SEBI wants you to secure your cloud network before March 2024. It’s time to get cracking!

In March, the Securities and Exchange Board of India (SEBI) unveiled a framework for the adoption of cloud services by stock exchanges, clearing corporations, and other regulated entities (REs) including depositories, stock brokers through exchanges, asset management companies (AMCs), and KYC registration agencies (KRAs). The primary objective behind the framework is to provide baseline standards of security to make the financial sector more resilient to the increasing threat landscape.

The framework highlights critical risks and mandatory control measures such as the selection of cloud service providers, data ownership and data localization, contractual and regulatory obligations, and cyber resilience that need to be put in place before adopting cloud computing.

The clock is ticking

SEBI has stated that REs currently using a cloud framework must ensure that they’re compliant with these rules within 12 months of the release of the circular. That’s March 2024!

Why is SEBI so particular? What are the risks of cloud adoption?

Cloud computing offers ready-to-scale, ease of deployment, fewer overhead costs, almost no physical infrastructure, and so on, but there are three big risks as well that need to be mitigated.

Risk #1: People

Your network is open to people at various levels in your organization and that’s an enormous risk landscape that you are contending with. Not just that, most people who are part of this new cloud adoption are new to the very idea of the cloud. So, they may not even perceive they are doing something that could put your network at risk. One of the ways to ensure your security is not compromised is adaptive authentication, which provides an additional dynamic layer of security that assesses risk levels by analyzing user behavior and device information. For example, Blue Star’s Authentication Solutions provides invisible multi-factor authentication to protect online accounts, web service portals, and transactions from credential theft and fraud.

Risk #2: Processes

Banks and financial companies are moving to the cloud to change the way they interact with their clients. Everything is through the cloud, through an app from investing to trading to paying a mortgage, so you are putting your data at risk every second of every day if you don’t have the right data security measures in place. This is where partnering with the right data security solutions provider can help. Blue Star offers General Purpose nShield HSMs that provide a hardened, tamper-resistant environment that ensures secure cryptographic processing, and key generation, protection and management. It provides a secure solution for generating encryption and signing keys, creating digital signatures, encrypting data, and more. These HSMs are available in three FIPS 140-3 Level 3 certified form factors and support a variety of deployment scenarios.

Risk #3: Innovation

You wouldn’t perceive innovation to be a threat would you but the adoption of new technologies can expose you to data breaches and threats. So as a company, you’ve got to learn to innovate while keeping security solutions in mind. Another way to look at it is that security should enable and support rapid innovation. Just remember, security and innovation have to work in tandem. At Blue Star, for example, our cutting-edge KeyControl, delivers key management and encryption services that ensure your files and databases are completely protected.

How common are these risks anyway?

Well, Indian banks reported 248 data breaches in the last four years, says a news report online. The report says that of 248 successful data breaches, 41 were reported by public sector banks, while private sector banks reported 205 data attacks. Most of these data breaches pertained to card details leakage and theft of business and non-business information. Data breaches in India, says the report, have cost industries an average of Rs 17.6 crore FY22.

Blue Star E&E is a leading provider of advanced data security solutions for over 25 years. So, no matter how you store your data — on-premise, on the cloud, or in data centers – we can ensure it is protected through services such as encryption and key management (our HSMs come in three FIPS 140-3 Level 3 certified forms and can be used in different scenarios). In short, you’ve got agility with security.

Our team is dedicated to assisting businesses in embracing new technologies and navigating the challenges associated with cloud migration. We’re here to help 24×7. Reach out to us.