AUCyberscape is Australia’s first national cyber security digital ecosystem – showcasing Australian cyber security capability and opportunities globally and providing a vehicle for customers to connect with Australian cyber security companies. In partnership with AustCyber, State and Territory Governments and the Insurance Australia Group (IAG), AUCyberscape aims to strengthen Australia’s cyber security capability and drive cyber security awareness and education.
What better way to showcase Australia’s cyber security capability than ensuring our platform is underpinned by the capabilities of sovereign cyber companies and a world leading, end to end sovereign, secure authentication service that assures the integrity of our service. We are delighted we can do this, while also making the process seamless for end users.
Security imperative
Establishing an online platform to showcase Australia’s cyber security capabilities demanded two fundamental criteria to be met. First, engagement of relevant domestic capability to support the platform and second, best of breed security technology to register and authenticate users, i.e., the cyber security companies contributing their information to the ecosystem. A repository of expert, Australian cyber security capability posed an obvious target for bad actors wanting to undermine the integrity of the ecosystem and potentially extract underlying data.
AUCyberscape needed a foolproof registration and authentication system – one not prone to traditional threat vectors such as password compromise and phishing.
Melbourne based business Forticode, with its innovative authentication product Cipherise, hosted on AUCloud was engaged to deliver the solution required.
Itself a leader in cyber security technology, Forticode’s authentication Software-as-a-Service solution Cipherise is the product of significant Australian grown research and development. Providing a world first Secure Digital Engagement Platform-as-a-Service (Paas), Cipherise combines different security and privacy approaches and a decentralised, bi-directional cryptographic platform to identify, authenticate and authorise all user activities.
Unique password-less authentication
Unlike password-based authentication and two-factor and multi-factor solutions, Cipherise is premised on a unique bi-directional approach that allows a digital relationship to be established between parties and subsequently used for any situation requiring attribution or audit.
Removing the requirement to provide credentials directly to a system and replacing this with a sophisticated bi-directional digital ‘relationship’ exchange, Cipherise instantaneously validates multiple pre-established ‘knowns’ between parties, checks for tampering or manipulation and creates an independent, immutable audit trail. Hosted on AUCloud’s IRAP assessed to PROTECTED
Infrastructure-as-a-Service platform, the solution meets the stringent security requirements of the Australian Security Directorate’s (ASD) Information Security Manual (ISM), the sovereignty standards of the Australian Cyber Security Centre’s (ASCS) Cloud Assessment and Authorisation Framework (CAAF) and the Federal Government’s Essential Eight Maturity for multi-factor authentication.
For AUCyberscape, this high level of security assurance was critical and necessary to ensure confidence in the system and meet the expectations of the cyber security businesses using the platform and the State governments and organisations supporting it.
Outcomes
The ability to work directly with Forticode to deploy the solution, delivered both a high level of transparency to AUCyberscape and confidence that they had the support of a local, accessible service provider; the business that wrote the code also delivered the solution. Importantly, Forticode fully appreciated AUCyberscape’s concerns and from day one, understood the need for a sophisticated, trusted, sovereign solution.
Implementation proved to be flawless both for AUCyberscape and users.
From the perspective of cyber security companies, using the Cipherise tool to register and authenticate to the AUCyberscape platform was simple and the process fast and seamless. For AUCyberscape, minimal administrative support was required. With control of the authentication set up process in the hands of the end user combined with a solution not premised on the use of passwords,
AUCyberscape is not hounded by password reset and related administrative inquiries. Users can simply re-activate the system as required themselves. In a worse case scenario, a break glass recovery process is available for the user to recover their account again all underpinned by a sovereign Certified Strategic cloud infrastructure provider.
Integration of multi-factor authentication (MFA), audit and compliance, SSO, passwordless authentication and API extensions into the product combined with the ability to white label Cipherise provides the basis for a fully extensible capability that is in the control of the user organisation.
Our deployment of Cipherise on the AUCloud cloud infrastructure is a game changer in demonstrating the cyber security expertise of Australian, sovereign owned and operated businesses. The capability demonstrated and the service we have delivered is proof to broader government and critical industry organisations that we have the capability to provide world class authentication and security solutions onshore.
