The waters of cloud security remain relatively murky for some, as many third-party contractors get involved in the highly collaborative process. Infocomm Development Authority of Singapore to define a new scheme under the CSA Open Certification Framework and the Singapore Multi-Tier Cloud Security standard. This will be issued under The CSA Security, Trust & Assurance Registry (STAR), a publicly accessible database that shows the security controls of many different cloud companies and hopes to help users figure out which provider is best suited to satisfy their unique objectives.
According to CSA, the collaboration with IDA aims to provide a platform for cross-certification and recognition that will allow providers to have a local certification in Singapore as well as international certifications.
"Organizations such as the IDA along with other Singaporean entities have already been working diligently on defining specifications for multi-tiered cloud computing security," said Aloysius Cheang, Managing Director APAC, for the CSA. "Through this partnership, we believe both organizations together will be able to define and publish a robust cross-certification scheme that will benefit all APAC cloud service providers and their customers."
Khoong Hock Yun, assistant chief executive for the IDA said cloud providers can obtain these certifications on multi-tier cloud standards if they want to address the local Singapore market.
In its security guidance for critical areas of cloud computing report, the CSA said the emergency of the cloud as a preferred technology for IT have made issues of safety more important than ever. Confidential and sensitive data being given to cloud service providers or third parties may be a scary proposition, but there are ways that all of this data can be kept safe with a proper framework in place.
"The evolution of cloud services has enabled business entities to do more with less: fewer resources and better operating efficiency," the report said. "This has many tangible benefits for business, yet there are inherent security risks that must be evaluated, addressed and resolved before businesses will have confidence in securely outsourcing their IT requirements to cloud security providers."
Some issues that must be accounted for include compliance with international or local security standards, architectural best practices and physical security assurances. This certification could help ease many concerns of these areas of cloud security going forward.
Cloud Security News from SimplySecurity.com by Trend Micro.