Presentation is loading. Please wait.

Presentation is loading. Please wait.

Singapore: Benefits from Secure Clouds

Published byBrian Parker Modified over 9 years ago

Similar presentations

Presentation on theme: "Singapore: Benefits from Secure Clouds"— Presentation transcript:

1 Singapore: Benefits from Secure Clouds
4/23/2017 Singapore: Benefits from Secure Clouds Lee Hing Yan (Dr.) National Cloud Computing Office Presented to: 4th International Conference of the Asia Forum 12 June 2015

2 Key Thrusts for Cloud Computing
4/23/2017 Enhance vibrancy & growth of infocomm sector through cloud ecosystem development Sharpen competitiveness through adoption of cloud computing Support Flagship Users of Cloud Services Attract Cloud Players Develop Manpower & Competency for Industry Forge R&D Relationships and Build Knowledge Capital Assets Provide Enabling Infrastructure Build a Trusted Environment

3 Cloud Security Technical References & Standards Development
Infocomm Standards Committee (ITSC) Formed Cloud Computing Standards Coordinating Task Force in Feb 2011 Comprises industry reps Cloud Security Deliverables Technical references (published in May 2012) Best Practices for Virtualisation Security (TR30) Guidelines on Security & Service Level for Users of Public Clouds (TR31) Singapore standards (published in Oct 2013) Multi-Tiered Model on Cloud Security (MTCS) as SS584

4 A Multi-Tier Model Industry Specific Standards
(e.g. Govt, Finance & Healthcare industries) – More Specific Controls Multi-tier Cloud Security Standards – Cloud Related Controls ISO (ISMS) – Base Standards

5 Status of MTCS Completed development in mid 2013
Work commenced in 2011 Completed 2 rounds of 2-month public comment of draft standard ~300 comments addressed in 1st round ~48 comments addressed in 2nd round Comments received from CSPs like SFDC, AWS, … Approved as Singapore Standard by ITSC & SPRING in Aug 2013 Launched in Nov 2013 Revised in May 2015

6 Its Objective To provide a cloud security framework
Caters for different needs of cloud users from basic requirements to one with high confidentiality, high integrity & high availability such as FSI Highlights key security areas & associated controls for each tier Complements existing security standards e.g. ISO27001 & industry specific standards/regulatory requirements

7 Security Control Focus
MTCS Levels Level Overview Security Control Focus Typical Usage 1 Designed to be low cost with a minimum of required controls Baseline security controls – “security 101” • Hosting web site • Test & Development • Simulation Non-critical biz apps 2 Address the needs of most organizations that are concerned about data security A set of more stringent security controls required to address security risks & threats to data The majority of cloud usages. More critical biz apps 3 Designed for regulated organizations with specific requirements & are willing to pay for more stringent security requirements Additional set of security controls are necessary to supplement & address security risks & threats in high-impact information systems using cloud services Hosting applications & systems with sensitive information & regulated systems

8 MTCS Certification Approved as Singapore Standard by ITSC Council on 26 Aug 2013 Launched at CloudAsia in Nov 2013 7 established certification bodies participated to provide MTCS certification services More than 170 copies sold (as at end Dec 2014) Accreditation scheme by Singapore Accreditation Council was launched in Oct 2014 Currently more than 10 CSP have been MTCS certified

9 MTCS Certification – Status
4/23/2017 As of 5 June 2015

10 Singapore Government Cloud Strategy
Acknowledge each cloud computing model provides its own level of assurance & benefits Leverage on appropriate cloud for appropriate need Use public cloud offerings for appropriate needs so as to benefit from lower cost of computing resources Implement a private (community) cloud for whole-of-government use where security & governance requirements cannot be met by public clouds

11 Public Cloud Services Bulk Tenders
3 Public Cloud Services bulk tenders have been awarded T0831 awarded in Mar 2010 to 4 CSPs T1050 awarded in Apr 2012 to 6 CSPs T1242 awarded in Nov 2014 to 8 CSPs Based on demand aggregation on WOG basis Consumption Oversubscribed in 1st two bulk tenders resulting in early call MTCS certification is a mandatory requirements of CSPs seeking to sell cloud services to government agencies

12 MTCS – Harmonisation with other Frameworks
For each direction, Gap Analysis report Implementation Guide report Audit Checklist report

13 Other MTCS Related Efforts (on-going)
Revision of MTCS Aligning MTCS with ISO 27001:2013 Aligning MTCS with ISO 27018 Aligning MTCS with ISO27017 (when published) Aligning MTCS with FGH sectors Others Cloud Outage Incident Response

14 Singapore - CSA Collaboration
MOU signed with Cloud Security Alliance in June 2013 Developed joint whitepaper Based on TR30 & CSA Domain 13 Available for release in Apr 2015 Submitted NWI on Study Period on Server Virtualization Security Approved at ISO/IEC WG4 SC27 in May 2015

15 Summary Adopts open approach Aligns with international norms
Welcomes collaboration with industry

16 National Cloud Computing Office Infocomm Development Authority of Singapore 10 Pasir Panjang Road #10-01 Mapletree Business City Singapore

Download ppt "Singapore: Benefits from Secure Clouds"

Similar presentations

GNSO/Council Restructure Enhance & Support SGs/Constituencies Improve Communications & Coordination Revise the Policy Development Process Adopt a WG Model.

