Cloud Computing is poised to transform how information technology is used by the Financial Services Industry (FSI). However, this transformation can only come about if the FSI has confidence that the use of Cloud Computing will not interfere with legal obligations and sound business practice.
This document has been created in partnership between Financial Institutions (FIs), Cloud Service Providers (CSP), Financial Regulators and industry bodies. It proposes Safe Cloud Principles in the form of a unified, condensed and clarified set of best practices to help FIs to focus on and navigate through the relevant regulatory issues when contemplating a move to the cloud. The Safe
Cloud Principles cover key requirements such as confidentiality, availability and integrity and are derived from the very laws, regulations and guidelines with which FIs must comply.
For more information, visit http://www.asiacloudcomputing.org
2015 Asia's Financial Services: Ready for the Cloud - A Report on FSI Regulat...accacloud
The ACCA developed this report with the primary purpose of equipping CSPs with an understanding of the current regulatory landscape in APAC, and their FSI customers’ key regulatory challenges to adopting Cloud Services. This report aims to help CSPs to develop and provide solutions to these challenges. In particular, this report:
1. provides CSPs with a database of issues and possible solutions to discuss with their FSI customers;
2. provides CSPs with recommendations as to how to comply with the current regulatory landscape; and
3. supports CSPs in their engagement with relevant governments and Regulators.
This report may also be used by Regulators and FSIs to understand the current regulatory landscape in APAC and the key opportunities and challenges to adopting Cloud Services.
For more information, visit us at http://www.asiacloudcomputing.org
The Impact of Data Sovereignty on Cloud Computing in Asia 2013 by the Asia Cl...accacloud
The Impact of Data Sovereignty on Cloud Computing offers detailed information describing the implications of data sovereignty law and policy on the adoption of cloud computing-based infrastructures and services in Asia. By describing and analyzing data sovereignty regulations in 14 countries in this study, the Association identifies potential bottlenecks that could slow adoption and threaten Asia’s digital future.
The study serves to identify the gaps between an “ideal state” and the actual realities in Asian countries around policy, legal and commercial cloud drivers to provide a tool for businesses organizations, cloud service providers and policy makers to look at cloud in a more holistic manner.
This report provides substantive detailed analysis for each of the 14 countries, including 4-5 page detailed insights into the regulatory environment for data sovereignty in each country and recommendations for each country to bring attention to the highest priority issues that if addressed will bring the country closer to the “ideal state.”
For more information, visit http://www.asiacloudcomputing.org
Asia's Financial Services on the Cloud 2018: Regulatory Landscape Impacting t...accacloud
Regulations play a crucial role in enabling or limiting cloud adoption by financial services institutions in Asia. This report provides an update on regulatory landscapes across nine Asia markets. It finds that while some regulators are clarifying outsourcing rules to help firms comply, restrictions still exist. The report recommends regulators break down barriers by having technology-neutral rules, clearer processes for cloud adoption, and distinguishing critical vs non-critical services. This would help firms benefit from cloud computing's efficiencies while managing risks.
From Vision to Procurement: Principles for Adopting Cloud Computing in the Pu...accacloud
Cloud computing is a scalable, cost-efficient and highly-secure solution to help the public sector transform their services and drive efficiencies. However, to effectively enable public sector cloud procurement, discussions need to advance beyond just cost and security. Appropriate procurement processes that provide clear guidance on how cloud can be procured are also critical.
This paper outlines seven principles distilled from conversations with government procurement officers, policymakers, and auditors where they have told the ACCA and its members what the essential elements are to enabling adoption of technology solutions in the public sector. The ACCA is delighted to present this white paper to help demystify cloud solutions and provide necessary guidance to procurement policymakers and public sector agencies that are evaluating cloud services.
For more information, visit us at http://www.asiacloudcomputing.org
A: Data integrity must be maintained even when documents are open and being edited. Versioning,
read-only modes and audit trails help ensure that changes are tracked and unauthorized edits
cannot be made. Versioning is especially important for regulated industries.
The document discusses security considerations for cloud computing and software-as-a-service (SaaS). Key points include:
1) Cloud computing provides benefits like lower costs, flexibility, scalability, and specialized security focus from vendors.
2) When evaluating SaaS providers, organizations should consider application, infrastructure, process, and personnel security. This includes authentication, authorization, encryption, audits, and employee training/screening.
3)
2011-2012 Cloud Assessment Tool (CAT) White Paperaccacloud
The Cloud Assessment Tool (CAT) was developed by the Asia Cloud Computing Association (ACCA). It was refined through extensive and in-depth discussions over a period of 2 years between members of the WG and by looking at relevant cloud and IT specifications.
The CAT defines the requirements placed on IaaS/PaaS solution providers to support stringent cloud applications. However, that perspective was subsequently extended to cover all application requirements. As such, its final realization has broad applicability.
For more information, visit http://www.asiacloudcomputing.org
SMEs in Asia Pacific: The Market for Cloud Computing - Case Studies of 14 mar...accacloud
Small and medium-sized enterprises represent well over 90% of all businesses in Asia, and across the 14 markets under review they employ some 1.02 billion people and contribute around $10.9 trillion directly into the economies in which are based (49.1% of total GDP for the region.) They also spend significantly as a group on ICT.
Cloud computing – and cloud computing technology – has the potential to be the ‘great leveller’ for both SMEs and developing economies. This is because cloud offers the prospect of both the access to enterprise grade tools on a pay-per-use basis making them immediately accessible and affordable, and the ability to scale up and down such access as required (elasticity of use). In other words, upfront capex requirements go down substantially.
What are their challenges to using cloud? How can this technology be made more available to SMEs, so that they can harness its power for digital transformation? This report reviews 14 markets' SME industry, and establishes market size, characteristics, and identifies industries most likely to undergo digital transformation.
For more information, visit http://www.asiacloudcomputing.org
2015 Asia's Financial Services: Ready for the Cloud - A Report on FSI Regulat...accacloud
The ACCA developed this report with the primary purpose of equipping CSPs with an understanding of the current regulatory landscape in APAC, and their FSI customers’ key regulatory challenges to adopting Cloud Services. This report aims to help CSPs to develop and provide solutions to these challenges. In particular, this report:
1. provides CSPs with a database of issues and possible solutions to discuss with their FSI customers;
2. provides CSPs with recommendations as to how to comply with the current regulatory landscape; and
3. supports CSPs in their engagement with relevant governments and Regulators.
This report may also be used by Regulators and FSIs to understand the current regulatory landscape in APAC and the key opportunities and challenges to adopting Cloud Services.
For more information, visit us at http://www.asiacloudcomputing.org
The Impact of Data Sovereignty on Cloud Computing in Asia 2013 by the Asia Cl...accacloud
The Impact of Data Sovereignty on Cloud Computing offers detailed information describing the implications of data sovereignty law and policy on the adoption of cloud computing-based infrastructures and services in Asia. By describing and analyzing data sovereignty regulations in 14 countries in this study, the Association identifies potential bottlenecks that could slow adoption and threaten Asia’s digital future.
The study serves to identify the gaps between an “ideal state” and the actual realities in Asian countries around policy, legal and commercial cloud drivers to provide a tool for businesses organizations, cloud service providers and policy makers to look at cloud in a more holistic manner.
This report provides substantive detailed analysis for each of the 14 countries, including 4-5 page detailed insights into the regulatory environment for data sovereignty in each country and recommendations for each country to bring attention to the highest priority issues that if addressed will bring the country closer to the “ideal state.”
For more information, visit http://www.asiacloudcomputing.org
Asia's Financial Services on the Cloud 2018: Regulatory Landscape Impacting t...accacloud
Regulations play a crucial role in enabling or limiting cloud adoption by financial services institutions in Asia. This report provides an update on regulatory landscapes across nine Asia markets. It finds that while some regulators are clarifying outsourcing rules to help firms comply, restrictions still exist. The report recommends regulators break down barriers by having technology-neutral rules, clearer processes for cloud adoption, and distinguishing critical vs non-critical services. This would help firms benefit from cloud computing's efficiencies while managing risks.
From Vision to Procurement: Principles for Adopting Cloud Computing in the Pu...accacloud
Cloud computing is a scalable, cost-efficient and highly-secure solution to help the public sector transform their services and drive efficiencies. However, to effectively enable public sector cloud procurement, discussions need to advance beyond just cost and security. Appropriate procurement processes that provide clear guidance on how cloud can be procured are also critical.
This paper outlines seven principles distilled from conversations with government procurement officers, policymakers, and auditors where they have told the ACCA and its members what the essential elements are to enabling adoption of technology solutions in the public sector. The ACCA is delighted to present this white paper to help demystify cloud solutions and provide necessary guidance to procurement policymakers and public sector agencies that are evaluating cloud services.
For more information, visit us at http://www.asiacloudcomputing.org
A: Data integrity must be maintained even when documents are open and being edited. Versioning,
read-only modes and audit trails help ensure that changes are tracked and unauthorized edits
cannot be made. Versioning is especially important for regulated industries.
The document discusses security considerations for cloud computing and software-as-a-service (SaaS). Key points include:
1) Cloud computing provides benefits like lower costs, flexibility, scalability, and specialized security focus from vendors.
2) When evaluating SaaS providers, organizations should consider application, infrastructure, process, and personnel security. This includes authentication, authorization, encryption, audits, and employee training/screening.
3)
2011-2012 Cloud Assessment Tool (CAT) White Paperaccacloud
The Cloud Assessment Tool (CAT) was developed by the Asia Cloud Computing Association (ACCA). It was refined through extensive and in-depth discussions over a period of 2 years between members of the WG and by looking at relevant cloud and IT specifications.
