Microsoft Azure and Office 365 achieves highest level of certification for the Singapore Multi-Tier Cloud Security Standard

 |   Singapore News Center

Dynamics becomes the only CRM solution to be certified; Microsoft to collaborate with IDA to mentor independent software vendors to obtain certification

SINGAPORE – 15 June 2015 – Microsoft today announced that Azure1 and Office 3652 have achieved the highest level certification, Level 3, of the Multi-Tier Cloud Security (MTCS) Standard for Singapore (SS 584) which has been designed for regulated organisations with specific requirements and more stringent security requirements. Microsoft’s Dynamics CRM Online has also been assessed and certified as complying with Level 2 of MTCS SS, which is designed to address the needs of most organisations running business critical data and systems through a set of more stringent security controls to protect business and personal information in potentially moderate impact information systems using cloud services.

With these, Microsoft remains the first and only global Cloud Service Provider (CSP) to obtain certification across its Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS) cloud services – having achieved Level 1 certification for Azure and Office 365 earlier in October 2014. The speed and completeness through which Microsoft has certified its cloud portfolio to the highest level required reaffirms the commitment to offer a truly holistic and trusted cloud to the local ecosystem. To date, Dynamics CRM Online is also the only customer relationship management SaaS that has been MTCS certified.

As part of a new collaboration inked in June 2015, Microsoft will also be collaborating with the Infocomm Development Authority of Singapore (IDA) on the Support for Cloud-enabled Certified Secure SaaS (SUCCESS) programme. Through this programme, Microsoft will share its own certification journey and proactively reach out to independent software vendors to help them undertake MTCS certification with the necessary support and training. Collectively, these proactive certifications help build more trust by users who will come to depend on the cloud more and more on optimising operations and innovating processes.

MTCS SS 584 is Singapore’s cloud security standard, developed under the Information Technology Standards Committee (ITSC), to help drive cloud adoption across industries by giving clarity around the security service levels of CSPs, while also increasing the level of accountability and transparency from CSPs. Through MTCS SS 584, CSPs will be able to better spell out the levels of security that they can offer to users through third-party audit and certification, and a self-disclosure requirement covering service-oriented information normally captured in service level agreements. This self-disclosure allows users that rely on cloud services to better understand and assess the cloud security they require. Areas of self-disclosure include: data retention, data sovereignty, data portability, liability, availability, business continuity, disaster recovery, as well as incident and problem management. Comprehensive audits were also conducted at data centres, and of areas from firewall configurations to the background on resources operating the data centres.

“IDA takes pride that Cloud Service Providers such as Microsoft are upgrading themselves proactively to meet the needs of enterprises and rolling it out worldwide. Continued strengthening of their security standards will help increase the confidence in cloud computing and benefit businesses as more of them choose to move their storage to the cloud,” said Khoong Hock Yun, Assistant Chief Executive of the Infocomm Development Authority of Singapore.

“The speed with which we have brought the most complete and comprehensive cloud portfolio in the market to MTCS reinforces Microsoft’s commitment to accelerate Singapore’s cloud adoption and cloud innovation across industries,” said Jessica Tan, Managing Director for Microsoft Singapore. “People will only use information technology they can trust. Microsoft’s cloud portfolio is the most trusted with 22 certifications, self-attestations and guidance framework adoptions from around the world, more than any other hyper-scale cloud platform provider. We hope to build on that trust to draw on the opportunities provided by an intelligent cloud to optimise public, business and community services and experiences – to reinvent productivity and business processes.”

The Microsoft Cloud is based on decades of experience, a strong commitment to security, privacy, and transparency, and strict adherence to leading industry practices. As the only cloud leader credited in all four of the Gartner Cloud Computing Magic Quadrants, it has also received the most certifications and attestations from around the world for its compliance – including being the first cloud computing platform to confirm to ISO/IEC 27018, the only international set of privacy controls in the cloud.

In addition to MTCS, Microsoft also recently received the United States Defence Information System Agency (DISA)3 Level 2, Japan Financial Industry Information Systems (FISC)4, and New Zealand Government Chief Information Officer (GCIO)5. These new certifications, self-attestations and guidance framework adoptions are the latest examples of how Microsoft is continuing to invest heavily in compliance programmes, and in the design and implementation of innovative compliance processes. Azure’s unmatched array of certifications and attestations provide customers with a solid foundation to achieve compliance for the infrastructure and applications they run in Azure.

1 Azure services include Virtual Machines (IaaS), Cloud Services, Batch, Web App, Mobile Services, Core, Notification Hubs, Storage, SQL Database, HDInsight, Virtual Network, Traffic Manager, Express Route, Service Bus, BizTalk Services, Backup, Site Recovery, Azure Active Directory, Multi-factor Authentication, Rights Management Service, Media Services, Scheduler, Azure Management Portal, and SQL Server Virtual Machine.
2 Office 365 services include Exchange Online, SharePoint Online, Skype for Business, Office Online, and OneDrive for Business.
3 Azure was granted a DISA Provisional Authorization for Cloud Security Model Level 2 under a reciprocal agreement with the FedRAMP JAB. DISA Level 2 certification allows Defense agencies to host basic defense applications on Azure.
4 Azure now has been assessed to meet the requirements for The Center for Financial Industry Information Systems (FISC) in Japan. The FISC guidance includes recommendations for banking computer systems security, information system audits, contingency planning, and security policy development, and allows Japanese banks and financial institutions to run cloud services on Azure.
5 Azure now meets the requirements for The New Zealand Government Chief Information Officer (GCIO) framework covering security and privacy of cloud services related to data sovereignty, governance and incident response. GCIO provides assurance to New Zealand government organizations that the privacy and security aspects of Azure effectively mitigate privacy and security risks, and address concerns related to data sovereignty.


About Microsoft
Founded in 1975, Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services, devices and solutions that help people and businesses realize their full potential.

Tags: , , , , , , , , , ,