Complying with Framework for Adoption of Cloud Services in India
Baseline standards for security and regulatory compliances for Regulated Entities in India
Securities and Exchange Board of India (SEBI) has introduced the Framework for the Adoption of Cloud Services by SEBI Regulated Entities (REs) in circular no. SEBI/HO/ITD/ITD_VAPT/P/CIR/2023/033 on March 6, 2023, which sets baseline standards for security and regulatory compliances. This framework is a crucial addition to SEBI’s existing guidelines on cloud computing and is designed to help REs implement secure and compliant cloud adoption practices.
The major purpose of this framework is to highlight the key risks and mandatory control measures that regulated entities (REs) need to put in place before adopting cloud computing. The framework also sets out the regulatory and legal compliances by REs if they adopt such solutions.
Thales offers integrated solutions that enable your organization to address the Framework for the Adoption of Cloud Services with a focus on Security Control and Concentration Risk Management Principles.
Regulation Overview
The circular for the Framework for the Adoption of Cloud Services lays out the risks unique to public cloud services to guide REs in developing their risk management strategy. It also notes some best practices for mitigating cloud-specific threats. If REs fail to establish the appropriate security measures, as recommended in the circular, the data that they place in the cloud could be at risk of being compromised by malicious actors; in turn, any resulting security incidents could affect the ability of REs to maintain their operational continuity and fulfillment of their legal obligations.
The framework is a principle-based framework that covers nine key aspects with the topics below:
The Framework for the Adoption of Cloud Services by SEBI Regulated Entities (REs) was introduced on March 6, 2023. The framework is an addition to already existing SEBI circulars /guidelines /advisories and comes into force immediately for all new or proposed cloud onboarding assignments/projects of the REs. For REs that are currently availing cloud services should ensure that wherever applicable, all such arrangements are revised and they should be in compliance with the framework within 12 months.
Thales offers integrated solutions that enable your organization to address the Framework for the Adoption of Cloud Services with a focus on Security Control and Concentration Risk Management Principles.
Protecting data at rest
Thales offers multiple solutions for data at rest that can coexist with native encryption provided by Cloud Service Provider (CSP).
Protecting data in motion
Thales High Speed Network Encryption (HSE) solutions secure data in motion as it moves across the network between data centers and headquarters, branch and satellite offices, to backup and disaster recovery sites, on premises and in the cloud.
CipherTrust Transparent Encryption encrypts files while leaving their metadata in the clear. In this way, CSP can perform their system administration tasks without gaining privileged access to the sensitive data residing on the systems they manage.
Adopting Bring Your Own Encryption (BYOE) & Bring Your Own Key (BYOK)
CipherTrust Cloud Key Manager supports Bring Your Own Key (BYOK) and Hold Your Own Key (HYOK) use cases across multiple cloud infrastructures and SaaS applications in a single interface. It provides auditing of key, strong key generation, and end-to-end key lifecycle management along with automatic key rotation, recovery and key revocation feature that is not available by any cloud provider’s managed Key Management System (KMS).
Bring Your Own Key (BYOK) and Hold Your Own Key (HYOK) provides a stronger separation of duty for the encryption keys, the RE can maintain control of their keys instead of entrusting them to the CSP.
CipherTrust Transparent Encryption provides transparent encryption and access control for data residing in Amazon S3, Azure Files and more. It also offers advanced multi-cloud Bring Your Own Encryption (BYOE) solutions to avoid cloud vendor encryption lock-in and ensure data mobility to efficiently secure data across multiple cloud vendors with centralized, independent encryption key management.
Protection of cryptographic keys
Thales Luna Hardware Security Modules (HSM) allow organizations to have dedicated Hardware for a greater degree of control and ownership over the crypto keys rather than with the Cloud Service Provider (CSP).
CSP agnostic solutions
CipherTrust Cloud Key Manager combines support for cloud provider BYOK service, and cloud key management that provides cloud consumers with strong controls over the encryption key life cycles for data encrypted by a cloud service provider.
Thales CipherTrust Transparent Encryption (CTE) and CipherTrust Tokenization offer advanced multi-cloud Bring Your Own Encryption (BYOE) solutions to avoid cloud vendor encryption lock-in and ensure data mobility to efficiently secure data across multiple cloud vendors with centralized and independent encryption key management.
This framework is a crucial addition to SEBI’s existing guidelines on cloud computing and is designed to help REs implement secure and compliant cloud adoption practices in India.
This ebook shows how Thales data security solutions enable you to meet global compliance and data privacy requirements including - GDPR, Schrems II, PCI-DSS and data breach notification laws.
クラウドサービスプロバイダーは現在、データ保護の重要性を認識し、データ暗号化と鍵管理サービスを提供しています。こ れらのサービスは、各サービスプロバイダーが提供するさまざまなタイプのインフラストラクチャで使用できます。しかし、ネ イティブの暗号化と鍵管理サービスは十分な保護を提供するものの、多くの組織、特に金融、銀行、保険、医療などの規制の 厳しい業界の組織は、リスク管理とコンプライアンスのために、より高いレベルの保証を必要としています。リスク管理の重要 な手段は、組織が鍵の所有権をサービスプロバイダーに委託するのではなく...