The CAT defines the requirements placed on IaaS/PaaS solution providers to support stringent cloud applications. However, that perspective was subsequently extended to cover all application requirements. As such, its final realization has broad applicability.
For more information, visit http://www.asiacloudcomputing.org
SMEs in Asia Pacific: The Market for Cloud Computing - Case Studies of 14 mar...accacloud
Small and medium-sized enterprises represent well over 90% of all businesses in Asia, and across the 14 markets under review they employ some 1.02 billion people and contribute around $10.9 trillion directly into the economies in which are based (49.1% of total GDP for the region.) They also spend significantly as a group on ICT.
Cloud computing – and cloud computing technology – has the potential to be the ‘great leveller’ for both SMEs and developing economies. This is because cloud offers the prospect of both the access to enterprise grade tools on a pay-per-use basis making them immediately accessible and affordable, and the ability to scale up and down such access as required (elasticity of use). In other words, upfront capex requirements go down substantially.
What are their challenges to using cloud? How can this technology be made more available to SMEs, so that they can harness its power for digital transformation? This report reviews 14 markets' SME industry, and establishes market size, characteristics, and identifies industries most likely to undergo digital transformation.
For more information, visit http://www.asiacloudcomputing.org
2018 Cross-Border Data Flows: A Review of the Regulatory Enablers, Blockers, ...accacloud
Access to data represents a huge potential in terms of potential economic growth and social enablement opportunities. It is not surprising then, that many governments are setting forth ‘digital economy’ agendas, including policy and regulatory frameworks, to ensure they maximize participation and opportunity. However, such a cross-cutting agenda is not without its challenges. Regulations put in place to enable or protect one part of the economy can damage growth in neighboring sectors or industries, often unintentionally. This research report takes an investigative look at the way five Asian economies—India, Indonesia, Japan, the Philippines, and Vietnam—are aggressively transitioning to more digitally enabled economies.
For more information, visit http://www.asiacloudcomputing.org
2015 How important is Cloud Computing for building Crowd Networks? Crowdsourc...accacloud
The document discusses the relationship between cloud computing and crowd networks. It examines several crowd-based businesses and how they utilize cloud technologies. While crowd funding can utilize cloud computing, it is not necessarily critical. Crowd sourcing businesses that manage a large number of varying projects and suppliers benefit most from cloud computing, as it provides elastic resources and on-demand scaling. Fully integrating cloud technologies with crowd sourcing enables new crowd-based business models and will play a major role in future innovation.
Regulating for a Digital Economy: Understanding the Importance of Cross-Borde...accacloud
Cross-border data access, usage, and exchange are essential to economic growth in the digital age. Every sector—including manufacturing, services, agriculture, and retail—relies on data and on the global flow of that data. Whether directly, or by indirectly taking advantage of global-scale data infrastructure such as cloud computing, global connectivity has enabled cross-border economic activity, allowing individuals, startups, and small businesses to participate in global markets. However, while the economic and trade opportunity from connectivity and data flows are significant, governments are increasingly introducing measures which restrict data flows—data localization measures.
This report reviews the various mechanisms by which governments are attempting to manage their digital economy. It covers the issues of data localization and data residency, clarifies cross-border data flow restrictions by developing a typology of data localization mechanisms like privacy, cybersecurity, law enforcement, digital protectionism, and levelling the playing field for businesses.
Sponsored by the Asia Cloud Computing Association, this report was independently researched and published by the Brookings Institution and TRPC Pte Ltd.
For more information, visit us at http://www.asiacloudcomputing.org
Towards Better Patient Outcomes and Staying Well: The Promise of Cloud Comput...accacloud
The healthcare industry is one which is often at the forefront of technology change. From hospital management to rural healthcare communities, from doctors and surgeons to pharmacists and lab technicians— there is often a tension between the urgent needs of the healthcare industry that compels rapid technology adoption, and a strict and heavily-regulated environment that defaults to caution when embracing new technology. Today, we see a healthcare industry that is moving towards the new paradigm of cloud computing with increasing optimism and trust.
How can the healthcare industry best deploy cloud computing to achieve better patient outcomes? What are the current opportunities to start a digital transformation in a healthcare institution? Where are the opportunities for the healthcare industry to leverage cloud technology, and move towards an ideal of preventing disease whenever we can, for prevention is preferable to cure? What other prospects does cloud computing hold for the healthcare sector?
This report will answer these questions by demonstrating the different innovative uses and deployment of cloud computing in six healthcare sub-verticals. These case studies show how technology and the healthcare industry can strengthen patient outcomes, and together, work towards the goal of staying healthy and well.
For more information, visit us at http://www.asiacloudcomputing.org
26 Nov 2013 - Law and Policy Meet the Cloud, by Bernie Trudel [IIC-TRPC Singa...accacloud
The document summarizes a report by the Asia Cloud Computing Association (ACCA) on data sovereignty issues across Asia. The report found that while there are no outright prohibitions on cloud services, countries are inconsistently regulating cross-border data flows and new regulations are adding to unclear laws. The report identifies leaders like Australia, Singapore, and Japan that have clear data protection laws and allow for cross-border data movement, and followers that lack formal laws or have restrictions. The ACCA recommends harmonizing regulations across Asia based on international standards to promote cloud adoption and eliminate legal confusion.
Asia Cloud Computing Association’s (ACCA) Response to India’s Draft Health Da...accacloud
The document is a response from the Asia Cloud Computing Association (ACCA) providing feedback on India's Draft Health Data Management Policy. Some of the key points made in the summary include:
- The ACCA recommends aligning the policy with international standards like GDPR and considering how policies like HIPAA in the US address similar issues.
- Clarification is needed on how health data will be classified and how/by whom it can be stored and processed. A risk-based approach is recommended.
- Definitions of biometric and personal data need clarification to avoid potential issues.
- The policy should explicitly state its relationship with India's pending Personal Data Protection Bill to avoid confusion on treatment of
Building Trust into eInvoicing: Key Requirements and StrategiesSafeNet
For years, the digitalization of assets has been underway, completely transforming entire
industries, from healthcare to music. In the same way, the move to digitalization has also
brought fundamental change to the way businesses manage invoices. By moving to electronic
invoicing, known as eInvoicing, organizations in a host of industries can realize a range of
benefi ts • Reduced costs. By eliminating the purchase of paper for invoice printing, reducing the
time and expense of physical invoice handling, reducing the space and expense of paperbased
fi le storage, and eliminating postage, organizations can realize direct, upfront cost
savings.
Report on Cloud Data Regulations 2014: A contribution on how to reduce the co...accacloud
The purpose of this paper is to contribute to, and help drive the formation of, policies concerning cloud computing in Asia. The paper addresses the increasing complexities surrounding the transfer of data between jurisdictions, and the problems this poses for operators, such as carriers, remittance service providers, social networks, Internet and e-commerce companies, offering legitimate cross-border data transfer services.
This paper builds on original research developed by the ACCA in 2013 as part of a broader and ongoing study on Data Sovereignty throughout the Asia Pacific. It argues that law makers and regulators should balance their efforts to protect personal data privacy and data in key sectors, such as banking and health services, with solutions that facilitate and therefore lower the cost of data transfers under all reasonable circumstances.
For more information, visit us at asiacloudcomputing.org
Porticor - Can Data be safe in Public Clouds, in Compliance with Standardsgiladpn
This document discusses security issues with public clouds and whether data can be kept safe and compliant with standards in public clouds. It notes that while cloud providers strive to keep customer data secure, customers are ultimately responsible for securing their own data and applications. The document outlines responsibilities of both cloud providers and customers, and examines how traditional security concepts translate to public clouds alongside new considerations for security in cloud environments.
28 Feb 2012 - Asia Opportunity, by Mark Ross [Questex Asia, Hong Kong]accacloud
The document discusses the Asia Cloud Computing Association and its efforts to accelerate cloud adoption across Asia. The Association provides thought leadership through research and guidelines. It collaborates with governments and other organizations and engages stakeholders through events. Some of its initiatives include a Cloud Readiness Index to gauge countries' cloud readiness, a Cloud Map to visualize cloud discussions, and a Cloud Certification system to improve buyer confidence in cloud services. The Association aims to help evolve regulations, educate the market on cloud computing, and address adoption concerns across Asia.
The Asia Cloud Computing Association (ACCA) has created a Cloud Readiness Index to evaluate the state of readiness for cloud computing across markets in Asia. The index analyzes 14 countries based on 10 attributes related to factors like regulatory conditions, internet connectivity, data protection policies, and more. The ACCA aims to identify gaps and potential bottlenecks to cloud adoption in Asia through the index. This first version of the index serves as a starting point for discussion on cloud readiness and future versions will include additional attributes.
2017 Towards Better Patient Outcomes and Staying Well: The Promise of Cloud C...accacloud
The healthcare industry is one of the most advanced technology users - within their domains. Anecdotal evidence has revealed that there is a wide range of capacity and capabilities in the healthcare industry with respect to patient management, especially when it comes to administrating large amounts of patient records and information. How has the healthcare industry pivoted towards using cloud technology to improve patient outcomes? This study documents a number of key case studies within Asia Pacific.
Cloud-Enabled Enterprise Transformation: Driving Agility, Innovation and GrowthCognizant
Whether used for process optimization or modernization, cloud solutions bring much-needed flexibility to enterprises struggling to stay ahead of changing markets.
