The documents serve as a guide for organizations looking to adhere to security and regulatory frameworks laid out by the Monetary Authority of Singapore (MAS) – Singapore’s central bank and financial regulatory authority.
Challenges confronted by FSIs in Singapore
All Financial Services Industries (FSIs) in Singapore are subject to regulations enacted by the Monetary Authority of Singapore, regulations which lay out risk management guidelines in the form of their Technology Rick Management Notice and Guidelines as well as their more general and very recently updated Outsourcing Guidelines.
Also, the Personal Data Protection Act issued by the Infocomm Development Authority (IDA) aims at the collection and use of personal data, but also requires that data collected is properly protected.
Owing to the stringent regulatory reforms within the financial industry, FSIs in Singapore are facing an increasingly wider range of standards to adhere to in order to achieve good compliance. Concurrently, FSIs need to effectively manage healthy external market forces including a strengthening Fintech environment and wider and unique customer expectations to realize strategic goals and improve profitability.
Solutions recommended by Datapipe
The whitepaper shows how a public cloud provider such as AWS and an outsourced management provider such as Datapipe can help to address the perceived challenges in meeting the compliance requirements.
According to the report, AWS policies, architecture, and operational processes can be built to satisfy the requirements of the security sensitive clients in the following ways:
- To ensure compliance, AWS environments are continuously audited, with certifications from accreditation bodies across geographies and verticals. Operating in an AWS environment allows you to take advantage of automated tools for tasks like asset inventory, and privileged access reporting.
- Use of AWS products can help in providing the confidentiality, integrity and availability that regulators. For example, autoscaling, Amazon CloudFront and Amazon Route 53 can be used to mitigate Distributed Denial of Service attacks.
- The AWS cloud supports many popular disaster recovery architectures from “pilot light” environments that are ready to scale up at a moment’s notice to “hot standby” environments that enable rapid failover.
- AWS security certifications such as SOC1 allow clients to remain compliant with their data.
- Standards such as AES 256, which enables encryption of data at rest, ensures no one can view private data.
- Amazon Virtual Private Cloud help creating private facing subnet for databases and application servers, in order to have more security control around mission critical workloads.
- The MAS warns that the public cloud comes with risks associated with “commingling, platform multi-tenancy, recoverability and confidentiality.”
- AWS provides the ability to acquire a dedicated, private connection between the datacenter and AWS. This can reduce costs, increase throughput, and provide a more consistent experience than Internet-based connections.
- With Amazon EC2 and AWS Identity & Access Management, one can build a scalable, secure, failure resilient, enterprise class application.
Similarly, Datapipe which has been providing managed services for companies since 1998 also suggests the following ways to FSIs providing them with indemnities against system failures:
- With Datapipe Access and Audit Control for the Cloud (DAACC), FSIs can take advantage of managed services for AWS while maintaining ownership of their administrator level credentials. This aligns well with the MAS requirements for infrastructure outsourcing controls.
- DAACC requires no extra steps or oversight after initial deployment. It reduces the risk of disruption of service or data breach due to unauthorized access or activity of a cloud environment and gives users complete control of their data.
- Datapipe can manage an enterprise’s system while the enterprise maintains control of their administrator-level credentials, credentials that are difficult to take back once given out. This gives the FSI complete control over their virtual infrastructure and data with the ability to pull user privileges at will.
- Clients retain full ownership and administrative privileges to their AWS infrastructure and Datapipe acts as an administrative overlay.
- In the event the relationship is terminated, an FSI would simply need to remove consolidated billing and delete the AWS trust relationship to Datapipe’s master account. All operational aspects within AWS would continue to function, however, the FSI would need to supplement any Datapipe controls (monitoring, security, ticketing, etc.) with their own similar controls.
- To further assist in achieving compliance, Datapipe provides security products which can be used for IT controls focusing on data such as Firewalls and VPNs, Web Application Firewalls, Patch Management, Advanced Change Control, Anti-Malware, Configuration Assessment, Two-Factor Authentication, Vulnerability Assessment, Network Intrusion Detection, System Integrity Monitoring, Log Management, Database Encryption and Audit Assistance.
- Its System Management services can enable the levels of availability required by the MAS TRM.
- It uses ServiceNow, Chef and Puppet for IT Service Management and Automation which directly aid in the removal of human related errors and improve service availability and assurance.
Hence, the paper reveals that AWS’s product suite, coupled with Datapipe’s security and compliance led approach to designing, deploying and managing public and private cloud environments can help FSIs meet the required compliance requirements as set by the likes of the MAS and IDA as they look to adopt and deploy best practice public cloud environments.
