Deploying Cloud Security Standards The MTCS Experience



Similar documents
Information Security ISO Standards. Feb 11, Glen Bruce Director, Enterprise Risk Security & Privacy

Cloud Security Certification

The Cloud Security Alliance

A Flexible and Comprehensive Approach to a Cloud Compliance Program

Data Risk Management: ISM Ground to Cloud Summit. accelerate your ambition 1

INFOCOMM DEVELOPMENT AUTHORITY OF SINGAPORE

Hans Bos Microsoft Nederland.

Cloud Security Benchmark: Top 10 Cloud Service Providers Appendix A E January 5, 2015

FAQs for ediscovery CFC briefing

PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By:

Open Certification Framework. Vision Statement

CLOUD SECURITY THROUGH COBIT, ISO ISMS CONTROLS, ASSURANCE AND COMPLIANCE

Cloud Computing: Opportunities, Challenges, and Solutions. Jungwoo Ryoo, Ph.D., CISSP, CISA The Pennsylvania State University

Cloud Architecture and Management. M.I. Deen General Manager (Enterprise Solutions) Sri Lanka Telecom

Privacy Compliance and Security SLA: CSA addressing the challenges

INFOCOMM DEVELOPMENT AUTHORITY OF SINGAPORE

Cloud Computing Technology

Robert Brammer. Senior Advisor to the Internet2 CEO Internet2 NET+ Security Assessment Forum. 8 April 2014

Security, Compliance & Risk Management for Cloud Relationships. Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32

Compliance, Audits and Fire Drills: In the Way of Real Security?

FSSC Q. Certification module for food quality in compliance with ISO 9001:2008. Quality module REQUIREMENTS

Cloud Channel Summit #RCCS15

10 Considerations for a Cloud Procurement. Anthony Kelly Erick Trombley David DeBrandt Carina Veksler January 2015

TOOLS and BEST PRACTICES

Appendix D-1 to Aproove Saas Contract : Security and solution hosting provider specs.

National Accreditation Board for Certification Bodies. Accreditation Criteria

Digital Healthcare: Author. A HIPAA compliant cloud strategy. Choosing a Cloud Service Provider. Alex Ginzburg

Cloud Computing. Chapter 1 Introducing Cloud Computing

Compliance and the Cloud: What You Can and What You Can t Outsource

Cloud certification guidelines and recommendations

Pharma CloudAdoption. and Qualification Trends

ISO 27001:2005 & ISO 9001:2008

Request for Proposal (RFP) for Selection of Agency for Cloud Management Office (CMO)

Introduction to Business Continuity Planning

GRC Stack Research Sponsorship

Cloud Computing Flying High (or not) Ben Roper IT Director City of College Station

Security in the Cloud

Cloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter

IAF Informative Document for the Transition of Food Safety Management System Accreditation to ISO/TS 22003:2013 from ISO/TS 22003:2007

Cloud Security. Peter Jopling IBM UK Ltd Software Group Hursley Labs. peterjopling IBM Corporation

IT Cloud / Data Security Vendor Risk Management Associated with Data Security. September 9, 2014

IAF Mandatory Document

Cloud Computing. Chapter 1 Introducing Cloud Computing

Microsoft s Compliance Framework for Online Services

NCTA Cloud Architecture

Cloud Security. DLT Solutions LLC June #DLTCloud

UKAS Guidance for bodies operating certification of Trust Service Providers seeking approval under tscheme

Cisco Cloud Assessments. Justin Tang

Cloud Panel Service Evaluation Scenarios

Cloud Security and Managing Use Risks

A Comparison of IT Governance & Control Frameworks in Cloud Computing. Jack D. Becker ITDS Department, UNT & Elana Bailey

CLOUD COMPUTING SECURITY IN BUSINESS INFORMATION SYSTEMS

Guidance for accreditation of EN 15224:2012 Health care services Quality management systems Requirements based on EN ISO 9001:2008

Key Speculations & Problems faced by Cloud service user s in Today s time. Wipro Recommendation: GRC Framework for Cloud Computing

EuroCloud Deutschland_eco e.v. Cloud Computing is the future! For sure! But secure!

Lifting the Fog Around Cloud Computing. Eric A. Hibbard, CISSP-ISSAP, ISSEP, ISSMP, CISA CTO Security & Privacy Hitachi Data systems

Course Design Document: IS429: Cloud Computing and SaaS Solutions. Version 1.0

Whitepaper. Canopy Security. Simplicity, Agility, Transparency. An Atos company. Powered by EMC 2 and VMware

IAF Informative Document. IAF Informative Document for the Transition of Management System Accreditation to ISO/IEC 17021:2011 from ISO/IEC 17021:2006

Cloud Risk Management: How to Consolidate your CSP and Corporate Risk Profile

IAF Mandatory Document

Food Safety. Management Systems. Scope of Accreditation

INFOCOMM DEVELOPMENT AUTHORITY OF SINGAPORE

IAF Informative Document. Transition Planning Guidance for ISO 9001:2015. Issue 1 (IAF ID 9:2015)