Cloud Readiness Index 2016 by the Asia Cloud Computing Associationaccacloud
Asian countries top the new Cloud Readiness Index (CRI) 2016 released by the Asia Cloud Computing Association (ACCA). The CRI places Hong Kong, Singapore, New Zealand and Australia above markets such as Germany, the United Kingdom (UK) and the United States (US), showing that Asia economies are indeed leading the world in cloud readiness. This is also the first time that the 14-market Asia Pacific-focused study also includes a sample of six non-Asian markets for comparative analysis.
The document discusses the rise of cloud computing to support business objectives in a world experiencing an intelligence explosion. It notes that cloud computing provides a new computing model that enables on-demand access to computing resources and rapid service delivery. The document differentiates between public clouds, which are accessed externally via service providers, and private clouds, which are internal but can offer similar benefits to public clouds with greater security and control. It recommends understanding your specific needs and environment to determine whether a public or private cloud is best suited for your organization.
Data Analytics to Bridge Knowledge Gaps 2016 - An ACCA White Paper on Supply ...accacloud
Data analytics is a fast-growing discipline and demand for data scientists and analytics professionals is soaring. This is clear from the wide usage of data analytics as a tool across verticals to speed up business growth and develop and maintain competitive advantages in companies.
This trend implies that demand for data analytics is greater than its current supply of analytics. In other words, the demand cannot be met by the services and skills currently offered by the market.
This white paper examines this trend. It compares the supply and demand of data analytics in Asia Pacific to identify current demand for and supply of data analytics. The paper focuses on analytics use in Asia Pacific, including barriers to increased data analytics use, and points towards where demand for the service will be tomorrow.
For more information, visit us at http://www.asiacloudcomputing.org
The document provides results from the inaugural TRPC Data Protection Index 2020, which assessed data protection laws and regulations of 30 economies based on the ASEAN Framework on Personal Data Protection. Japan ranked first with the strongest data protection according to the assessment questions. The results are shown in a table with each economy's scores on 12 questions relating to having a data protection law, oversight authority, consent requirements, accuracy of data, security safeguards, access and correction rights, overseas transfer rules, data retention limits, and accountability measures. Most economies scored well except for Vietnam, China, and Indonesia which were ranked lower due to gaps in their data protection frameworks.
Cloud Readiness Index 2012 by the Asia Cloud Computing Associationaccacloud
The document is the Asia Cloud Computing Association's 2012 Cloud Readiness Index, which ranks Asian economies on their readiness for cloud computing. It summarizes the Index results, showing Japan, Korea, and Hong Kong as the top three. It also discusses changes from 2011, such as Singapore falling due to lower data privacy scores. The document outlines the methodology used to evaluate countries on various attributes like data privacy, broadband access, and data center risks that affect their ability to adopt cloud computing.
Cloud computing contracts often contain complex terms and conditions that govern the relationship between the customer and cloud service provider. These contracts frequently give broad rights to the cloud provider to access, use, and share customer data in ways that the customer may not expect. They also typically disclaim responsibilities of the provider for securing customer data and limit the provider's liability. It is important for customers to carefully review cloud contracts to understand their rights and the obligations of the provider.
2018 Cross-Border Data Flows: A Review of the Regulatory Enablers, Blockers, ...accacloud
Access to data represents a huge potential in terms of potential economic growth and social enablement opportunities. It is not surprising then, that many governments are setting forth ‘digital economy’ agendas, including policy and regulatory frameworks, to ensure they maximize participation and opportunity. However, such a cross-cutting agenda is not without its challenges. Regulations put in place to enable or protect one part of the economy can damage growth in neighboring sectors or industries, often unintentionally. This research report takes an investigative look at the way five Asian economies—India, Indonesia, Japan, the Philippines, and Vietnam—are aggressively transitioning to more digitally enabled economies.
For more information, visit http://www.asiacloudcomputing.org
2015 How important is Cloud Computing for building Crowd Networks? Crowdsourc...accacloud
The document discusses the relationship between cloud computing and crowd networks. It examines several crowd-based businesses and how they utilize cloud technologies. While crowd funding can utilize cloud computing, it is not necessarily critical. Crowd sourcing businesses that manage a large number of varying projects and suppliers benefit most from cloud computing, as it provides elastic resources and on-demand scaling. Fully integrating cloud technologies with crowd sourcing enables new crowd-based business models and will play a major role in future innovation.
Regulating for a Digital Economy: Understanding the Importance of Cross-Borde...accacloud
Cross-border data access, usage, and exchange are essential to economic growth in the digital age. Every sector—including manufacturing, services, agriculture, and retail—relies on data and on the global flow of that data. Whether directly, or by indirectly taking advantage of global-scale data infrastructure such as cloud computing, global connectivity has enabled cross-border economic activity, allowing individuals, startups, and small businesses to participate in global markets. However, while the economic and trade opportunity from connectivity and data flows are significant, governments are increasingly introducing measures which restrict data flows—data localization measures.
This report reviews the various mechanisms by which governments are attempting to manage their digital economy. It covers the issues of data localization and data residency, clarifies cross-border data flow restrictions by developing a typology of data localization mechanisms like privacy, cybersecurity, law enforcement, digital protectionism, and levelling the playing field for businesses.
Sponsored by the Asia Cloud Computing Association, this report was independently researched and published by the Brookings Institution and TRPC Pte Ltd.
For more information, visit us at http://www.asiacloudcomputing.org
Towards Better Patient Outcomes and Staying Well: The Promise of Cloud Comput...accacloud
The healthcare industry is one which is often at the forefront of technology change. From hospital management to rural healthcare communities, from doctors and surgeons to pharmacists and lab technicians— there is often a tension between the urgent needs of the healthcare industry that compels rapid technology adoption, and a strict and heavily-regulated environment that defaults to caution when embracing new technology. Today, we see a healthcare industry that is moving towards the new paradigm of cloud computing with increasing optimism and trust.
How can the healthcare industry best deploy cloud computing to achieve better patient outcomes? What are the current opportunities to start a digital transformation in a healthcare institution? Where are the opportunities for the healthcare industry to leverage cloud technology, and move towards an ideal of preventing disease whenever we can, for prevention is preferable to cure? What other prospects does cloud computing hold for the healthcare sector?
This report will answer these questions by demonstrating the different innovative uses and deployment of cloud computing in six healthcare sub-verticals. These case studies show how technology and the healthcare industry can strengthen patient outcomes, and together, work towards the goal of staying healthy and well.
For more information, visit us at http://www.asiacloudcomputing.org
26 Nov 2013 - Law and Policy Meet the Cloud, by Bernie Trudel [IIC-TRPC Singa...accacloud
The document summarizes a report by the Asia Cloud Computing Association (ACCA) on data sovereignty issues across Asia. The report found that while there are no outright prohibitions on cloud services, countries are inconsistently regulating cross-border data flows and new regulations are adding to unclear laws. The report identifies leaders like Australia, Singapore, and Japan that have clear data protection laws and allow for cross-border data movement, and followers that lack formal laws or have restrictions. The ACCA recommends harmonizing regulations across Asia based on international standards to promote cloud adoption and eliminate legal confusion.
Asia Cloud Computing Association’s (ACCA) Response to India’s Draft Health Da...accacloud
The document is a response from the Asia Cloud Computing Association (ACCA) providing feedback on India's Draft Health Data Management Policy. Some of the key points made in the summary include:
- The ACCA recommends aligning the policy with international standards like GDPR and considering how policies like HIPAA in the US address similar issues.
- Clarification is needed on how health data will be classified and how/by whom it can be stored and processed. A risk-based approach is recommended.
- Definitions of biometric and personal data need clarification to avoid potential issues.
- The policy should explicitly state its relationship with India's pending Personal Data Protection Bill to avoid confusion on treatment of
Building Trust into eInvoicing: Key Requirements and StrategiesSafeNet
For years, the digitalization of assets has been underway, completely transforming entire
industries, from healthcare to music. In the same way, the move to digitalization has also
brought fundamental change to the way businesses manage invoices. By moving to electronic
invoicing, known as eInvoicing, organizations in a host of industries can realize a range of
benefi ts • Reduced costs. By eliminating the purchase of paper for invoice printing, reducing the
time and expense of physical invoice handling, reducing the space and expense of paperbased
fi le storage, and eliminating postage, organizations can realize direct, upfront cost
savings.
Report on Cloud Data Regulations 2014: A contribution on how to reduce the co...accacloud
The purpose of this paper is to contribute to, and help drive the formation of, policies concerning cloud computing in Asia. The paper addresses the increasing complexities surrounding the transfer of data between jurisdictions, and the problems this poses for operators, such as carriers, remittance service providers, social networks, Internet and e-commerce companies, offering legitimate cross-border data transfer services.
This paper builds on original research developed by the ACCA in 2013 as part of a broader and ongoing study on Data Sovereignty throughout the Asia Pacific. It argues that law makers and regulators should balance their efforts to protect personal data privacy and data in key sectors, such as banking and health services, with solutions that facilitate and therefore lower the cost of data transfers under all reasonable circumstances.
For more information, visit us at asiacloudcomputing.org
Porticor - Can Data be safe in Public Clouds, in Compliance with Standardsgiladpn
This document discusses security issues with public clouds and whether data can be kept safe and compliant with standards in public clouds. It notes that while cloud providers strive to keep customer data secure, customers are ultimately responsible for securing their own data and applications. The document outlines responsibilities of both cloud providers and customers, and examines how traditional security concepts translate to public clouds alongside new considerations for security in cloud environments.