GNSO/Council Restructure Enhance & Support SGs/Constituencies Improve Communications & Coordination Revise the Policy Development Process Adopt a WG Model.
New GSMP Governance Proposal (This recommendation provides the governance approach for the standards development only) ISDP Governance Team 2-September-2009.

New GSMP Governance Proposal (This recommendation provides the governance approach for the standards development only) ISDP Governance Team 2-September-2009.
19/02/2006 The NESSI European Technology Platform 2nd Workshop – Shanghai - 20-22 Feb 2006 Stefano De Panfilis R&D Laboratories Engineering Ingegneria.

19/02/2006 The NESSI European Technology Platform 2nd Workshop – Shanghai Feb 2006 Stefano De Panfilis R&D Laboratories Engineering Ingegneria.
Launching Egyptian Root CA and Inaugurating E-Signature Dr. Sherif Hazem Nour El-Din Information Security Systems Consultant Root CA Manager, ITIDA.

Launching Egyptian Root CA and Inaugurating E-Signature Dr. Sherif Hazem Nour El-Din Information Security Systems Consultant Root CA Manager, ITIDA.
NSW Government Information Management Framework

NSW Government Information Management Framework
Safe and Secure Solutions for Smarter Cities The value of standardization and certification in planning and managing Smart Cities 12/05/2014Euralarm.

"Safe and Secure Solutions for Smarter Cities" The value of standardization and certification in planning and managing Smart Cities 12/05/2014Euralarm.
Technical update on ISO 9001:2015 Colin MacNee Duncan MacNee Limited

Technical update on ISO 9001:2015 Colin MacNee Duncan MacNee Limited
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All Recent Standardization Activities on Cloud Computing Kishik Park, Kangchan Lee, Seungyun Lee TTA.

Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All Recent Standardization Activities on Cloud Computing Kishik Park, Kangchan Lee, Seungyun Lee TTA.
Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.

Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.
CONFIDENTIAL © 2012 IDA Singapore. All Rights Reserved. Presented to (Arial Bold 18pt) By (Arial Bold 18pt) 04 April 2011 (Arial Bold 14pt) Singapore e-Government:

CONFIDENTIAL © 2012 IDA Singapore. All Rights Reserved. Presented to (Arial Bold 18pt) By (Arial Bold 18pt) 04 April 2011 (Arial Bold 14pt) Singapore e-Government:
Strategy 2022: A Holistic View Tony Hayes International President ISACA 2013-2014 © 2012, ISACA. All rights reserved.

Strategy 2022: A Holistic View Tony Hayes International President ISACA © 2012, ISACA. All rights reserved.
The Green Deal Finance Company - a collaborative company to enable and underpin the Green Deal The Green Deal in Scotland July 2012.

The Green Deal Finance Company - a collaborative company to enable and underpin the Green Deal The Green Deal in Scotland July 2012.
Security Controls – What Works

Security Controls – What Works
© 2004 Visible Systems Corporation. All rights reserved. 1 (800) 6VISIBLE www.visible.com Holistic View of the Enterprise Business Development Operations.

© 2004 Visible Systems Corporation. All rights reserved. 1 (800) 6VISIBLE Holistic View of the Enterprise Business Development Operations.
Presentation By: Chris Wade, P Eng. Finally … a best practice for selecting an engineering firm.

Presentation By: Chris Wade, P Eng. Finally … a best practice for selecting an engineering firm.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
First Practice - Information Security Management System Implementation and ISO 27001 Certification.

First Practice - Information Security Management System Implementation and ISO Certification.
Geneva, Switzerland, 15-16 September 2014 ENISA role in ICT standardization Sławomir Górniak, ENISA ITU Workshop on “ICT.

Geneva, Switzerland, September 2014 ENISA role in ICT standardization Sławomir Górniak, ENISA ITU Workshop on “ICT.
1 ISO/RTO Council Wholesale Demand Response Projects & OpenADR David Forfia.

1 ISO/RTO Council Wholesale Demand Response Projects & OpenADR David Forfia.
Www.enisa.europa.eu European Union Agency for Network and Information Security Follow ENISA: ENISA and standards Sławomir Górniak European Union Agency.

European Union Agency for Network and Information Security Follow ENISA: ENISA and standards Sławomir Górniak European Union Agency.

Similar presentations

Ads by Google