Thales banner

Secure Tertiary Data Backup Guideline in Hong Kong

Authorised Institutions (AIs) align with the key principles in the Secure Tertiary Data Backup (STDB) Guideline
for the banking sector with Thales.

Secure Tertiary Data Backup (STDB) Guideline for the banking sector

APAC

Hong Kong Monetary Authority (HKMA) has invited the Hong Kong Association of Banks (HKAB) to develop guidelines on Secure Tertiary Data Backup (STDB) that are appropriate for the banking landscape in Hong Kong on 30 April 2021, due to the emergence of cyber risks.

The Secure Tertiary Data Backup (STDB) Guideline is an industry standard for the banking sector on data protection, portability, recovery and the continuity of critical services. It provides guidance to banks on the factors they need to take into account in deciding whether to set up an STDB and what implementation issues they need to overcome in ensuring the effectiveness of the STDB.

As the leader in digital security and data protection, Thales enables Authorised Institutions (AIs) to align with the key principles in the Secure Tertiary Data Backup (STDB).

  • Regulation
  • Compliance

The Guideline covers the eight high-level Principles and embeds with nine Data Vault Characteristics under the headings of Governance, Design and Data Restoration. The HKMA considers STDB an effective measure to enhance the cyber resilience and data security of Authorised Institutions (AIs) in Hong Kong.

 

PrinciplesData Vault Characteristics
  • STDB Governance Model
  • Identification of Critical Data
  • Data Quality
  • Critical Data Lifecycle Management
  • Data Extraction and Ingestion
  • Secure Repository
  • Restoration Planning
  • Restoration Validation Process and Drills
  • Immutable
  • Survivable
  • Air-gapped
  • Secure
  • Controlled
  • Verifiable
  • Assurance
  • Heterogeneous
  • High-performance

Thales enables Authorised Institutions (AIs) to align with the key principles in the Secure Tertiary Data Backup (STDB) and achieve:

  • Simplify Data Security
  • Accelerate Time to Compliance

Segregation of duties, access control, audit log and reporting

  • CipherTrust Manager enhances key management for Authorised Institutions (Ais) by delivering a strong separation of duties for increased security. Additionally, it enforces very granular and least-privileged-user access management policies, enabling the protection of data from misuse by privileged users.
  • Access logs and reporting: CipherTrust Security intelligence of the CipherTrust Data Security Platform provides Security Intelligence logs that specify which processes and users have accessed protected data, under which policies, and if access requests were allowed or denied.

Establishing the scope of their critical data

Protecting critical data in transit and at rest with encryption

  • CipherTrust Transparent Encryption (CTE) delivers data-at-rest encryption with centralised key management, privileged user access control and detailed data access audit logging.
  • Thales High Speed Encryptors (HSEs) provide network-independent data-in-transit encryption (Layers 2,3 and 4) ensuring data is secure as it moves from site-to-site, or from on-premises to the cloud and back.

Key Management & key lifecycle management

  • CipherTrust Manager simplifies key lifecycle management tasks, including secure key generation, backup/restore, clustering, deactivation, and deletion by enabling organisations to centrally manage encryption keys for Thales CipherTrust Data Security Platform and third-party products — including IBM Security Guardium Data Encryption, Microsoft SQL TDE, Oracle TDE, and KMIP-compliant encryption products.

Protection of cryptographic keys

Luna HSMs from Thales provide a hardened, tamper-resistant environment for secure cryptographic processing, key generation and protection, encryption, and more.

Recommended resources

Complying to Secure Tertiary Data Backup (STDB) Guideline in Hong Kong

Complying to Secure Tertiary Data Backup (STDB) Guideline in Hong Kong - Compliance Brief

Hong Kong Monetary Authority (HKMA) has invited the Hong Kong Association of Banks (HKAB) to develop guidelines on Secure Tertiary Data Backup (STDB) that are appropriate for the banking landscape in Hong Kong on April 30, 2021. As the leader in digital security and data...

Secure Tertiary Data Backup

Secure Tertiary Data Backup (STDB) is Coming – Webinar

Thales, together with the Commvault and NetApp, the industry leading vendors in data management, backup and recovery to co-host a webinar to share the latest update about the latest STDB guidelines, its related solution design and implementation. This webinar is also featuring PwC that was appointed by the HKAB to formulate the STDB principle-based guidelines. 

Raising Cyber Resilience of Banking System with STDB Guideline

Raising Cyber Resilience of Banking System with STDB Guideline – Webinar

Join this webinar hosted by Thales, together with Dell, the first solution provider to join Sheltered Harbor, featuring Deloitte, the banking regulatory consultant, to learn the requirements to meet Secure Tertiary Data Backup (STDB) guideline, how integrated solutions can address those requirements, and also sharing of real cases from US banks on achieving Sheltered Harbor standard and safeguarding critical data.

Data Security Compliance and Regulations - eBook

Data Security Compliance and Regulations - eBook

This ebook shows how Thales data security solutions enable you to meet global compliance and data privacy requirements including - GDPR, Schrems II, PCI-DSS and data breach notification laws.

The Key Pillars for Protecting Sensitive Data in Any Organization - White Paper

The Key Pillars for Protecting Sensitive Data in Any Organization - White Paper

Traditionally organizations have focused IT security primarily on perimeter defense, building walls to block external threats from entering the network. However, with today’s proliferation of data, evolving global and regional privacy regulations, growth of cloud adoption, and...

Other key data protection and security regulations

GDPR

Regulation
Active Now

Perhaps the most comprehensive data privacy standard to date, GDPR affects any organisation that processes the personal data of EU citizens - regardless of where the organisation is headquartered.

PCI DSS

Mandate
Active Now

Any organisation that plays a role in processing credit and debit card payments must comply with the strict PCI DSS compliance requirements for the processing, storage and transmission of account data.

Data Breach Notification Laws

Regulation
Active Now

Data breach notification requirements following loss of personal information have been enacted by nations around the globe. They vary by jurisdiction but almost universally include a “safe harbour” clause.