28 Feb 2012 - Asia Opportunity, by Mark Ross [Questex Asia, Hong Kong]accacloud
The document discusses the Asia Cloud Computing Association and its efforts to accelerate cloud adoption across Asia. The Association provides thought leadership through research and guidelines. It collaborates with governments and other organizations and engages stakeholders through events. Some of its initiatives include a Cloud Readiness Index to gauge countries' cloud readiness, a Cloud Map to visualize cloud discussions, and a Cloud Certification system to improve buyer confidence in cloud services. The Association aims to help evolve regulations, educate the market on cloud computing, and address adoption concerns across Asia.
The Asia Cloud Computing Association (ACCA) has created a Cloud Readiness Index to evaluate the state of readiness for cloud computing across markets in Asia. The index analyzes 14 countries based on 10 attributes related to factors like regulatory conditions, internet connectivity, data protection policies, and more. The ACCA aims to identify gaps and potential bottlenecks to cloud adoption in Asia through the index. This first version of the index serves as a starting point for discussion on cloud readiness and future versions will include additional attributes.
2017 Towards Better Patient Outcomes and Staying Well: The Promise of Cloud C...accacloud
The healthcare industry is one of the most advanced technology users - within their domains. Anecdotal evidence has revealed that there is a wide range of capacity and capabilities in the healthcare industry with respect to patient management, especially when it comes to administrating large amounts of patient records and information. How has the healthcare industry pivoted towards using cloud technology to improve patient outcomes? This study documents a number of key case studies within Asia Pacific.
Cloud-Enabled Enterprise Transformation: Driving Agility, Innovation and GrowthCognizant
Whether used for process optimization or modernization, cloud solutions bring much-needed flexibility to enterprises struggling to stay ahead of changing markets.
Cloud Readiness Index 2016 by the Asia Cloud Computing Associationaccacloud
Asian countries top the new Cloud Readiness Index (CRI) 2016 released by the Asia Cloud Computing Association (ACCA). The CRI places Hong Kong, Singapore, New Zealand and Australia above markets such as Germany, the United Kingdom (UK) and the United States (US), showing that Asia economies are indeed leading the world in cloud readiness. This is also the first time that the 14-market Asia Pacific-focused study also includes a sample of six non-Asian markets for comparative analysis.
The document discusses the rise of cloud computing to support business objectives in a world experiencing an intelligence explosion. It notes that cloud computing provides a new computing model that enables on-demand access to computing resources and rapid service delivery. The document differentiates between public clouds, which are accessed externally via service providers, and private clouds, which are internal but can offer similar benefits to public clouds with greater security and control. It recommends understanding your specific needs and environment to determine whether a public or private cloud is best suited for your organization.
Data Analytics to Bridge Knowledge Gaps 2016 - An ACCA White Paper on Supply ...accacloud
Data analytics is a fast-growing discipline and demand for data scientists and analytics professionals is soaring. This is clear from the wide usage of data analytics as a tool across verticals to speed up business growth and develop and maintain competitive advantages in companies.
This trend implies that demand for data analytics is greater than its current supply of analytics. In other words, the demand cannot be met by the services and skills currently offered by the market.
This white paper examines this trend. It compares the supply and demand of data analytics in Asia Pacific to identify current demand for and supply of data analytics. The paper focuses on analytics use in Asia Pacific, including barriers to increased data analytics use, and points towards where demand for the service will be tomorrow.
For more information, visit us at http://www.asiacloudcomputing.org
The document provides results from the inaugural TRPC Data Protection Index 2020, which assessed data protection laws and regulations of 30 economies based on the ASEAN Framework on Personal Data Protection. Japan ranked first with the strongest data protection according to the assessment questions. The results are shown in a table with each economy's scores on 12 questions relating to having a data protection law, oversight authority, consent requirements, accuracy of data, security safeguards, access and correction rights, overseas transfer rules, data retention limits, and accountability measures. Most economies scored well except for Vietnam, China, and Indonesia which were ranked lower due to gaps in their data protection frameworks.
Cloud Readiness Index 2012 by the Asia Cloud Computing Associationaccacloud
The document is the Asia Cloud Computing Association's 2012 Cloud Readiness Index, which ranks Asian economies on their readiness for cloud computing. It summarizes the Index results, showing Japan, Korea, and Hong Kong as the top three. It also discusses changes from 2011, such as Singapore falling due to lower data privacy scores. The document outlines the methodology used to evaluate countries on various attributes like data privacy, broadband access, and data center risks that affect their ability to adopt cloud computing.
Cloud computing contracts often contain complex terms and conditions that govern the relationship between the customer and cloud service provider. These contracts frequently give broad rights to the cloud provider to access, use, and share customer data in ways that the customer may not expect. They also typically disclaim responsibilities of the provider for securing customer data and limit the provider's liability. It is important for customers to carefully review cloud contracts to understand their rights and the obligations of the provider.
From the server room to the board room, there is a lot of talk about “the cloud” — and for good reason. The cloud offers organizations — and their information technology (IT) staffs, in particular — a number of important benefits ranging from increased efficiencies to scalability. Taking advantage of these benefits requires understanding the various cloud models available and how they can best meet your organization’s specific needs.
The Management of Security in Cloud Computing Ramgovind.docxcherry686017
The Management of Security in Cloud Computing
Ramgovind S, Eloff MM, Smith E
School of Computing, University of South Africa, Pretoria, South Africa
[email protected]; {eloff, smithe}@unisa.ac.za
Abstract—Cloud computing has elevated IT to newer limits
by offering the market environment data storage and capacity
with flexible scalable computing processing power to match
elastic demand and supply, whilst reducing capital expenditure.
However the opportunity cost of the successful implementation of
Cloud computing is to effectively manage the security in the
cloud applications. Security consciousness and concerns arise as
soon as one begins to run applications beyond the designated
firewall and move closer towards the public domain. The purpose
of the paper is to provide an overall security perspective of Cloud
computing with the aim to highlight the security concerns that
should be properly addressed and managed to realize the full
potential of Cloud computing. Gartner’s list on cloud security
issues, as well the findings from the International Data
Corporation enterprise panel survey based on cloud threats, will
be discussed in this paper.
Keywords- Cloud computing; Security; Public cloud, Private
cloud, Hybrid Cloud, policies, cloud transparency
I. INTRODUCTION
The success of modern day technologies highly depends on
its effectiveness of the world’s norms, its ease of use by end
users and most importantly its degree of information security
and control. Cloud computing is a new and emerging
information technology that changes the way IT architectural
solutions are put forward by means of moving towards the
theme of virtualisation: of data storage, of local networks
(infrastructure) as well as software [1-2].
In a survey undertaken by the International Data
Corporation (IDC) group between 2008 and 2009, the majority
of results point to employing Cloud computing as a low-cost
viable option to users [3]. The results also show that Cloud
computing is best suited for individuals who are seeking a
quick solution for startups, such as developers or research
projects and even e-commerce entrepreneurs. Using Cloud
computing can help in keeping one’s IT budget to a bare
minimum. It is also ideally suited for development and testing
scenarios. It is the easiest solution to test potential proof of
concepts without investing too much capital. Cloud computing
can deliver a vast array of IT capabilities in real time using
many different types of resources such as hardware, software,
virtual storage once logged onto a cloud. Cloud computing can
also be part of a broader business solution whereby prioritised
applications utilise Cloud computing functionality whilst other
critical applications maintain organisational resources as per
normal. This allows for cost saving whilst maintaining a secure
degree of control within an orgainsation.
Cloud computing can be seen as a service-oriented ...
Webinar presentation March 3, 2016.
The CSCC deliverable, Practical Guide to Hybrid Cloud Computing, contains prescriptive guidance for the successful deployment of hybrid cloud computing. The whitepaper outlines the key considerations that customers must take into account as they adopt hybrid cloud computing and covers the strategic and tactical activities for decision makers implementing hybrid cloud solutions as well as technical considerations for deployment.
Download the deliverable: http://www.cloud-council.org/resource-hub
Cloud computing provides on-demand, pay-as-you-go computing resources over the internet. It has grown rapidly since the 2000s as a more efficient and flexible alternative to traditional computing models. While promising lower costs and increased agility, cloud computing also presents challenges regarding security, compliance with regulations, vendor lock-in, and auditability that businesses must address through service level agreements with cloud vendors. As the cloud computing industry and standards continue to evolve, many expect it will transform how IT resources are utilized.
This document discusses cloud computing and service level agreements. It begins by defining different types of cloud computing models like SaaS, PaaS, and IaaS. It then discusses how cloud computing differs from traditional on-premise storage by addressing issues like data location, custody, and multi-tenancy. The document outlines important considerations for service level agreements including security, data encryption, privacy, regulatory compliance, and transparency. It emphasizes that SLAs should define metrics and responsibilities to ensure the cloud provider delivers the promised level of service. Finally, it cautions that moving to the cloud requires understanding issues like security, portability, accessibility, and data location laws.
Financial Services-ready Public Cloud white paper [march 9, 2020]Scott Satterwhite
The document discusses IBM's new financial services-ready public cloud. It was designed to address the unique regulatory compliance, security, and resiliency needs of financial institutions. The cloud features a robust policy framework informed by banking regulations and offers pre-approved ISV/SaaS solutions. It utilizes IBM's secure public cloud infrastructure and leverages Promontory for ongoing governance to help financial firms and partners demonstrate regulatory compliance and innovate faster.
Legal And Regulatory Issues Cloud Computing...V2.0David Spinks
The document provides an overview of 11 domains related to security in cloud computing. It summarizes recommendations for governance, risk management, compliance, auditing, information lifecycle management, portability and interoperability, traditional security practices, data center operations, incident response, application security, and encryption in cloud environments. The document emphasizes the importance of thorough risk analysis, contractual agreements, ongoing assessment and monitoring when adopting cloud services.
