DataLab Access

The ABS is committed to keeping the ABS DataLab safe and secure. We have a strong data protection culture and extensive experience in keeping data secure as Australia’s national statistical organisation and as an Accredited Data Service Provider. The ABS DataLab is hosted in Microsoft Azure and meets PROTECTED level security standards as prescribed in the Australian Government Information Security Manual (ISM) and Protective Security Policy Framework (PSPF). It is subject to Independent Security Registered Assessors Program (IRAP) certification, ongoing security audits and robust IT security testing and patching delivering the Safe Settings aspect of the Five Safes Framework.

Core security features of the ABS DataLab include:

1. Data encryption at rest to mitigate against unauthorised access to microdata
2. Azure Storage Accounts to securely hold individual research products and allow querying from authorised users
3. Cloud servers (including backup servers) hosted exclusively onshore, with access only authorised for use in Australia unless approved by the ABS
4. Closed network virtual machines to provide secure, isolated research spaces for the analysis of microdata
5. Guarded access enforced through multi-factor authentication and workspace segmentation, to restrict access to authorised users and prevent cross project data sharing.
6. 24/7 security monitoring, with Microsoft Defender protecting the product storage account to detect malicious or unusual activity.
7. Regular system patching to maintain protection against new vulnerabilities and emerging security threats.
8. Automatic disabling of inactive accounts and strict geo-location controls to reduce exposure and enhance account security.
    

The ABS employs the above with a focus on industry standard security posture management to provide a safe and secure platform for policy and program delivery work.

DataLab operates on cloud infrastructure, which may be blocked by some organisations’ firewall settings. 

The ABS cannot modify external organisational systems, so Project Leads must provide the information below to each participating organisation on the project.

Each organisation’s Network/IT Security team will need to review and adjust their settings to enable access. This only needs to be completed once per organisation.

1. Enable authentication to the tenant

Users need to authenticate to one of ABS Azure Active tenants, which may be strictly controlled by government agencies and academic workplaces. Authentication must be enabled to the tenant:

• absmydata.onmicrosoft.com

This tenant is in the Azure Australia East and Azure Australia Central regions. 

2. Allow user access to required URLs

Users will need to access the following URLs:

• DataLab production portal: datalab.abs.gov.au and sead.abs.gov.au

3. Configure your organisation's network to allow outbound connections to the following addresses required for Azure Virtual Desktop (AVD):

• login.microsoftonline.com
• *.wvd.microsoft.com
• *.servicebus.windows.net
• go.microsoft.com
• aka.ms
• learn.microsoft.com
• privacy.microsoft.com
• query.prod.cms.rt.microsoft.com 

These addresses all utilise the TCP protocol and outbound port 443 for communication. 

Contact mydataportal@abs.gov.au for further assistance.