Cloud Security

The SS 584 is the world’s first cloud security standard that covers multiple tiers and can be applied by Cloud Service Providers (CSPs) to meet differing cloud user needs for data sensitivity and business criticality.

 

This standard seeks to assist in driving cloud adoption across industries by giving clarity around the security service levels of cloud providers, while also increasing the level of accountability and transparency from these companies.

 

With the new standard, certified CSPs will be able to better spell out the levels of security that they can offer to their users. This is done through third-party certification and a self-disclosure requirement for CSPs covering service-oriented information normally captured in Service Level Agreements. The disclosure covers areas including: Data retention; data sovereignty; data portability; liability; availability; BCP/DR; incident and problem management.

 

While the adoption of MTCS SS is voluntary, being certified under SS 584 will be a requirement for CSPs participating in future public cloud services bulk tenders from the Government.

 

CSPs can certify themselves ONLY with five qualifying certification bodies

 

Tiering System

 

MTCS SS has three different tiers of security, Tier 1 being the base level and Tier 3 being the most stringent.

  

Tier 1 Designed for non-business critical data and system, with baseline security controls to address security risks and threats in potentially low impact information systems using cloud services (e.g.: Web site hosting public information)

 

Tier 2 Designed to address the need of most organizations running business critical data and systems through a set of more stringent security controls to address security risks and threats in potentially moderate impact information systems using cloud services to protect business and personal information (e.g.: Confidential business data, email, CRM – customer relation management systems)

 

Tier 3 Designed for regulated organizations with specific requirements and more stringent security requirements. Industry specific regulations may be applied in addition to these controls to supplement and address security risks and threats in high impact information systems using cloud services (e.g.: Highly confidential business data, financial records, medical records)

 


 

Key Services

ECCI through its deep functional expertise offers consulting services to help CSPs get prepare themselves for MTCS certification. ECCI has partnered with ISC Certification Pte Ltd, 1 of only 5 accredited certifying bodies for this standard.

 


IT Disaster Recovery Service Management