To prosper in this new environment insurance companies can look to the cloud, in conjunction with other technologies, to help drive reinvention of their business model to offer new services and create direct, multi-channel relationships with customers
White Paper: What's on Your Cloud? Workload Deployment Strategies for Private...EMC
This white paper—jointly sponsored by EMC, CSC, and Cisco—describes workload deployment strategies for private and hybrid clouds, enabling IT as a strategic business partner.
This document discusses cloud computing and its potential benefits for organizations. It defines cloud computing and describes deployment and service models. The key benefits of cloud computing include lower costs, faster deployment of applications, scalability, and improved organizational agility. However, security, lack of standards, and regulatory compliance are challenges. The adoption of cloud computing is increasing but still early, with most activity from early adopters.
This document discusses cloud computing, including what it is, its benefits, and different service and deployment models. Cloud computing refers to accessing applications and storing data over the internet instead of locally. It offers advantages like flexibility, scalability, cost savings, and mobility. There are three main service models - Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). Deployment models include public, private, and hybrid clouds. The document also outlines the scope, aims, business overview, and some limitations of cloud computing.
Migrating to Cloud? 5 motivations and 10 key security architecture considerat...Yew Weisin
1) The document discusses key considerations for developing a secure cloud migration strategy, including strategic alignment, security management and governance, access management, data classification and management, encryption, monitoring and reporting, and identity and access management.
2) It identifies 10 key security architecture considerations for cloud migration: division of responsibility, multi-tenancy, data classification and management, encryption and key management, monitoring and reporting, access management, business continuity, risk assessment, change management, and security as a service.
3) The document emphasizes that access management is one of the most critical security areas for cloud, and identity and access management as a service and cloud access security brokers are growing trends to help govern cloud services.
Strategies for assessing cloud securityArun Gopinath
IBM provides strategies for assessing cloud security risks. Key steps include developing a strategic cloud security roadmap, identifying risks specific to public and private cloud models, and conducting assessments of cloud security architectures. IBM security experts evaluate cloud security programs against best practices and provide recommendations to address gaps through additional controls, policies, identity management, or managed security services. Thorough testing also examines network and application vulnerabilities from an attacker's perspective.
IBM provides strategies for assessing cloud security risks. Key steps include developing a strategic cloud security roadmap, identifying risks specific to public and private cloud models, and conducting assessments of cloud security architectures. IBM security experts evaluate cloud security programs against best practices and provide recommendations to address gaps through additional controls, policies, identity management, or managed security services. Regular technical testing also helps evaluate security weaknesses impacting data protection.
The document provides strategies for assessing cloud security risks. It discusses the need to develop proper security controls for cloud implementations, as embracing cloud computing without adequate controls can place IT infrastructure at risk. The document recommends developing a strategic cloud security roadmap that involves defining business/IT strategy, identifying risks, documenting a plan, and assessing cloud security with IBM through a review of security programs and technical testing.
This is basically about the hybrid cloud and steps to implement them, starting from what is cloud, hybrid cloud to its implementation. Hybrid Cloud is nowadays implemented by many organisations and transitioning a traditional IT setup to a hybrid cloud model is no small undertaking. So, one should know about it and how it is implemented.
The document discusses the challenges of transitioning to a multi-cloud environment and proposes solutions across six architecture domains: 1) provisioning infrastructure as code while enforcing policies, 2) implementing a zero-trust security model with secrets management and encryption, 3) using a service registry and service mesh for networking, 4) delivering both modern and legacy applications via flexible orchestration, 5) addressing issues of databases across cloud platforms, and 6) establishing multi-cloud governance and policy management. The goal is to simplify management of resources distributed across multiple cloud providers while maintaining visibility, consistency, and cost optimization.
Similar to Safe Cloud Principles for the FSI Industry 2014, endorsed by the Asia Cloud Computing Association (20)
This paper presents guidance to cloud using organizations that cloud-native and cloud-enabled services may be used to implement the baseline technical controls with reference to capabilities available from major Cloud Service Providers.
ACCA Concept Note on The Role of the Cloud in Meeting Sustainable Development...accacloud
We are glad to announce our publication of the ACCA concept note on the Role of Cloud in in Meeting Sustainable Development Goals (SDGs) for the Asia-Pacific (APAC) Region. Sustainable development is key for the continued growth of APAC economies, and cloud technology offers a wonderful opportunity for governments to achieve their development goals, not just net-zero.
As ACCA commits to decarbonization and renewable energy investments, we call on the Governments in APAC to support the industry in these efforts.
Asia Cloud Computing Association's Financial Services in the Cloud Report 202...accacloud
The Financial Services on the Cloud Report 2021, this time focused and translated specially for the Japanese market. For more information, do contact us at secretariat@asiacloudcomputing.org
Asia Cloud Computing Association’s (ACCA) Response to the Draft Indonesian Mi...accacloud
26 Mar 2020 Asia Cloud Computing Association’s (ACCA) Response to the Draft Indonesian Ministerial Regulation for Private Scope for Government Regulation 71/2019 (GR 71 summary https://siplawfirm.id/key-points-of-government-regulation-no-71-of-2019-on-organization-of-electronic-systems-and-transactions/)
Cloud Readiness Index 2016 - Japanese version クラウド推進普及状況accacloud
Cloud Readiness Index 2016 - Japanese version クラウド推進普及状況 by the Asia Cloud Computing Association
For more information, please visit http://www.asiacloudcomputing.org
Cloud Readiness Index 2011 by the Asia Cloud Computing Associationaccacloud
The Cloud Readiness Index has been prepared by the Asia Cloud Computing Association (The Association). The Index evaluates key attributes in order to identify the state of readiness for cloud computing in various markets across the Asia region. Additionally, it provides insight into how regulation and policy work by governments. It also assists companies and individuals in determining which markets are best placed for wide adoption of cloud computing services in Asia.
2011 The Cloud Map by the Asia Cloud Computing Associationaccacloud
2011 Cloud Map, by the Asia Cloud Computing Association.
The Cloud is emerging at an incredible pace and keeping current on the key developments, influencers, trends and evolution is a must. The Cloud Map project is designed to bring you a few uncommon insights into various Cloud debates. Insights into government regulatory initiatives and how they're being influenced, security and privacy concerns and cloud delivery models to name a few. We will be tapping into the pulse of the debate across the Internet, the Twittersphere and the Blogosphere. We will follow how the topic or issue is being discussed, who it involves, what is being said and who the main actors in the story are. Visit us at http://www.asiacloudcomputing.org
2014 Managing Cloud: A New Multidisciplinary Paradigm for Policymakersaccacloud
The core problems around cloud, telco and other providers who need to transfer data across borders are how to ensure compliance with an alphabet soup of general and sector-specific laws and regulations, and codes of practice, and legal judgements, and legal and procedural uncertainties, that differ in their details across so many jurisdictions.
What is an RPA CoE? Session 1 – CoE VisionDianaGray10
In the first session, we will review the organization's vision and how this has an impact on the COE Structure.
Topics covered:
• The role of a steering committee
• How do the organization’s priorities determine CoE Structure?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
The Department of Veteran Affairs (VA) invited Taylor Paschal, Knowledge & Information Management Consultant at Enterprise Knowledge, to speak at a Knowledge Management Lunch and Learn hosted on June 12, 2024. All Office of Administration staff were invited to attend and received professional development credit for participating in the voluntary event.
The objectives of the Lunch and Learn presentation were to:
- Review what KM ‘is’ and ‘isn’t’
- Understand the value of KM and the benefits of engaging
- Define and reflect on your “what’s in it for me?”
- Share actionable ways you can participate in Knowledge - - Capture & Transfer
ScyllaDB is making a major architecture shift. We’re moving from vNode replication to tablets – fragments of tables that are distributed independently, enabling dynamic data distribution and extreme elasticity. In this keynote, ScyllaDB co-founder and CTO Avi Kivity explains the reason for this shift, provides a look at the implementation and roadmap, and shares how this shift benefits ScyllaDB users.
MySQL InnoDB Storage Engine: Deep Dive - MydbopsMydbops
This presentation, titled "MySQL - InnoDB" and delivered by Mayank Prasad at the Mydbops Open Source Database Meetup 16 on June 8th, 2024, covers dynamic configuration of REDO logs and instant ADD/DROP columns in InnoDB.
This presentation dives deep into the world of InnoDB, exploring two ground-breaking features introduced in MySQL 8.0:
• Dynamic Configuration of REDO Logs: Enhance your database's performance and flexibility with on-the-fly adjustments to REDO log capacity. Unleash the power of the snake metaphor to visualize how InnoDB manages REDO log files.
• Instant ADD/DROP Columns: Say goodbye to costly table rebuilds! This presentation unveils how InnoDB now enables seamless addition and removal of columns without compromising data integrity or incurring downtime.
Key Learnings:
• Grasp the concept of REDO logs and their significance in InnoDB's transaction management.
• Discover the advantages of dynamic REDO log configuration and how to leverage it for optimal performance.
• Understand the inner workings of instant ADD/DROP columns and their impact on database operations.
• Gain valuable insights into the row versioning mechanism that empowers instant column modifications.
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsDianaGray10
Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more.
The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications.
We’ll discuss and demo the benefits of UiPath Apps and connectors including:
Creating a compelling user experience for any software, without the limitations of APIs.
Accelerating the app creation process, saving time and effort
Enjoying high-performance CRUD (create, read, update, delete) operations, for
seamless data management.
