Singapore cloud providers given more risk management freedom
Singapore's cloud guidelines are getting a shakeup to bring them into line with the Monetary Authority of Singapore (MAS) guidelines and expectations, which will support safeguarding customer information.
Singapore Trade and Industry Minister Lim Hng Kiang announced the changes at a meeting at the end of last month. The guidelines will identify and improve risk management surrounding cloud services, particularly to banks and service providers to safeguard customer information, ensuring practices are conducted as if they are in-house. "MAS recognises cloud services can offer various benefits such as scalability and advanced functionalities, and is amenable to banks leveraging on cloud services to fulfil their business and operational needs. MAS expects banks to ensure that their risk management measures are commensurate with the nature, scope and complexity of the cloud deployment models that they adopt," says Kiang.
The new guidelines will allow MAS to monitor outsourced risk management frameworks, instead of using case-by-case approval for organisations who want to outsource operations. Organisations will now be entirely responsible for their own risk management procedures.
"there will be a greater emphasis on safeguarding customer information. MAS views seriously the responsibility of banks to safeguard the integrity and security of customer information held by the bank and its service providers. To enhance the protection of critical customer information, outsourcing arrangements involving certain customer information will be subject to a higher standard of care," Kiang says.
Kiang believes that banks must regularly test their contingency plans, particularly in a complex risk environment. He concluded the meeting by commending the industry on its commitment to risk management through technology, systems and people.
Singapore's Infocomm Development Authority has developed the Cloud Outage Incident Response guidelines for providers who experience outages.
The Information Technology Standard Committee developed the Multi-Tier Cloud Security (MTCS) standard allows cloud providers to certify their security operations.