Kiteworks achieves IRAP certification

Kiteworks has achieved compliance with the Information Security Registered Assessors Program (IRAP) assessed for up to PROTECTED level data classification. The Kiteworks platform delivers content governance, compliance and protection to customers, improving risk management and ensuring regulatory compliance on all sensitive content communications.

This new certification further extends the company’s compliance with global industry standards overseen by ACSC and is seen as a commitment to a defence-in-depth security approach, post the 2021 data breach of its retired file transfer administration (FTA) product.

Kiteworks’ IRAP-hosted environment is delivered as a Platform-as-a-Service (PaaS) secure cloud with premium support on AWS and is available to federal, state and local Australian agencies, as well as any company in the world conducting business with Australian federal and state agencies.

The IRAP-hosted environment is single tenant and delivers geographic sovereignty of data governance, ensuring that customers are the only entities able to access their data. Kiteworks Secure Cloud Hosting With Premium Support also includes patching and update services, named service representatives, enhanced service level agreements (SLAs), and other high-touch services.

“While the cyber attack only affected our retired FTA product, we sought to take lessons learned to further enhance the security architecture for the Kiteworks platform,” said Jonathan Yaron, Chairman and CEO of Kiteworks.

“We hardened different areas of the security architecture such as key encryption and management and implemented proactive defence-in-depth measures to ensure real-time alerts, an embedded WAF, and incident response in the event that an attack does occur.”

IRAP certification by the Australian Cyber Security Centre

Australian agencies use IRAP to validate that appropriate controls are in place to address requirements established by the Australian Government Information Security Manual (ISM) that are published by the ACSC.

For federal and state agencies conducting business with third parties like contractors, vendors and suppliers, IRAP compliance helps protect those agencies against supply chain cyber attacks that can have far-reaching and malicious impact. To achieve IRAP compliance, a certified independent assessor reviewed Kiteworks’ people, processes and technology in over 800 risk areas against requirements of the ISM.

Kiteworks is the only global vendor in the sensitive content communications solutions space with IRAP certification. Federal and state agencies in Australia and private sector businesses in ANZ conducting business with those agencies know that they retain control of privacy of their data that is hosted in single-tenancy clouds via Kiteworks — meaning there is no intermingling of data, metadata or shared application resources.

“Cybercriminals and nation-states see the multiplication value of the supply chain and have reaped significant rewards via supply chain attacks over the past year,” Yaron said.

“Industry standards like IRAP enable public sector agencies to vet and manage their supply chain based on a codified list of security and governance controls that mitigates risks. Kiteworks already adheres to numerous global industry standards, and the addition of IRAP compliance extends our coverage even more.

“We are fully committed to the Australian market, with a local office in Sydney for over 12 years and hundreds of federal and state government customers, and we take compliance standards like IRAP very seriously. We see the certification as a confirmation of our commitment to our Australian customers, enabling them to track, control and secure their sensitive content communications,” he said.

The Kiteworks platform also complies with FedRAMP, the National Institute of Standards and Technology (NIST) 800-171, the Cybersecurity Maturity Model Certification (CMMC), General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA), and Payment Card Industry Data Security Standard (PCI DSS), among others.

Image credit: ©stock.adobe.com/au/Alex