MTCS is based on ISO 27001/02 Information Security Management System standards. The certification was prepared by the Multi-Tiered Cloud Security Working Group of the Cloud Computing Standards Coordinating Task Force. It was overseen by the Information Technology Standards Committee (ITSC).
The Multi-Tier Cloud Security (MTCS) is the pioneering security standard globally that entails cloud security at several layers. The MTCS standard encourages adoption of cloud computing through the spectrum of various industries by providing detailed security service levels of Cloud Service Providers. Level 1 being the base and Level 3 being the most stringent, it is designed for companies with regulatory compliance requirements that addresses security risks to high impact IT systems using cloud services.
With the controls already in place, there might be few Industry specific regulations applied to supplement and address security risks and threats in high impact information systems using cloud services.
MTCS has a self-disclosure requirement, which means that providers are obliged to report on data retention, data sovereignty, data portability, liability, availability, business continuity, disaster recovery and incident management.
Tata Communications has achieved the Level 3 MTCS certification, ensuring the highest possible level of security for enterprises moving data to the cloud in Singapore, supporting the provision of IZO Private Cloud and VPDC cloud services using Infrastructure as a Service (IaaS) model.
|Cloud Governance||Information security management
Legal and compliance
|Cloud Infrastructure security||Audit logging and monitoring
Security testing and monitoring
System acquisition and development
|Cloud operations management||Physical and environment security
Business continuity planning and disaster recovery
|Cloud info security||Cloud services administration
Cloud user access
Tenancy and customer isolation
|IZO Private Cloud||In-Scope services|
|Compute||Cloud services, Virtual Services, Auto Scaling|
|Network||VPN Gateway, Load balancer, switches, router, WAF, Firewall, NFV|
|Storage/Backup||Block, File and ICS (Object) backup
Scheduled data backup and data restoration
|Database||Managed Oracle, MS-SQL, DB2 or MySQL database administration|
|Middleware||Managed Middleware service is offered on
applications including JBOSS; TOMCAT; Apache
|Hypervisor||VMware, Hyper-V and KVM|
|Load balancer||Static, Dynamic, Persistence : NFV-Virtual Appliance, Physical Appliance|
|Security||SIEM, DDoS detection & mitigation, firewall monitoring & management, WAF, UTM and network based vUTM – SIGS, Managed and monitoring IDS/IPS, OAuth|