According to CommVault's recent study conducted by IDC, even though cloud is among the top investment areas for organisations across Asia Pacific (APAC) and India, it is still plagued by security concerns. Having certification standards could help cloud service providers (CSPs) dispel such concerns and assure its customers of its services, said Pavel Ershov, Odin's VP and General Manager, APAC & Japan.
He explained that the business value of being certified is two-fold.
Firstly, it provides a clear and trusted reference point for customers to determine if a CSP's services meet their needs. "The fact that certification is only provided after a third-party conducts a compliance audit means that customers can be assured that CSPs will deliver the services as promised by the certification. This makes matching customers with CSPs easier."
Secondly, certification could be used as a differentiator in a crowded industry that competes largely on price. "Cloud certification standards are very much like the labels you find on food items at your local supermarket; if you want a food item high in fibre, you just pick one that indicates high amounts of fibre on the label. Similarly, organisations generally choose their CSP based upon the type of data they host, as well as how critical the applications they intend to host are. Generally, organisations with more critical application and sensitive data will seek a CSP that fulfils more stringent certification standards," said Ershov.
MTCS SS: Providing a clear guidance for CSPs in Singapore
The diverse range of certification standards being used across the region - such as Cloud Security Alliance's Star Certification and ISO 27001 certification - makes it challenging for CSPs to know which certification they need.
In an attempt to address this confusion, Singapore introduced a multi-tier cloud security standard (MTCSS SS) in 2013. Through MTCS SS, CSPs will be able to better spell out the levels of security they can offer to users through third-party audit and certification, and a self-disclosure requirement covering service-oriented information normally captured in service level agreements. This allows customers to better understand and assess the cloud security they require. "MTCSS SS aims to provide greater clarity on the security levels of CSPs while increasing the level of accountability and transparency offered by providers," said Ershov.
One CSP that has achieved this certification and benefited from it is ReadySpace. "We recently achieved MTCS SS Level 1-certification, which has enabled us to provide proof to potential customers that our services are secure and capable of hosting their data," said David Loke, CEO and Co-founder of ReadySpace. "This simplifies the process of choosing a CSP, especially for small and medium-sized businesses that do not have a dedicated IT staff to provide advice on which cloud service is best for them. Besides that, achieving certification enables us to bid for future public cloud bulk tenders from the Singapore government."
Sign up for CIO Asia eNewsletters.