The Association of Banks in Singapore (ABS) has recently updated its Cloud Computing Implementation Guide. It is catered towards financial institutions (FIs), to assist them in cloud outsourcing arrangements.
This 2.0 version of the guide explains the rationale behind it:
Technology and market practice has advanced rapidly since the guide was first released in June 2016.
It was felt an updated version was required to address these changes, as well as to further support the practice of migrating material workloads to the Cloud, including systems of record and those classified as Monetary Authority of Singapore (MAS) Critical1.
Factors such as the advancement of technology and the evolution of market practices were taken into consideration in updating the guide.
The revised guide contains standards such as:
- A detailed framework that proposes ways for governing, designing, securing and running the cloud
- Highlighting of significant features for categorising material and non-material cloud outsourcing arrangements
Eg. Financial Risk management systems (material) versus staff data which does not include personal bank or credit card data (non-material)
- Deeper guidance for ensuring that Cloud Service Providers (CSPs) are following the ABS Guidelines on Control Objectives and Procedures for Outsourced Service Producers (OSPs) and the OSP Audit Report (OSPAR)
- In-depth regulations for securing material versus standard (non-material) workloads. These regulations are implemented for critical workloads as well
The guide suggests and explains in detail due-diligence activities for Cloud outsourcing arrangements:
- Governance
- Assessment of the cloud service provider
- Contractual consideration
It also comes with a breakdown of key controls which guide in the usage of cloud computing:
- Govern the cloud
- Design and secure the cloud
- Run the cloud
The updated guide is a product of an initial eighteen months of research which was continued by a three-month period of cross-industry consultation with CSPs, FIs and the Monetary Authority of Singapore (MAS).
All involved organisations and agencies reviewed and discussed three hundred and sixty-five pieces of feedback in full congregational meetings, ensuring that there was a consensus among them.
Mrs Ong–Ang Ai Boon, Director ABS, said, “As one of the top financial hubs in the region, it is crucial that the financial industry seizes the cost and risk reduction opportunities offered by cloud computing services.”
She expressed confidence that the partnership with CSPs would further strengthen the technology and operational resilience of individual institutions as cloud infrastructure can be scaled on-demand to accommodate varying workloads.
Revision of the Implementation Guide, she believes, is a major achievement that was only possible with the continued collaboration between and the commitment from the CSPs, the ABS’ Standing Committee of Cyber Security and the Outsourcing Advisory Committee.
Mr Sopnendu Mohanty, Chief FinTech Officer, MAS, said, “Financial institutions are scaling up the utilisation of cloud services to enable innovation and new business models, as well as to meet the exponential need for and use of data.”
He felt that the updated implementation guide is a clear reflection of industry good practices and that the recommendations are keeping in line with this shift.
The updated publication, he opined, establishes clear expectations for banks and cloud service providers; and will continue to facilitate and encourage responsible and safe adoption of cloud services.
