With the paradigm shift in computing where businesses and end-users can access infocomm services via cloud computing, IMDA has since 2007 increased its focus from seeding cloud service providers and sharpening Singapore overall competitiveness through adoption of cloud services to enhancing the vibrancy and growth of infocomm sector through development of a cloud ecosystem. With the recent launch of IMDA Services 4.0 in Nov 2018, cloud has become naturally the de facto platform that catalyses and supports the delivery of seamless digital Services enabled by emerging technologies.
Cloud security has always been the key impediments to the adoption of cloud services since its inception. Much concerted effort was put in to secure its delivery and at the same time, build trust through transparency as cloud grows in importance. Several standards related to cloud computing security were developed. A technical reference (TR30) for Virtualisation Security for Servers was introduced in 2012 followed closely by the launch of the world’s first cloud security standard that covers multiple tiers of cloud security (MTCS SS 584) in Oct 2013. An accredited certification scheme was subsequently introduced in 2014. It is now the de facto standards for the cloud industry in Singapore. The TR30 was later contributed to international standard body (ISO/IEC JTC1) and enhanced as an international standard (ISO/IEC 21878:2018).
SS584 : 2020 Specification for multi-tiered cloud computing security
The Singapore Standard, commonly known as MTCS, is the world’s first cloud security standard that covers multiple tiers of cloud security developed under the Information Technology Standards Committee (ITSC) for Cloud Service Providers (CSPs) in Singapore. The MTCS standard specifies 3 different tiers of security certification qualified with types of services (e.g. Infrastructure-as-a-Service).
- Multi-Tier Cloud Security (MTCS) Certification Scheme
In conjunction with the MTCS standard, the MTCS Certification Scheme has been established to a) encourage adoption of sound risk management and security practices by CSPs through MTCS certification; and b) promote the adoption of MTCS standard. CSPs can participate through the certification scheme provided. For more information on this scheme and the certification process, click here.
- MTCS Certified Cloud Services
MTCS are adopted by many Cloud Service Providers (CSPs) to meet different cloud user needs for data sensitivity and business criticality. Click here for a list of MTCS-certified cloud services and the associated providers.
TR 62 : 2018 Guidelines for cloud outage incident response (COIR)
This Technical Reference continues Singapore’s strong commitment to Business Continuity Management and Disaster Recovery (DR) Plans by bringing clarity on how to respond to outages in the cloud. This will strengthen transparency, trust and resilience of cloud service providers (CSPs) in a Smart Nation.
The main objective is to reduce damages and losses caused by cloud outages by providing a COIR framework for Cloud Service Customers (CSCs) to choose the appropriate outage protection measures to complement their own business continuity/IT DR capabilities through:
- a set of common parameters and guidelines for CSCs for identification, evaluation, and negotiation of protection needs with CSPs to incorporate into the SLAs;
- sharing of COIR practices by CSPs via the same set of common parameters to facilitate comparison and matching of outage protection needs with provisions.
The guidelines focus on cloud outage directly associated with operational mistakes, infrastructure or system failure and environmental issues (e.g. flooding, fire) but exclude cyber security, and malicious act. The guidelines are industry agnostic and primarily meant to serve the needs of all types cloud users. It is applicable to all types of cloud service models as well as cloud deployment models.
- Adoption and Self-Disclosure
Adoption of the COIR guidelines is entirely voluntary. However, CSPs are encouraged to share their service support capabilities with respect to cloud outage using the COIR self-disclosure form (18.96KB) and email the first two pages (disclosed COIR practices information) of the duly completed, stamped and signed e-form to email@example.com for listing here.
- Below is a list of CSPs who have made their self-disclosure available here.
- Alibaba Cloud (378.48KB)
- Huawei Cloud Computing Technologies Co. Ltd (2.84MB)
- NewMedia Express Pte Ltd (287.58KB)
- ReadySpace SG Pte Ltd (406.75KB)
- Ribose Group Inc (57.09KB)
- Tata Communications Ltd (683.87KB)
- Zettagrid (Singapore) Pte Ltd (206.13KB)
All enquiries regarding COIR Guidelines can be addressed to firstname.lastname@example.org
SS ISO/IEC 21878:2019 Security Guidelines for Design and Implementation of Virtualised Servers
The intended goal of this standard is to facilitate informed decisions with respect to architecting virtualised server’s configurations from the security perspective. Such design and implementation guidance is expected to assure the appropriate protection for all virtual machines (VMs) and the application workloads running in them in the entire virtualised infrastructure of the organisation. This standard is an identical adoption of ISO/IEC 21878:2018.
Where to buy
The cloud standards are available for purchase from the Singapore Standards eShop.
- Alignment of MTCS to Healthcare IT Security Policy & Standards
- Harmonization of MTCS SS with IS027018:2014
- MTCS to ISO27001:2013 Cross Certification
- ISO27001:2013 to MTCS Cross Certification
- MTCS to CSA STAR Cross Certification
- CSA STAR to MTCS Cross Certification
IMDA and United States Federal Communications commission signed MOU to promote bilateral cooperation
The Infocomm Media Development Authority (IMDA) of Singapore and the United States Federal Communications Commission (FCC) have...
Nominations for 3rd edition of 100 Women in Tech list now open
Public invited to nominate women who are making an impact on Singapore’s tech industry “Girls in Tech” category returns for female...
Singapore and the European Free Trade Association launch negotiations on Digital Economy Agreement
Singapore and the European Free Trade Association (EFTA) have launched negotiations on an EFTA-Singapore Digital Economy Agreement...
Singapore and the European Union Sign Digital Partnership
Minister-in-charge of Trade Relations S Iswaran and European Commissioner for Internal Market Thierry Breton signed the...
Singapore firms can now tap on Temus-IMDA's talent conversion programme to fill tech roles
Singapore’s Minister for Communications and Information Mrs Josephine Teo officiated the launch of Temus’ Step IT Up programme...
Enhanced measures against scam SMS
As part of the measures announced by the Infocomm Media Development Authority (IMDA) in October last year, all organisations that...
IMDA and ACMA signed Memorandum of Understanding for enhanced cooperation to combat scam and spam communications
Infocomm Media Development Authority (IMDA) and Australian Communications and Media Authority (ACMA) signed Memorandum of...
The Korea-Singapore Digital Partnership Agreement Enters into force
The Korea-Singapore Digital Partnership Agreement (KSDPA) will enter into force on 14 January 2023. The KSDPA was signed by Second...
IMDA announces a $5 million fund to support Singapore’s media industry to adopt virtual production
To ensure that the local media industry remains competitive as the international partner of choice to create premium IP, the...
20 Industry Digital Plans, which have contributed to the uplifting of more than 85,000 businesses, will be progressively refreshed, with the Food Services Sector being the first to benefit from the refreshed model
The refreshed Food Services Industry Digital Plan will include a refreshed Digital Solution Roadmap, introduction of a roadmap...