Security clearance a stealthy weapon for sales
Typically, certification by the Australian government's intelligence agency Defence Signals Directorate is used to enable suppliers to work with top-level government agencies, but some are also using it as a marketing tool to build trust and increase sales to the private sector.
DSD is a part of the Department of Defence that stringently evaluates and certifies technology secure enough to be used by government. It produces the Australian Government Information Security Manual (ISM), the standard governing the security of government ICT systems, and maintains an online database of evaluated products. The notoriously difficult certification process took mobility software company Good Technology two years. It recently obtained certification for its secure mobile application, Good for Enterprise, which allows iOS devices to communicate and store classified information up to "protected" level.
Four levels of security classification - protected, confidential, secret and top secret - reflect the consequences of unauthorised disclosure of information, from damaging the Australian government [protected] to potentially causing exceptionally grave damage to national security [top secret].
BlackBerrys have long had the DSD stamp of approval and almost a year ago government-owned iPads and iPhones (iOS5) were certified to protected level. Accreditation involves several meetings with DSD, says Chris Roberts, vice-president of Good Technology's worldwide public sector. "We showed them everything we had. They looked at our product documentation and architecture. We gave them our source code and access to our [development] team."
The company wants to have a continuing relationship with DSD, but is also interested in the marketing opportunities: "It's an investment against cyber crime [and] we hope to increase sales."
Security accreditation is the Holy Grail of technology products, according to Kevin Noonan, public sector research director at Ovum.
"Protected-level security is about as high as you want to go for doing business with government. Going higher is in the realm of specialist security."
He says suppliers want accreditation to prove they "can jump through a hoop" and to increase the trust factor. "Certification is a powerful marketing weapon in a new area of technology where standards are settling down. It's also an indication of the company's confidence in the product if they are prepared to go through the time and expense to achieve DSD certification."
For Peter Alexander, chief information officer at the Australian Treasury, using DSD certified products and services means his department has the confidence to share classified information internally and with equally classified partners.
IT service provider Emantra also has the coveted DSD certification. The gateways at its three production data centres are certified Protected. "It is a complex and expensive technical process, subject to annual audit. It opens up our ability to sell services at a high level of government mandate, and (differentiates us) when dealing with larger commercial clients," said managing director Ross Dewar.
Frequently Asked Questions about this Article…
DSD certification is a security evaluation run by the Defence Signals Directorate (part of Australia’s Department of Defence) that checks technology against the Australian Government Information Security Manual (ISM). It matters because certification shows a product is secure enough for government use, builds trust with customers and can open doors to both government contracts and higher-end commercial deals.
Companies use DSD accreditation as a marketing differentiator and trust signal. According to the article, accredited vendors can demonstrate product confidence, win government mandates and use that endorsement to attract larger commercial clients and increase private‑sector sales.
The process is notoriously rigorous and can take a long time—mobility company Good Technology took about two years to gain certification. It typically involves multiple meetings with DSD, reviews of documentation and architecture, sharing source code and giving assessors access to development teams.
The four levels are Protected, Confidential, Secret and Top Secret. They reflect the consequences of unauthorised disclosure—from information that could be damaging to government (Protected) up to information whose loss could cause exceptionally grave damage to national security (Top Secret).
The article notes Good Technology has DSD certification for its Good for Enterprise mobile app, BlackBerry devices have long-held DSD approval, government iPads and iPhones (iOS5) were certified to Protected level, and IT service provider Emantra has its production data‑centre gateways certified Protected.
Yes. Certification can require ongoing engagement with DSD, including annual audits and a continuing relationship to ensure the product or service maintains the required security posture.
From an investor viewpoint, DSD accreditation can signal a competitive advantage: it validates security claims, can unlock government and higher‑value commercial markets, and shows management is willing to invest time and money in product confidence. However, the certification process is complex and costly, so investors should weigh these benefits against the investment required.
Government departments, like the Australian Treasury mentioned in the article, use DSD‑certified products and services because certification gives them the confidence to share classified information internally and with partners who hold equivalent classification levels.
Call 1300 880 160
Start a chat
Schedule a call
