CyberArk empowers Australia’s cyber resilience with IRAP assessment completion at the protected level
As ransomware strains hospital operations and supply‑chain attacks target energy grids, Australia’s public and regulated sectors need proven cyber resilience. At the heart of most breaches lie human error and weak identity controls, making the Infosec Registered Assessors Program (IRAP) assessment program the gold standard for moving sensitive workloads to the cloud. With CyberArk’s recent IRAP assessment completion at the Protected level, CISOs, CTOs, and compliance officers gain a trusted partner who not only meets regulatory mandates, but accelerates continuous, real‑time security. Read the official press release here.
Meeting Australia’s gold standard in cloud security
The IRAP assesses cloud services against the Australian Cyber Security Centre’s rigorous Information Security Manual (ISM), covering access controls, data protection, and incident readiness.
By certifying our Workforce Identity Security platform, CyberArk has demonstrated to independent assessors that we embed continuous monitoring, incident‑ready logging, and real‑time alerting to compress detection and response timelines. We secure and audit every privileged credential to ensure uninterrupted oversight of administrative access. Sensitive data is encrypted and segmented both in transit and at rest, with local data‑residency options available to meet sovereignty requirements. Looking ahead, CyberArk plans to add further solutions to the IRAP assessment to secure IT and developer users.
For leaders driving cloud‑first initiatives, the IRAP assessment isn’t merely a checkbox; it’s an operational accelerator. Certified control sets shrink procurement cycles and streamline architecture reviews, empowering teams to deploy secure access faster and with greater confidence.
Real‑world impact
IRAP‑grade controls translate into faster, more decisive risk mitigation and real operational continuity for critical services. Melbourne Polytechnic has a strategy of continually fortifying its security posture. Part of this initiative is to move key capabilities to the cloud and capitalize on the operational benefits of a reduced on-premise footprint, ensuring ongoing protection over increasingly malicious cyber attacks.
From compliance to competitive advantage
While the IRAP assessment remains mandatory for many government engagements, its true value extends beyond regulatory checkboxes. Organizations that bake IRAP‑level security into operations gain streamlined audits through pre‑built ISM‑aligned reporting templates that reduce weeks of manual evidence gathering to hours. They achieve unified governance with a single pane of glass for both human and machine identities, ensuring consistent Zero Trust enforcement across BYOD, cloud APIs, and on‑premises workloads. These efficiencies drive measurable ROI, including fewer breach investigations, reduced help‑desk tickets, and faster deployment for digital services.
How CyberArk adapted for IRAP
When Australian customers highlighted gaps in cloud identity governance, CyberArk responded by developing pre‑configured policy templates mapped directly to ISM controls, enabling rapid deployment of delegated administration and guardrails. We enhanced our logging architecture with turnkey SIEM connectors and real‑time alerting to capture every access event for instant anomaly detection.
“Achieving IRAP Protected level isn’t just about ticking a regulatory box, it’s about demonstrating a commitment to safeguarding Australia’s critical infrastructure. This milestone gives CISOs and compliance leaders the confidence to move sensitive workloads to the cloud, knowing they have a partner who truly understands the local threat landscape,” said Eduarda Camacho, Chief Operating Officer at CyberArk.
Building on IRAP to deliver end-to-end workforce identity security
CyberArk’s IRAP Protected achievement establishes a robust baseline for workforce protection in Australia’s dynamic threat environment. We recognize that attackers shift tactics, from targeting misconfigured endpoints to exploiting stolen credentials, so a single control won’t suffice. Our end‑to‑end Workforce Identity Security solution layers device posture checks, least‑privilege enforcement, adaptive MFA and SSO, and continuous session monitoring with threat isolation. This holistic framework ensures every user and device is validated, governed, and protected beyond compliance requirements.
By embedding passwordless alongside identity governance, contextual access policies, and real‑time anomaly detection, CyberArk delivers seamless yet secure access from on‑boarding through off‑boarding. Users enjoy streamlined login experiences, while security teams gain full visibility into who’s accessing what, when, and how. As threats evolve, our platform continually adapts, anticipating new attack vectors and automatically applying the latest controls so organizations stay both resilient and productive.
Rahul Dubey is vice president of public sector solutions at CyberArk.