Securing the public cloud
Addressing the technology and cyber security risks associated with public cloud adoption
Now is the time for financial institutions to re-examine their controls framework, lever it up with a more integrated cloud and cyber approach – and build the secure cloud landing zones that will eventually form the basis of their operating models for a long time to come.
The cloud is increasingly becoming the primary location for financial institutions to store and process data: most financial institutions have moved their applications to cloud platforms, and many of those that still have their data on-premise today are planning their imminent migration to cloud. Across all sectors, financial institutions are also modernising their digital platforms to leverage new-age application technologies and advanced analytics in tandem with their move to the cloud.
Yet too often, financial institutions are moving rapidly to migrate to the cloud without paying enough attention upfront to security. In Singapore, this concern has been made more salient following the recent circular issued by the Monetary Authority of Singapore (MAS) on 1 June 2021, which details an advisory on addressing the technology and cyber security risks associated with public cloud adoption for financial institutions.
Broadly, the advisory spells out five common key risks and control measures that financial institutions in Singapore should consider before adopting public cloud services. Throughout this report, we will examine each of these in turn, and provide financial institutions with a series of steps or considerations that would enable them to comply with the requirements, and in doing so, overcome the respective security risks that the requirements have been designed to address.
Ultimately, however, our view is that the implications of the MAS advisory for financial institutions go beyond piecemeal remediation efforts. Indeed, financial institutions who are looking to enhance their business and technology resilience, increase security, and cultivate trust during their cloud migration journey must now make the conscious decision to embrace cloud security by design.
More specifically, we believe that financial institutions should adopt a conscious and integrated approach to security right from the get-go. Such an approach would better position them to embed security into their cloud DNA at every step along the way – from conducting baseline analysis and assessing security requirements during discovery and cloud vendor selection, to determining the shared responsibility model with the cloud vendor, setting up infrastructure guardrails, and managing DevSecOps processes.