SINGAPORE: Advisory guidelines to reduce occurrences of disruptions to cloud services and data centres were announced on Tuesday (Feb 25) by the Infocomm Media Development Authority (IMDA).
By referencing existing international and industry standards, these guidelines would steer cloud service providers and data centres to implement risk assessment measures, business impact analysis, business continuity planning and cybersecurity protocols.
They also aim to address risks to cloud services and data centres, such as issues in technical settings, physical hazards like fires, water leaks and cooling systems, as well as cyberattacks.
In October 2023, DBS and Citibank were hit by an outage lasting more than 12 hours. Customers could not access the banks’ apps and online banking or payment services such as PayLah! and PayNow. ATM services were also down at several locations.
In September last year, a fire broke out at the Digital Realty data centre in Loyang, causing disruptions for tech companies like Lazada, Bytedance and Alibaba Cloud.
Disruptions to such services can lead to significant inconveniences and adversely impact Singapore’s economy, IMDA said.
The country’s digital economy contributed 17.7 per cent to the country’s gross domestic product (GDP) in 2023, overtaking the finance and insurance sector.
“With the right practices, such disruptive occurrences can be minimised, and services can be restored quickly when a disruption occurs,” said the authority.
GUIDELINES FOR CLOUD SERVICES AND DATA CENTRES
Measures recommended to cloud service providers will encourage them to implement proper data governance and plan for disaster recovery, among other measures.
The guidelines will focus on seven categories of measures: Cloud governance, cloud infrastructure security, cloud operations management, cloud services administration, cloud service customer access, tenancy and customer isolation, and cloud resilience.
As for data centres, the new guidelines will provide a framework for operators to instill systems to ensure business continuity and minimise service disruptions.
“This includes guidance on implementing business continuity policies, controls and processes, and continuously reviewing and improving them,” IMDA said, adding that measures will also address cybersecurity risks in data centres.
IMPROVING SINGAPORE’S DIGITAL SECURITY
Following the amendment to the Cybersecurity Act in 2024 to address cybersecurity risks of digital infrastructure, these guidelines provide an “additional step” to improve the resilience and security of cloud services, IMDA explained, adding that they would also complement the upcoming new Digital Infrastructure Act (DIA).
As technological developments advance, the guidelines introduced will also be updated.
“A whole-of-ecosystem approach is required to ensure that our economy and society continue to reap the benefits of digitalisation while being prepared to manage digital disruptions,” said the authority.