Speakers:
Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP
Charlie Greenberg, host
In our second session, we shall learn all about the main features and fundamentals of UiPath Studio that enable us to use the building blocks for any automation project.
📕 Detailed agenda:
Variables and Datatypes
Workflow Layouts
Arguments
Control Flows and Loops
Conditional Statements
💻 Extra training through UiPath Academy:
Variables, Constants, and Arguments in Studio
Control Flow in Studio
Dandelion Hashtable: beyond billion requests per second on a commodity serverAntonios Katsarakis
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
"Choosing proper type of scaling", Olena SyrotaFwdays
Imagine an IoT processing system that is already quite mature and production-ready and for which client coverage is growing and scaling and performance aspects are life and death questions. The system has Redis, MongoDB, and stream processing based on ksqldb. In this talk, firstly, we will analyze scaling approaches and then select the proper ones for our system.
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillLizaNolte
HERE IS YOUR WEBINAR CONTENT! 'Mastering Customer Journey Management with Dr. Graham Hill'. We hope you find the webinar recording both insightful and enjoyable.
In this webinar, we explored essential aspects of Customer Journey Management and personalization. Here’s a summary of the key insights and topics discussed:
Key Takeaways:
Understanding the Customer Journey: Dr. Hill emphasized the importance of mapping and understanding the complete customer journey to identify touchpoints and opportunities for improvement.
Personalization Strategies: We discussed how to leverage data and insights to create personalized experiences that resonate with customers.
Technology Integration: Insights were shared on how inQuba’s advanced technology can streamline customer interactions and drive operational efficiency.
AI in the Workplace Reskilling, Upskilling, and Future Work.pptxSunil Jagani
Discover how AI is transforming the workplace and learn strategies for reskilling and upskilling employees to stay ahead. This comprehensive guide covers the impact of AI on jobs, essential skills for the future, and successful case studies from industry leaders. Embrace AI-driven changes, foster continuous learning, and build a future-ready workforce.
Read More - https://bit.ly/3VKly70
Introducing BoxLang : A new JVM language for productivity and modularity!Ortus Solutions, Corp
Just like life, our code must adapt to the ever changing world we live in. From one day coding for the web, to the next for our tablets or APIs or for running serverless applications. Multi-runtime development is the future of coding, the future is to be dynamic. Let us introduce you to BoxLang.
Dynamic. Modular. Productive.
BoxLang redefines development with its dynamic nature, empowering developers to craft expressive and functional code effortlessly. Its modular architecture prioritizes flexibility, allowing for seamless integration into existing ecosystems.
Interoperability at its Core
With 100% interoperability with Java, BoxLang seamlessly bridges the gap between traditional and modern development paradigms, unlocking new possibilities for innovation and collaboration.
Multi-Runtime
From the tiny 2m operating system binary to running on our pure Java web server, CommandBox, Jakarta EE, AWS Lambda, Microsoft Functions, Web Assembly, Android and more. BoxLang has been designed to enhance and adapt according to it's runnable runtime.
The Fusion of Modernity and Tradition
Experience the fusion of modern features inspired by CFML, Node, Ruby, Kotlin, Java, and Clojure, combined with the familiarity of Java bytecode compilation, making BoxLang a language of choice for forward-thinking developers.
Empowering Transition with Transpiler Support
Transitioning from CFML to BoxLang is seamless with our JIT transpiler, facilitating smooth migration and preserving existing code investments.
Unlocking Creativity with IDE Tools
Unleash your creativity with powerful IDE tools tailored for BoxLang, providing an intuitive development experience and streamlining your workflow. Join us as we embark on a journey to redefine JVM development. Welcome to the era of BoxLang.
Must Know Postgres Extension for DBA and Developer during MigrationMydbops
Mydbops Opensource Database Meetup 16
Topic: Must-Know PostgreSQL Extensions for Developers and DBAs During Migration
Speaker: Deepak Mahto, Founder of DataCloudGaze Consulting
Date & Time: 8th June | 10 AM - 1 PM IST
Venue: Bangalore International Centre, Bangalore
Abstract: Discover how PostgreSQL extensions can be your secret weapon! This talk explores how key extensions enhance database capabilities and streamline the migration process for users moving from other relational databases like Oracle.
Key Takeaways:
* Learn about crucial extensions like oracle_fdw, pgtt, and pg_audit that ease migration complexities.
* Gain valuable strategies for implementing these extensions in PostgreSQL to achieve license freedom.
* Discover how these key extensions can empower both developers and DBAs during the migration process.
* Don't miss this chance to gain practical knowledge from an industry expert and stay updated on the latest open-source database trends.
Mydbops Managed Services specializes in taking the pain out of database management while optimizing performance. Since 2015, we have been providing top-notch support and assistance for the top three open-source databases: MySQL, MongoDB, and PostgreSQL.
Our team offers a wide range of services, including assistance, support, consulting, 24/7 operations, and expertise in all relevant technologies. We help organizations improve their database's performance, scalability, efficiency, and availability.
Contact us: info@mydbops.com
Visit: https://www.mydbops.com/
Follow us on LinkedIn: https://in.linkedin.com/company/mydbops
For more details and updates, please follow up the below links.
Meetup Page : https://www.meetup.com/mydbops-databa...
Twitter: https://twitter.com/mydbopsofficial
Blogs: https://www.mydbops.com/blog/
Facebook(Meta): https://www.facebook.com/mydbops/
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...AlexanderRichford
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation Functions to Prevent Interaction with Malicious QR Codes.
Aim of the Study: The goal of this research was to develop a robust hybrid approach for identifying malicious and insecure URLs derived from QR codes, ensuring safe interactions.
This is achieved through:
Machine Learning Model: Predicts the likelihood of a URL being malicious.
Security Validation Functions: Ensures the derived URL has a valid certificate and proper URL format.
This innovative blend of technology aims to enhance cybersecurity measures and protect users from potential threats hidden within QR codes 🖥 🔒
This study was my first introduction to using ML which has shown me the immense potential of ML in creating more secure digital environments!
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...DanBrown980551
This LF Energy webinar took place June 20, 2024. It featured:
-Alex Thornton, LF Energy
-Hallie Cramer, Google
-Daniel Roesler, UtilityAPI
-Henry Richardson, WattTime
In response to the urgency and scale required to effectively address climate change, open source solutions offer significant potential for driving innovation and progress. Currently, there is a growing demand for standardization and interoperability in energy data and modeling. Open source standards and specifications within the energy sector can also alleviate challenges associated with data fragmentation, transparency, and accessibility. At the same time, it is crucial to consider privacy and security concerns throughout the development of open source platforms.
This webinar will delve into the motivations behind establishing LF Energy’s Carbon Data Specification Consortium. It will provide an overview of the draft specifications and the ongoing progress made by the respective working groups.
Three primary specifications will be discussed:
-Discovery and client registration, emphasizing transparent processes and secure and private access
-Customer data, centering around customer tariffs, bills, energy usage, and full consumption disclosure
-Power systems data, focusing on grid data, inclusive of transmission and distribution networks, generation, intergrid power flows, and market settlement data
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
Safe Cloud Principles for the FSI Industry 2014, endorsed by the Asia Cloud Computing Association
1. 10000864-4
1
SAFE CLOUD PRINCIPLES FOR THE
FINANCIAL SERVICES INDUSTRY
INTRODUCTION TO THE SAFE CLOUD PRINCIPLES
Why are these principles needed?
Cloud Computing is poised to transform how information technology is used by the Financial
Services Industry (FSI). However, this transformation can only come about if the FSI has
confidence that the use of Cloud Computing will not interfere with legal obligations and sound
business practice.
This document has been created in partnership between Financial Institutions (FIs), Cloud Service
Providers (CSP), Financial Regulators and industry bodies. It proposes Safe Cloud Principles in
the form of a unified, condensed and clarified set of best practices to help FIs to focus on and
navigate through the relevant regulatory issues when contemplating a move to the cloud. The Safe
Cloud Principles cover key requirements such as confidentiality, availability and integrity and are
derived from the very laws, regulations and guidelines with which FIs must comply.
The configuration of Cloud Services will vary greatly from CSP to CSP and not all solutions will be
able to meet the Safe Cloud Principles. It is the FIs’ obligation to ensure that the Cloud Services
they use are compliant. These Safe Cloud Principles will help the FSI to be better prepared, have
a clearer understanding of the relevant requirements and to make the right decisions.
Who are these principles for?
- Financial Institutions. These Safe Cloud Principles focus on the regulations applicable to
banks, being subject to some of the most stringent requirements. However, the definition
of an FI is broad. The term may encompass different kinds of organisations that deal with
financial services, such as investments, loans and deposits, trust companies, insurance
companies, investment dealers and brokers. Although this note focuses on banks, these
Safe Cloud Principles should still be broadly consistent and applicable for the whole FSI.
However, recognising that these Safe Cloud Principles are broad statements of regulatory
requirements, all FIs will, of course, need to obtain their own legal advice in relation to their
intended use of Cloud Services. In some countries, for example, FIs may need to consult
with or obtain approval from Financial Regulators in order to use a Cloud Service and, in
some countries, insurance companies and other kinds of FI may be subject to separate
laws and regulations. By complying with these Safe Cloud Principles, FIs will have
addressed the overarching key concerns with, and challenges of using, Cloud Services in
the FSI.
endorsed
2. 10000864-4
2
- Cloud Service Providers. When designing or contracting to provide Cloud Services,
referring to the Safe Cloud Principles will help CSPs better understand and meet the
regulatory issues that their FI customers face.
