The Australian Taxation Office has put out the call for the replacement of its all-important secure internet gateway used to intercept security threats before they reach the IT environment.

Yesterday the agency approached the market to select a new gateway (SIG) service that could support “current and future business transaction needs”, as it increasingly moves to integrate directly with tax and super clients using APIs.

The “critical service” is used to securely manage the ATO’s connection with the internet and other external channels like the intra government communications network (ICON), and protect its IT environment from security threats, harmful code and spam.

Its current SIG, dubbed the Secure ATO Gateway Environment or SAGE, supports some 25,000 ATO staff, close to 6 million myGov accounts linked to ATO Online and an average of more than 8 million emails sent each month.

SAGE consists of a number of “technology-based security mechanisms described in the defence-in-depth model”, including the network security (information transfer) layer, security zoning and security proxies.

But the agency wants to move from having an on premises SIG with a single entry point to one that is located off premises and provides “multiple entry points in to each of the ATO’s environments”.

“To achieve this, the ATO believes that there will be a SIG for on premise and then virtual instances hosted in each of the [AWS and Azure] cloud environments,” tender documents state.

It is looking for a service provider to “support the distributed and agile nature of the ATO and support machine assisted analysis of the ATO Data and Systems through an integrated management, configuration and monitoring system” for up to the next nine years.

The ATO said it would consider either an existing shared Australian Signals Directorate certified SIG that was currently used by an organisation of similar size and complexity, or a dedicated SIG solution based on a commercialised offering built and managed for other clients.

The future SIG services will give the ATO real-time visibility to support the agency’s future security state of real-time monitoring and response.

The agency is planning to award a contract by July 2019.