News
3 minutes

Obsidian Security Strengthens Public Sector Credentials with IRAP Assessment

Obsidian Security Is Now Available to Protect Australia’s Federal Government Agencies from Growing SaaS Identity-Based Threats

CANBERRA, AUSTRALIA, November 26, 2024 – Obsidian Security, the leader in SaaS Security, today announced the completion of the Infosec Registered Assessors Program (IRAP) Assessment for its Australian sovereign instance of its SaaS Security Platform [undertaken by Australian cyber security specialists Securus Consulting Group].

IRAP, developed by the Australian Signals Directorate, independently assesses system security controls; federal agencies use IRAP Assessment outcomes to evaluate a system’s suitability for their security requirements. Completing the IRAP Assessment gives Australian public sector agencies greater confidence when deploying Obsidian Security to protect their SaaS identities, applications, and data.  

As the world’s largest private and public sector organisations increasingly adopt SaaS, these applications have become the next attack front. Enabling Australia’s federal government agencies to enact a security strategy across their SaaS applications with Obsidian, encompassing configuration, identity protection, detection, and response, comes right as SaaS breaches have surged 300% year over year—with identity-based attacks becoming the dominant tactic for adversaries.

Obsidian Security has strong ties to the local market through its Australian co-founder, Glenn Chisholm, and long standing ASX-listed customers. “All these applications adopted by public and private organisations create all sorts of blind spots for security teams, especially around identity,” Chisholm said. “ Threat actors are increasingly focused on exploiting these gaps. Completing the IRAP assessment means we can protect government agencies from these sophisticated attacks in the same way we do for Australia’s largest telcos, banks, and healthcare providers.” 

Chisholm added that the implicit trust many organisations have in their SaaS providers to configure the applications for them often leaves sensitive data unknowingly exposed. “While SaaS providers ensure the security of the application’s infrastructure, the user is responsible for implementing appropriate security measures around their human and non-human identities – this includes things like multifactor authentication and privilege controls,” Chisholm said. “Compounding the risk, these apps are often implemented outside the purview of the organisation’s security team. Obsidian offers a single platform for visibility, control, and global enforcement over the organisation’s entire SaaS ecosystem.”

The completion of the IRAP Assessment to the PROTECTED security classification adds to Obsidian’s global certifications including SOC 2, and ISO certifications 27001 and 27701. In October this year, Obsidian added further investment in the region with the launch of a new Sydney datacentre built on AWS to strengthen data sovereignty for local customers. 

About Obsidian Security

Obsidian Security is the premier security solution designed to drastically reduce the attack surface area of SaaS applications by 80% on average. With contextual user activity data, configuration posture, and a rich understanding of 3rd-party integrations in SaaS, the Obsidian platform reduces incident response times by 10x and streamlines compliance with internal policies and industry regulations. Notable Fortune 500 companies trust Obsidian Security to secure SaaS applications, such as Salesforce, GitHub, ServiceNow, Workday, and Atlassian. Headquartered in Southern California, Obsidian Security is a privately held company backed by Menlo Ventures, Norwest Venture Partners, Greylock Partners, IVP, GV, and Wing. For more information, visit www.obsidiansecurity.com