IDA issues outage guidelines for cloud service providers

IDA issues outage guidelines for cloud service providers

The Cloud Outage Incident Response guidelines gives clarity to enterprises and cloud service providers on what measures and processes should be put in place to prepare for and respond should such outages occur.

SINGAPORE: There will be more clarity regarding the processes and responses by cloud service providers (CSPs) should there be a downtime, according to the Infocomm Development Authority of Singapore (IDA).

A set of Cloud Outage Incident Response (COIR) guidelines were issued on Friday (Feb 26) by IDA Assistant Chief Executive Khoong Hock Yun, which drew on the combined work and feedback of enterprises and public agencies to enhance CSP resilience capabilities. Previously, businesses has said that they were not clear on what CSPs would do should a downtime occur, which hindered uptake of cloud computing services.

There are four tiers of responses these services providers can prepare for based on the projected impact of outages:

  • Tier 1 - Systemic/Life-threatening Impact (Example: Airplane traffic controls industry)
  • Tier 2 - Business Critical Impact (Example: Payment gateways)
  • Tier 3 - Operational Impact (Example: Corporate emails)
  • Tier 4 - Minimal Impact (Example: General information websites)

With these guidelines, CSPs can clearly outline the scope and scale of resilience measures they offer as part of their cloud services in the terms and conditions. "Such measures can include clarity on mobilisation of emergency resources, prioritisation levels for recovery and restoration of affected cloud services."

Mr Khoong, speaking at the Singapore Computer Society's Business Continuity Management Conference on Thursday, said an important foundation for a vibrant digital economy is a flexible, cohesive and integrated cloud ecosystem that meets businesses' needs.

"In our journey towards being a Smart Nation, this Cloud Outage Incident Response guidelines complement our efforts to drive ICT standards, strengthen resiliency and encourage clarity for businesses as cloud users," he said.

These guidelines follow the launch of the Multi-Tier Cloud Security Standard by IDA in 2013, which was to provide businesses with more clarity on the levels of security offered by CSPs.

Source: CNA/kk