This document is a preview generated by EVS

Cloud Security Standards. Aziza Al Rashdi Director, Cyber Security Professional Services Oman National CERT Information Technology Authority

ISO Information Security Management Services (Lot 4)

CPNI VIEWPOINT 01/2010 CLOUD COMPUTING

The role of certification and standards for trusted Cloud solutions

2014 HIMSS Analytics Cloud Survey

IAF Informative Document for the Transition of Food Safety Management System Accreditation to ISO/TS 22003:201X from ISO/TS 22003:2007

HKCAS Supplementary Criteria No. 8

Cloud Security Introduction and Overview

Enabling Compliance Requirements using ISMS Framework (ISO27001)

(Draft) Transition Planning Guidance for ISO 9001:2015

Typical Security Measures Of Cloud Computing

BECOME A SMARTER CLOUD CONSUMER

Understanding ISO and Preparing for the Modern Era of Cloud Security

Cloud Computing in a GxP Environment: The Promise, the Reality and the Path to Clarity

HIPAA and HITRUST - FAQ

Transcription:

Deploying Cloud Security Standards The MTCS Experience Presented to ASEAN CSA Summit 2015 Tao Yao Sing Assistant Director, National Cloud Computing Office 12 June 2015

Background Cloud security is always topmost concern in adoption of cloud computing Quick survey in 2011 revealed that no applicable standards & guidelines can be directly adopted Completed development of MTCS standard in Nov 2013

MTCS Certification Framework Certification Scheme 3 different levels of certification & further qualified with types of services (IaaS/PaaS/SaaS) Certification will be valid for 3 years with a yearly surveillance audit to be conducted Qualified Assessors and CBs for MTCS Certification Audit skill and cloud computing security knowledge Relevant audit experience 7 Certification Bodies have been qualified to offer certification services Prerequisites All applicants must complete CSP self-disclosure

List of Participating Certification Bodies

Initial Deployment Early Adopters (1/2) Embarked on a Series of Awareness Activities CSPs and SaaS ISVs Industry & trade associations & users groups Professional bodies & associations Conferences & seminars Made Available Support Scheme for Certification Open to Singapore registered companies Co-payment funding support of Qualifying Costs capped at 50% Company must attain MTCS certification within a year of project commencement Must engage a participating Certification Body for auditing Scheme was later revised to support accredited certification

Initial Deployment Early Adopters (2/2) Cross-certification with other International standards Many CSPs have already been certified to some international standards (e.g. ISO27001) To enhance MTCS SS for recognition beyond Singapore by crosscertification/harmonizing with international frameworks (ISO27001 & CSA OCF/STAR) Minimize effort & reduce cost needed for CSPs to gain MTCS certification Benefit CSPs with regional business

Creating Demand Drivers push by major buyer Launched Public Cloud Services Bulk Tender in Apr 2014 Based on demand aggregation on WOG basis MTCS certification is a pre-condition for award Awarded in Nov 2014 to 8 CSPs PTC, NME, azaas, CrimsonLogic, Starhub, M1, Acclivis/Microsoft Azure, AsiaPac/AWS

List of MTCS Certified CSPs CSP Certification Level Services Amazon Web Services (SG) 3 IaaS, PaaS Clearmanage Pte Ltd 3 IaaS Microsoft Operations Pte Ltd 3, 2 IaaS, PaaS, SaaS Ribose Group, Inc. 3 SaaS Acclivis Technologies 1 IaaS Ascenix 1 IaaS Auctorizium 1 SaaS Inspire-Tech (EasiShare) 1 SaaS M1 Limited 1 IaaS, SaaS NewMedia Express Pte Ltd 1 IaaS ReadySpace 1 IaaS Starhub Limited 1 IaaS Telin Singapore 1 IaaS

Accrediting MTCS Standard Accreditation Scheme Established accreditation scheme with Singapore Accreditation Council in Oct 2014 Assurance of Quality of MTCS Certification Services Criteria for certification bodies (adherence to ISO/IEC 17021 & applicable IAF mandatory document) Criteria for MTCS auditors Streamlined estimation of audit duration

Next Steps Driving SaaS Certification A core group of MTCS certified IaaS service providers are available to host SaaS Partnership with these MTCS certified IaaS service providers to offer support SaaS ISVs Alignment of MTCS Standard with Specific Industry Sectors Joint Working Group formed to map MTCS to Healthcare IT Security Policies & Standards Alignment of MTCS to healthcare security requirements will open up public cloud services to healthcare sector Further Expansion of MTCS to Address other Related Concerns E.g. cloud outage and incident response

Thank You tao_yao_sing@ida.gov.sg

MTCS Conceptual View Govt Finance MGF Domain Specific Standards More Specific Controls Healthcare Multi-tier Cloud Security Standards Cloud Related Controls ISO 27001 (ISMS) Base Standards Constr MTCS designed with ISO27001:2005 as base Other relevant standards, guidelines & reference documents are considered including TR30, TR31, CSA CCM, PCI DSS, ENISA, NIST 800 series & industry specific guidelines

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information