,” said Kieran O’Shaughnessy, VP of ANZ Sales and Operations at Kiteworks. “Government agencies and companies conducting business with federal and state agencies can purchase and begin using the IRAP-compliant Kiteworks platform today.”
IRAP compliance is the latest achievement in a long list of global compliance standards met by the Kiteworks platform. These include, but are not limited to, FedRAMP, the National Institute of Standards and Technology (NIST) 800-171, the Cybersecurity Maturity Model Certification (CMMC), General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA), and Payment Card Industry Data Security Standard (PCI DSS).
Kiteworks’ mission is to empower organizations to effectively manage risk in every send, share, receive, and save of sensitive content. To this end, we created a platform that delivers content governance, compliance, and protection to customers. The platform unifies, tracks, controls, and secures sensitive content moving within, into, and out of their organization, significantly improving risk management and ensuring regulatory compliance on all sensitive content communications.
+61 413 054 738
The Accellion enterprise content firewall prevents data breaches and compliance violations from sensitive third party communications. With Accellion, CIOs and CISOs gain complete visibility, compliance and control over IP, PII, PHI, and other sensitive content across all third-party communication channels, providing secure email, secure file sharing, secure mobile file sharing, enterprise app and Microsoft Office plugins, secure web forms, secure file transfer like SFTP, and enterprise workflow automation. Accellion has protected more than 25 million end users at more than 3,000 global corporations and government agencies, including NYC Health + Hospitals; KPMG; Kaiser Permanente; National Park Service; Tyler Technologies; and the National Institute for Standards and Technology (NIST). For more information please visit www.accellion.com or call (650) 485-4300. Follow Accellion on: LinkedIn, Twitter, and Accellion’s Blog.