What is SS 584?
SS 584 is the world’s first cloud security standard that covers multiple tiers of cloud security. It can be adopted by Cloud Service Providers (CSPs) to meet different cloud user needs for data sensitivity and business criticality.
SS 584 MTCS defines three levels of cloud security’
- Tier 1: Designed for non-business critical data and systems with basic security control, that address security risks and threats targeting low-impact information systems. (e.g.: Web site hosting public information).
- Tier 2: Designed for organizations that use cloud services to protect business or personal information, and run critical business data and systems in a moderate impact information system. CSPs in this tier have more stringent security controls (e.g.: Email / CRM – Customer relation management systems).
- Tier 3: Designed for companies with specific needs and more stringent security requirements. Industry specific.
Why SS 584 certification?
SS 584 provides businesses with greater clarity on the levels of security offered by different Cloud Service Providers (CSPs). Certified CSPs will be able to spell out the levels of security that they can offer to their users, and businesses that rely on services from these CSPs will also be able to use the MTCS SS to understand and assess the cloud security they require.
Benefits to you:
- Facilitate matching of security needs between companies and cloud service providers
- Provides more clarity on your cloud security capabilities to your customers
- Improved quality management for security and reliability of your cloud service offering
Benefits to your customers:
- Allow for an easier selection of a CSPs who can provide matching levels of cloud security
- Provides confidence that the cloud environment in which your customer host their business-critical applications have the appropriate levels of security
Benefits to your staff:
- Clear definition on security requirements for the provisioning of the cloud environment
- Providing additional levels of confidence due to verification and validation by knowledgeable cloud security expert auditors to ensure the right security has been applied