Singapore’s tech authority lays down the law on incident response
The Infocomm Development Authority (IDA) of Singapore has unveiled a set of Cloud Outage Incident Response (COIR) guidelines that it says will help in the development of a more resilient cloud ecosystem in the data center hub of Singapore.
The guidelines tell enterprises and cloud service providers (CSPs) how to respond to a cloud outage. The measures cover mobilization of emergency resources, prioritization levels for recovery, and timely restoration of affected cloud services.
Source: Thinkstock / Matthias Straka
Are you ready for trouble?
According to the factsheet available here (pdf), the COIR guidelines assess a CSP on its readiness and preparation prior to an outage, as well as its support and service restoration commitments once an outage happens. There are four tiers of response levels that CSP can choose to prepare for, or which an enterprise customer can use to evaluate the suitability of a cloud provider for their needs.
- Tier A – Systemic/Life-Threatening Impact (E.g. Airplane traffic controls industry)
- Tier B – Business Critical Impact (E.g. Payment gateways)
- Tier C – Operational Impact (E.g. Corporate emails)
- Tier D – Minimal Impact (E.g. General information websites)
“One important foundation for a vibrant digital economy is a flexible, cohesive, and integrated cloud ecosystem that meets our business enterprises’ needs,” said IDA assistant chief executive Khoong Hock Yun in a statement. “In our journey towards being a Smart Nation, this Cloud Outage Incident Response Guidelines complement our efforts to drive ICT standards, strengthen resiliency and encourage clarity for businesses as cloud users.”
The guidelines stem from basic recommendations such as having an appropriate communications plan, the activation of senior management should an outage occur, to active monitoring of uptime via a third-party hosting service to detect outages. The last item may be difficult to implement for large providers though, and may offer inconclusive feedback depending on the complexity of a particular infrastructure deployment.
IDA says the COIR guidelines complement the Multi-Tier Cloud Security Singapore (MTCS) Standard created to certify the security practices of CSPs, and is working with the IT Standards Committee to be turned into a Singapore Standard.