- Industry Bodies. Industry Bodies can use, endorse or recommend the Safe Cloud
Principles as helpful guidance for the FIs or CSPs that they represent.
- Financial Regulators. Financial Regulators can use, endorse or recommend the Safe
Cloud Principles as “Best Practices” and additional guidance for the FIs that they regulate
(as the Safe Cloud Principles have been developed to capture the broad principles
underlying regulation).
How are these principles structured?
For each of the ten Safe Cloud Principles there is: (i) a summary explanation of what the principle
means in practice for FIs; (ii) a checklist for FIs to follow in order to meet the principle; and (iii) a list
of the key laws, regulations, and guidelines which underpin the principle in three of the key
jurisdictions in the Asia Pacific region – Singapore, Hong Kong and Australia (applicable as at
November 2013). The Safe Cloud Principles are broadly consistent and applicable across the Asia
Pacific region although some variations will apply.
OVERVIEW OF CLOUD SERVICES AND THE FINANCIAL SERVICES INDUSTRY
What are Cloud Services?
Cloud Computing or Cloud Services means on demand network access to a shared pool of
configurable computing resources. In other words, Cloud Services provide FIs with on demand
access, using a network connection, to information technology or software services, all of which
the CSP can configure to the needs of the FI.
Service Models. There are three common delivery models for Cloud Services: (i) Infrastructure as
a Service (IaaS) where the CSP delivers IT infrastructure e.g. storage space or computing power;
(ii) Platform as a Service (PaaS) where the CSP provides a computing platform for customers to
develop and run their own applications; and (iii) Software as a Service (SaaS) where the CSP
makes available software applications to customers.
Deployment Models. There are four common deployment models for Cloud Services, each
characterised according to: (i) who manages the day-to-day governance, operation, security and
compliance of the service; (ii) who owns the infrastructure (including physical infrastructure such
as facilities, computers, networks and storage equipment); (iii) where the infrastructure is located;
and (iv) who can access the Data being hosted. They are:
3. 10000864-4
3
- Private Cloud, with infrastructure being owned and managed sometimes by the customer,
but more often by a CSP. The infrastructure is located either on customer premises or,
again more typically, on the CSP’s premises. In all cases, the Data and services are
accessible exclusively by the particular customer.
- Public Cloud with infrastructure being owned and managed by the CSP and is located off-
premise from the customer. Although the Data and services are protected from
unauthorised access, the infrastructure is accessible by a variety of customers. Public
Cloud is also referred to as a ‘multi-tenanted solution’ because there are multiple customers
who will all have access to the same infrastructure.
- Community Cloud serves members of a community of customers with similar computing
needs or requirements, such as security, reliability and resiliency. The infrastructure may
be owned and managed by members of the community or by a CSP. The infrastructure is
located either on customer premises or the CSP’s premises. The Data and services are
accessible only by the community of customers. Community Cloud is by its nature a ‘multi-
tenanted solution’ because there are multiple members of a community of customers who
will all have access to the same infrastructure.
- Hybrid Cloud is a combination of two or more of Private Cloud, Public Cloud or Community
Cloud. Hybrid Cloud infrastructure can be owned and managed by the customer, or by a
CSP and in either case the infrastructure may be located on-premise or off-premise, or
both (e.g. some on-premise Private Cloud integrated with off-premise Community Cloud or
Public Cloud). The Data and services can be accessed based on the design of the solution,
corresponding to whether the architecture has public, private or community characteristics.
Hybrid Cloud may be a ‘multi-tenanted solution’, if multiple customers have access to the
same infrastructure. It can however also provide a ‘dedicated’ solution or component.
All four deployment models are capable of meeting the Safe Cloud Principles. However, it is
essential that FIs looking at Public Cloud, Community Cloud or Hybrid Cloud models that are multi-
tenanted, only engage CSPs who offer a model that can host multiple tenants in a highly secure
way, so that data storage and processing for each tenant is segregated. If not then the Cloud
Services will not meet these Safe Cloud Principles, in particular Safe Cloud Principle 8.
What are the key challenges with Cloud Services for Financial Institutions?
FIs are stringently regulated. This is because Financial Regulators are committed to maintaining
an FSI that is safe, stable and secure.
Contrary to common misconceptions, Financial Regulators in the Asia Pacific region do not prohibit
the use of Cloud Services per se and do recognise that they are an increasingly important option
for FIs’ technical infrastructure and budget management. However, Financial Regulators are
4. 10000864-4
4
compelled to oversee that any implementation of Cloud Services is undertaken with appropriate
due care and attention. Correspondingly, FIs need to approach Cloud Services with a high degree
of sensitivity to ensure regulatory compliance, often across multiple jurisdictions.
In terms of the regulatory framework for Cloud Services, most Financial Regulators have not
published specific Cloud Service guidelines. Instead, they tend to rely on existing regulations and
guidelines on outsourcing, data risk management, technology risk management and business
continuity management.
Despite differences in the presentation of regulatory requirements and the approach of different
Financial Regulators, the following common conditions emerge which are imposed across all FIs,
regardless of jurisdiction and have particular resonance for Cloud Services:
- The importance of FIs maintaining control over their activities and Data (see Safe Cloud
Principle 2).
- The ability for FIs and applicable Financial Regulators to audit the CSP (see Safe Cloud
Principle 3).
- Ensuring FI’s Data, particularly Customer Data, is kept in strict confidence (see Safe Cloud
Principle 4) and is not kept for any other purpose than providing the service (see Safe
Cloud Principle 7).
- Prescriptive security requirements (see Safe Cloud Principle 4).
- Transparency about the exact location of the FI’s Data (see Safe Cloud Principle 6).
- The need for segregation of FI Customer Data (see Safe Cloud Principle 8).
In addition to FSI specific rules and guidance, in most jurisdictions other general legal requirements
will also be relevant and therefore also feature in the Safe Cloud Principles. These include Privacy
Regulations, which, for example, impose requirements that apply in respect of any Personal Data
that may be stored, processed or hosted by the CSP (e.g. security, consents, transfers of Personal
Data and, in some countries, additional rules related to security breach and notification). FIs will
also need to consider, in particular, the impact of any general statutes, regulations or common law
relating to confidential information, law enforcement or judicial access to Data.
5. 10000864-4
5
SAFE CLOUD PRINCIPLES FOR THE FINANCIAL SERVICES INDUSTRY
1. SERVICE PROVIDER REPUTATION AND COMPETENCE
2. REVIEW, MONITORING AND CONTROL
3. AUDIT
4. CONFIDENTIALITY AND CERTIFIED SECURITY STANDARDS
5. RESILIENCE AND BUSINESS CONTINUITY
6. DATA LOCATION AND TRANSPARENCY
7. LIMITS ON DATA USE
8. DATA SEGREGATION/ISOLATION
9. CONDITIONS ON SUBCONTRACTING
10. CONDITIONS ON TERMINATION
KEY:
Singapore
Hong Kong
Australia
1. SERVICE PROVIDER REPUTATION AND COMPETENCE
FIs must carry out, and CSPs must assist in facilitating, a risk assessment and due diligence
on the CSP to ensure that the CSP and its Cloud Services meet the legal, regulatory,
contractual and business requirements. FIs should have in place a risk management plan
that includes measures to address the risks associated with the use of Cloud Services.
There is a variety of deployment models for Cloud Services. As part of the due diligence process,
FIs should ensure that they understand the pros and cons of each deployment model and the
specific configuration being proposed by the CSP to determine whether it is suitable for the FI’s
purposes and can meet its regulatory requirements.
6. 10000864-4
6
Most Financial Regulators require FIs to carry out impact assessments prior to entering into the
contract for Cloud Services but this is also sound business practice. Some Financial Regulators
have a more detailed process – for example the Monetary Authority of Singapore who has a specific
detailed questionnaire document that must be completed by the FI.
FI Checklist:
- Evaluate the CSP. Does it have the requisite experience, competence, financial strength,
resources and business reputation? Have you investigated any existing
complaints/litigation?
- Carry out due diligence to ensure that the CSP can comply with these Safe Cloud
Principles. You may wish to run through each of these Safe Cloud Principles with the CSP
and ask it to demonstrate how it will comply with them.
- If the results of the due diligence show deficiencies against the legal, regulatory or business
requirements, these deficiencies must be addressed prior to entering into the contract with
the CSP or another CSP must be engaged.
- Require the CSP to assist in the due diligence process. A reputable CSP should be willing
and able to provide answers to all your questions and be familiar with the specific regulatory
requirements that you must meet.
- Where relevant, complete the relevant Financial Regulator’s questionnaire or other review
process. A good CSP should be able to help you with this process.
Examples of regulations and guidelines which underpin this principle:
- MAS Outsourcing Guidelines Para 6.2
- MAS Outsourcing Guidelines Para 6.3
- MAS TRM Guidelines Para 5.1
- MAS TRM Guidelines Para 5.2
- MAS Outsourcing Questionnaire
- MAS Banking Secrecy Notice
- HKMA Outsourcing Guidelines Para 2.2
- HKMA Outsourcing Guidelines Para 2.3
- APRA Outsourcing Standard Para 22
- APRA Outsourcing Guide.
7. 10000864-4
7
2. REVIEW, MONITORING AND CONTROL
Compliance does not end at signature of the contract. CSPs must provide regular reporting
and information to demonstrate continued compliance with the legal, regulatory, contractual
and business requirements throughout the duration of the contract. FIs and CSPs must meet
regularly to review the reports and performance levels. The contract must provide for an
effective mechanism for remedial actions arising from any issues that emerge or non-
compliance.
