13 November 2013 - A new cloud security standard has been launched to provide businesses with greater clarity on the levels of security offered by different cloud service providers (CSPs).
Singapore, 13 November 2013 | For Immediate Release
A new cloud security standard has been launched to provide businesses with greater clarity on the levels of security offered by different cloud service providers (CSPs).
Dubbed the Multi-Tier Cloud Security Standard for Singapore (MTCS SS), the new standard is aimed at spurring the adoption of cloud computing across industries.
"Cloud Computing is a very attractive way for companies of all sizes to consume technology. However, the foundation for Cloud Computing is security, so today we are launching the Multi-Tier Cloud Security Standard for Singapore," said Executive Deputy Chairman of IDA Steve Leonard. "This standard increases clarity around the security service levels of cloud providers, while also increasing the level of accountability and transparency from these companies", he added.
The MTCS SS is the world's first cloud security standard that covers multiple tiers. With the new standard, certified CSPs will be able to spell out the levels of security that they can offer to their users.
MTCS SS has a self-disclosure requirement for CSPs covering service-oriented information that is normally included in Service Level Agreements. This covers areas such as data retention, data sovereignty, data portability, liability, availability, business continuity, disaster recovery, as well as incident and problem management.
Businesses that rely on cloud computing services will also be able to use the MTCS SS to better understand and assess the cloud security they require.
A low-risk, public-facing website could, for example, rely on a tier-1 certified CSP, while more sensitive business and personal data might require a tier-2.
The development of the MTCS SS commenced in April 2012 after a Working Group was formed under the IT Standard Committee (ITSC). The standard's document is now available on SPRING's standards publication website as the SS 584 standard for S$140.05 (excluding GST).
The IDA will also offer an early adoption grant scheme that will help defray specific costs in MTCS SS certification. The scheme will provide a grant up to 50% or S$15,000, whichever is lower, for costs of certification and consultancy services.
While the MTCS is voluntary, its certification will be a requirement for CSPs participating in future public cloud service bulk tenders from the Government.
CSPs can certify themselves at any of the five qualifying certification bodies – the British Standard Institute, Certification International Pte Ltd, DNV Business Assurance, SGS International Certification and TUV SUD PSB Certification.
Moving forward, the IDA will be working to cross-certify the MTCS SS with other international certification schemes – such as the International Standard Organization (ISO) 27001 Information Security Management System (ISMS) and Cloud Security Alliance (CSA) Open Certification Framework (OCF) – to help those CSPs already certified against them to meet SS 584.
It will also assist such CSPs, including foreign ones, which offer cloud computing services in Singapore and the Asia-Pacific region.
The continued development of cloud security standards is also being undertaken by the International Organization for Standardization (ISO), with completion expected in 2-3 years. The IDA will contribute parts of MTCS SS to various ISO/IEC cloud initiatives.
In a similar spirit, the Technical Reference (TR30) developed by the IDA in 2012 on Virtualization Security is also being contributed to a working group between CSA and IDA to produce a white paper for the global cloud industry.
ISSUED BY CORPORATE AND MARKETING COMMUNICATIONS DIVISION
INFOCOMM DEVELOPMENT AUTHORITY OF SINGAPORE
About Infocomm Development Authority of Singapore
The mission of the Infocomm Development Authority of Singapore (IDA) is to develop information technology and telecommunications within Singapore with a view to serve citizens of all ages and companies of all sizes. IDA does this by actively supporting the growth of innovative technology companies and start-ups in Singapore, working with leading global IT companies as well as developing excellent information technology and telecommunications infrastructure, policies and capabilities for Singapore. For more news and information, visit www.ida.gov.sg.