As we discussed in a previous blog on navigating public cloud compliance in Singapore, the Monetary Authority of Singapore (MAS) and Technology Risk Management (TRM) notice and guidelines require financial service institutions (FSIs) to implement IT controls to protect customer information from unauthorized access. The MAS also compiles a comprehensive list of recommended control mechanisms to meet these strict requirements. While this list may seem daunting, many of these control mechanisms can be addressed by the well-developed products and services provided by leading vendors such as AWS and Datapipe.
We have discussed the security features of AWS at length on this blog. AWS is designed for security and users inherit all the best practices of AWS policies, architecture, and operational processes built to help satisfy the requirements of even the strict standards laid out in the MAS. AWS security certifications such as SOC 1 allow you to remain compliant with your data. Standards such as AES 256, which enables encryption of data at rest, ensures no one can view your data. And AWS security features – like autoscaling, Amazon CloudFront, and Amazon Route 53 to mitigate Distributed Denial of Service attacks – can provide the confidentiality, integrity, and availability that regulators such as the MAS are looking for.
However, the MAS warns that the public cloud comes with risks associated with “co-mingling, platform multi-tenancy, recoverability, and confidentiality.” This is where it becomes key to partner with a managed service provider, to provide additional product, service capabilities, and expertise on top of AWS. Datapipe goes beyond the basics and includes the best third party security features and comprehensive compliance services on the market. This is what Datapipe calls “Defense in Depth.” It is a proven security model that meets the most rigorous standards of confidentiality, integrity, and availability, ensuring the ongoing security of all mission-critical digital assets. A quick highlight of two of Datapipe’s AWS-specific security features that play into this defense model:
2Factor Secure Cloud Access: An integration of our own two-factor authentication service, Datapipe Auth, with FortyCloud’s SaaS security model to deliver enhanced security, access, and control by providing the capability for managing the two-factor authentication soft token service with role-based access control.
Datapipe Access and Audit Control for the Cloud (DAACC): DAACC (formerly known as DACMA) lets enterprise businesses take advantage of Datapipe’s managed services without requiring them to hand over the administrator-level credentials. The model also allows for an enhanced level of security and control through role-based access and tracking, clearly establishing and tracking the accountability and actions of all users.
When looking at cloud vendors who can assist FSIs in achieving MAS compliance, it is essential to work with partners who have the necessary product and service capability and expertise. Both AWS and Datapipe are global leaders in cloud and managed services, respectively, and by combining AWS’ built-in security features with Datapipe’s in-depth security and compliance-led approach to designing, deploying, and managing public and private cloud environments, FSIs will be able to meet the security standards and compliance requirements of the MAS.