On July 20, Cloud Security Alliance (CSA) announced to select Singapore as its Asia Pacific (APAC) headquarter location, beating the other two finalists Hong Kong and Malaysia.
CSA will coronate the Singapore government in an official signing ceremony next month, to be held at the Singapore leg of CloudSEC 2012 conference on Aug 15.
Aloysius Cheang, CSA's APAC managing director and head of Standards Secretariat, declined to further disclose CSA's selection process "due to sensitivity." He said, "I must emphasize that it’s a public-private partnership that we are looking for. As such, besides external environmental factors, other factors such as terms as put forth in the proposal by each individual candidates are equally if not more important."
In an interview with Asia Cloud Forum's Carol Ko, Cheang declines to benchmark Singapore, Hong Kong and Malaysia against what he called the "several critical success factors" for evaluating the three finalists in the bid for CSA's APAC HQ office location. The "critical success factors," according to Cheang in an earlier interview with Asia Cloud Forum, were infrastructure, industry maturity, the potential of going into a global hub, and a stable and supportive government.
Nonetheless, Cheang recounts the respective efforts the Singapore and Hong Kong governments have made in developing cloud computing standards, explains why he thinks Singapore may be "a great stepping stone" for Chinese companies entering the West, and unveils the role of CSA's APAC HQ office in relation to its local chapters in the region.
Asia Cloud Forum: How do you compare the efforts on improving cloud security between the Hong Kong and the Singapore governments?
Aloysius Cheang: Singapore and Hong Kong have similar approach in developing cloud standards and using standards as a way to encourage efficiency and effectiveness of productivity of companies. Both Singapore and Hong Kong have country-level standardization efforts supported by their relevant national standards body.
For example, ICT standards in Singapore are supported by SPRING and IDA where both agencies co-create an industry platform called IT Standards Committee to drive IT standardization efforts, whereas ITC plays a similar role for Hong Kong managing these experts or focus groups.
The only difference between Singapore and Hong Kong is that Singapore has always taken a stance of globalization. [For example,] Singapore Standards have been contributed to International Standardization bodies such as ISO/IEC JTC 1 SC 27 where we have contributed two standards in the last eight years, i.e., ISO 24762 (contributed SS507, which I have co-authored) and ISO 27032 (contributed the text and editor, i.e., myself).
In fact for the past six years Singapore has been the secretariat for working group four under SC 27 where we contributed the time and efforts of our experts to act as the working group's convenor and secretary. And since 2000, Singapore has hosted no fewer than four ISO/IEC JTC 1/ SC 17 and SC 27 meetings and many other standardization meetings of a regional scale. Today there is a scheme whereby Singapore companies are heavily subsidized if they decide to take the ISO 27001 certification.
While Singapore has been a "P" member in ISO for many years, on the other hand Hong Kong has taken a backseat as an "O" member (note that China is a "P" member too, and is very influential in international standardization) with no major international standardization activities happening in the SAR [Hong Kong].
[Editor's note: ISO "P" members are full members that are required to vote, and are required to sell and adopt ISO International Standards nationally. ISO "O" members are correspondent members that attend ISO technical and policy meetings as observers, and it is optional that they sell and adopt ISO International Standards nationally. The third member category, called subscriber members, can keep themselves up to date of ISO's work but cannot participate in it.]