Last month, we covered how Singapore is building the resilience of the nation’s cloud ecosystem and how Cloud Outage Incident Response (COIR) guidelines can enable organisations to respond to outages and mitigate damages. 

In a second part discussing the COIR guidelines this month we speak to Suresh Agarwal, Managing Director of Agarwal Pte Ltd and member of SGTech’s Cloud and Data chapter, to find out why standards can protect SMEs and bolster the country’s reputation as a leader in ICT in the region.

SMEs stand to benefit most from Cloud Outage Standards




The Cloud Outage Incident Response (COIR) Guidelines continues Singapore’s strong commitment to Business Continuity Management and Disaster Recovery (DR) Plans by bringing clarity on how to respond to outages in the cloud.

The COIR guidelines promote a flexible, cohesive, and integrated cloud ecosystem. They also complement the government’s efforts to drive ICT standards, strengthen resiliency, and encourage clarity for businesses as cloud user, Suresh Agarwal, Managing Director of Agarwal Pte Ltd.

Mr Agarwal, who is also a member of SGTech’s Cloud and Data chapter, explained that COIR helps the users (Cloud Service Customers) by enabling them to treat the cloud as an infrastructure. He said SMEs will benefit from the COIR standards.

In a recent joint study, global insurance provider Lloyd’s of London and the American Institutes of Research (AIR) estimates that a major cloud outage in a developed economy, such as the US, can lead to losses of up to US$19 billion to service providers and organisations, with SMEs - who are often under insured and more likely to use the cloud to avoid building a full IT infrastructure - usually bearing the brunt of cyber failure.

Mr Agarwal draws a simple analogy: “If you have good roads, the rest of the stuff can be reliably built upon it. In the same way, once you have a reliable Cloud, SMEs can build a lot of applications and promote them globally.” 

When standards are in place, SMEs do not need to worry about not having enough muscle power to negotiate with MNCs. The MNCs can draft their Service Level Agreements (SLAs). 

SMEs will then be able to distinguish and weigh between critical (must have) needs versus optional (good to have). They will also be able to evaluate cloud service provider’s COIR practices for the best fit.

“Usually MNCs have their own standard agreement and will not take any responsibility for any outages or failures thus leaving the SME users at their mercy. This also impedes their ability to develop and deliver world class applications, as much as they want to,” Mr Agarwal explained.
   
In Singapore, ICT standards are always developed on a consensus basis and results are borne from the collaborative efforts amongst the government agencies, tertiary institutions, professional bodies and the ICT industry. 

The IMDA Standards Team and committees play a crucial role in fostering and facilitating the industry's participation in local and international ICT standards forums. It is the Secretariat to the IT Standards Committee (ITSC), one of the 11 Standards Committee under the National Standards Council appointed by SPRING Singapore. 

The ITSC also provides a neutral and open platform for interested industry and government parties to come together to agree on technical standards.

The COIR guidelines are industry agnostic and primarily meant to serve the needs of all types cloud users. It is applicable to all types of cloud service models as well as cloud deployment models. 

Mr Agrawal was part of the Cloud Outage Incidence Response Working Group (COIR WG) member appointed by the Cloud Computing Standards Coordinating Task Force to assist in the preparation of the COIR standards. The COIR workgroup comprises experts who contributed in their own individual capacities. 

He was recently appointed by the Cloud and Data Chapter at SGTech to join the COIR workgroup.

Looking at the regional landscape, Mr Agrawal said Singapore is a leader in ICT standards and is looked upon positively by the world in driving standards for the Asia Pacific region.

“At times other countries like South Korea do leapfrog us, but the kind of detailed work that we do in Singapore in curating our standards does give a lot of credibility to the standards we’ve developed.”

“Our standards are followed by many countries, which is why we sometimes face a lot of resistance from major players who want to drive their methods as de facto standards and (who want to) push for their propriety technology. 

“As a country, Singapore needs to balance MNC needs and our drive to develop standards so that everyone (including SMEs) can benefit. We are balancing the act of promoting standards while still allowing propriety technologies to thrive” Mr Agrawal said.

Research sources:

https://www.imda.gov.sg/industry-development/infrastructure/ict-standards-and-frameworks/cloud-outage-incident-response-guidelines/cloud-outage-incident-response-coir-disclosure-by-csps

https://www.imda.gov.sg/-/media/imda/files/industry-development/infrastructure/ida-coir-guidelines-v10release.pdf?la=en\\

https://www.imda.gov.sg/infocomm-and-media-news/buzz-central/2016/3/the-core-of-coir-is-continuity

http://www.eweek.com/cloud/lloyd-s-estimates-the-impact-of-a-u.s.-cloud-outage-at-19-billion

Published June 2018