The Infocomm Development Authority of Singapore (IDA) recently launched a new Multi-Tier Cloud Security Standard (MTCS SS) for Singapore to encourage businesses to adopt cloud computing.
With the new standard, certified cloud service providers (CSP) will be able to clearly define the levels of security that they can offer to their customers. This "increases the level of accountability and transparency of these CSPs", said executive deputy chairman of IDA Steve Leonard.
MTCS SS has a self-disclosure requirement for CSPs covering service-oriented information that is normally included in Service Level Agreements. This covers areas such as data retention, data sovereignty, data portability, liability, availability, business continuity, disaster recovery, as well as incident and problem management.
Businesses relying on cloud computing services will also be able to use the MTCS SS to better understand and assess the cloud security they require.
A low-risk, public-facing website could, for example, rely on a tier-1 certified CSP, while more sensitive business and personal data might require a tier-2.
Even though MTCS is currently voluntary, the certification will be a requirement for CSPs participating in public cloud service bulk tenders from the Singapore government in future.
The five qualifying certification bodies include the British Standard Institute, Certification International Pte Ltd, DNV Business Assurance, SGS International Certification, and TUV SUD PSB Certification.
IDA will work to cross-certify MTCS SS with other international certification schemes such as the International Standard Organization (ISO) 27001 Information Security Management System (ISMS) and Cloud Security Alliance (CSA) Open Certification Framework (OCF).
Sign up for CIO Asia eNewsletters.