This principle goes towards maintaining stability in the FSI and ensuring that FIs’ and CSPs’
responsibilities do not finish at the point that a contract is signed but that FIs continue to be vigilant
in compliance throughout the contract lifecycle. Financial Regulators recognise that FIs may need
to outsource certain services but they make it clear that FIs cannot outsource their primary
responsibility for risk and compliance.
CSPs should regularly (e.g. annually) provide FIs with copies of independent third party audit
results that the CSP has obtained, e.g. SSAE 16 SOC1 (Type II) reports. CSPs should also provide
copies of reports of penetration testing that the CSP has carried out or arranged to be carried out
by independent third parties (which will help to support Safe Cloud Principle 4).
FI Checklist:
- Has the CSP given you a full overview of the testing, review and audits that it conducts on a
regular basis? Look for a CSP who is prepared to have their processes verified and be willing
to share independent third party audit results and penetration testing.
- Does the CSP agree to make available to you copies of its independent audit reports? SSAE16
SOC 1 (Type II) reports are a good one to ask for.
- Ensure that the CSP also provides you with real-time and continuous information about the
current availability of the services, history of availability status, details about service disruptions
and outages and scheduled maintenance times.
- Does the CSP provide you with access to a dedicated account manager in order to assist in
the management of performance and problems?
- Does your contract include provision for escalation of issues that arise from the audit and review
process or the ability to participate in the CSP’s product compliance program if they have one?
Examples of regulations and guidelines which underpin this principle:
- MAS Outsourcing Guidelines, Para 6.7.
- MAS TRM Guidelines, Para 5.
8. 10000864-4
8
- MAS Outsourcing Questionnaire.
- HKMA Outsourcing Guidelines, Para 2.1.
- HKMA Outsourcing Guidelines, Para 2.6.
- Banking Ordinance, Seventh Principle.
- APRA Outsourcing Standard, Paras 17 and 37.
- APRA Outsourcing Guide.
3. AUDIT
CSPs must provide FIs and applicable Financial Regulators with audit rights.
In addition to the monitoring, regular reviews and independent reports (set out in Safe Cloud
Principle 2), most Financial Regulators require that CSPs allow the Financial Regulator and, at
times, the FI rights to carry out an inspection of the CSP. This will enable the Financial Regulator
and FI to confirm that CSPs are complying with the requirements set out in these Safe Cloud
Principles and with contractual and business requirements of the FI, rather than just relying on the
information provided by the CSP.
FI Checklist:
- Do you have a contractual commitment from the CSP to allow audits by you and the applicable
Financial Regulators where required? Avoid a CSP who does not provide audit rights for the FI
and applicable Financial Regulators.
- Check the scope of the audit right provided. It should cover audits of the CSP’s facilities,
systems, processes and Data relating to the services.
- To ensure any audit can be undertaken, the CSP must tell you the exact location of its data
centres and exactly where your Data is hosted (see also Safe Cloud Principle 6).
Examples of regulations and guidelines which underpin this principle:
- MAS Outsourcing Guidelines, Para 6.8.
- MAS Banking Secrecy Notice.
- MAS Outsourcing Questionnaire.
- HKMA Outsourcing Guidelines, Para 2.8.
9. 10000864-4
9
- APRA Outsourcing Standard, Para 30.
4. CONFIDENTIALITY AND CERTIFIED SECURITY STANDARDS
CSPs must be certified to have and maintain robust security measures and comprehensive
security policies that meet or exceed international standards (ISO27001 accreditation
should be a minimum). CSPs should use encryption technology that meets or exceeds
international standards to protect and secure the FI’s Data at all times.
Financial Regulators understandably place a lot of emphasis on confidentiality and security, since
this will protect an FI’s reputation and maintain high levels of customer confidence. This principle
is also important to Financial Regulators because it helps to combat the increase in cyber security
threats which can have a material business impact. Therefore, Financial Regulators require FIs to
place strict security requirements on CSPs.
Certification is an important benchmark used by Financial Regulators in measuring security
standards. There is currently no one recognised industry certification specifically for Cloud
Services. However, ISO27001 is generally considered the most appropriate certification given the
high benchmark that CSPs must meet to achieve and maintain it. Other CSP certifications, whilst
not specifically relevant to FIs, can be indicative of industry best practice and should also be taken
into consideration (e.g. if the CSP has been granted authority under FISMA (the US Federal
Information Security Management Act) or is HIPAA compliant).
To help potential customers of Cloud Services evaluate different CSPs, the Cloud Security Alliance
(a not-for-profit organisation) has developed a set of security and privacy criteria called the Cloud
Control Matrix (CCM). Customers can use it to compare different CSPs’ data controls. FIs should
use CSPs who meet the requirements set out in the CCM.
In many countries, in addition to financial services regulations and guidance, maintaining
confidentiality is also a legal requirement imposed by statute and/or by case law and again,
certification is a useful tool to meet this. Privacy Regulations also require organisations to maintain
high levels of security in respect of Personal Data in order to ensure that the privacy of individuals
is safeguarded and Personal Data does not get into the wrong hands.
FI Checklist:
- Is the CSP ISO27001 certified?
- Is the CSP able to meet other recognised industry security standards, for example, those in
relation to FISMA and HIPAA? This will provide a useful indicator to the robustness of the
systems and the competence of the CSP.
10. 10000864-4
10
- What commitments has the CSP given in relation to its security provisions beyond certification?
Commitments should usually cover 24-hour monitoring of physical hardware, secure networks,
encryption of Data in transit and encryption of the hardware being used to host the Data. Look
for a CSP that uses Advanced Encryption Standard encryption.
- Have you checked the CSP and its security commitments against the CCM criteria?
- Does the CSP conduct penetration tests to enable continuous improvement of incident
response procedures? Ask for an explanation as to the testing and frequency of testing in this
respect.
Examples of regulations and guidelines which underpin this principle:
- MAS Outsourcing Guidelines, Para 6.5.
- MAS TRM Guidelines.
- Banking Act, Section 47.
- MAS Banking Secrecy Notice.
- MAS Outsourcing Questionnaire.
- PDPA, Section 24.
- HKMA Outsourcing Guidelines, Para 2.5.
- HKMA Technology Guidelines.
- PDPO, Schedule 1, Data Protection Principles, 4.
- APRA Outsourcing Standard, Paras 21 and 41.
- APRA Data Risk Guide.
- APRA Security Guide.
- APP 11.
5. RESILIENCE AND BUSINESS CONTINUITY
The Cloud Service must be reliable. CSPs must have an effective business continuity plan
with appropriate service availability, recovery and resumption objectives and with regularly
tested and updated procedures and systems in place to meet those objectives. The risks of
downtime should be minimised through good planning and a high degree of system
resilience.
This principle is important to Financial Regulators as service disruption in the FSI can have
significant impact on the wider community. Financial Regulators recognise that service disruptions
can happen but require that the risk of them arising and their effect be minimised through having in
place appropriate business continuity plans and procedures. FIs must ensure such plans and
procedures are in place and regularly tested and updated, to protect against service disruption.
11. 10000864-4
11
FI Checklist:
- Have you reviewed the CSP’s track record on service continuity (e.g. over the past five years)?
Is the CSP able to demonstrate that consistently high levels of service availability have been
obtained?
- Does the CSP give a tangible commitment to high availability of service? A commitment to
uptime of 99.9% is a good measure (measured as the number of minutes the service is
available in a month as a percentage of the total number of minutes in that month). You should
also look for a CSP that financially backs up this commitment in terms of consequences of
failure to meet it.
- Check that the CSP has an “active-active” configuration i.e. if a failure occurs in one server or
data centre, another server or data centre can take its place. Check that the CSP has built
physical redundancy within its servers, within a data centre and across separate data centres
to protect against failures.
- Has the CSP built in redundancy at the Data level by replicating Data across geographically
separate data centres to enable rapid recovery of Data?
- Does the CSP provide service resiliency e.g. using load balancing and constant recovery
testing?
- Does the CSP limit the scope and impact of failure in one service area to that service area so
that other service areas are not impacted?
- Look for CSPs that use simplified service components wherever possible so that there are
fewer deployment and issue isolation complexities.
- Does the CSP provide real and rapid and 24/7 on-call support? This should include access to
engineers, product developers, program managers, product managers and senior leadership?
Examples of regulations and guidelines which underpin this principle:
- MAS Outsourcing Guidelines, Para 6.6.
- MAS BCM Guidelines.
- MAS TRM Guidelines.
- MAS Outsourcing Questionnaire.
- HKMA Outsourcing Guidelines, Para 2.7.
- HKMA Technology Guidelines, Para 5.4.
- HKMA BCP Guidelines.
12. 10000864-4
12
- APRA Outsourcing Standard, Para 23 and 41.
- APRA BCM Standard.
- APRA Data Risk Guide.
6. DATA LOCATION AND TRANSPARENCY
CSPs must disclose exactly where Data will be located. FIs should ensure that the
government policies, economic and legal conditions of the identified locations are safe and
stable.
Financial Regulators typically require that FIs at all times know the exact location where a CSP will
hold, store or process their Customer Data. A CSP’s data centres must be in safe, stable and
secure places, where confidentiality and privacy obligations are observed, upheld and enforced by
the local legal system.
In a number of countries, FIs will also need to know exactly where a CSP will hold, store or process
their Personal Data because Privacy Regulations in those countries typically do not allow FIs to
transfer Personal Data overseas unless the Personal Data will be subject to a similar standard to
the home jurisdiction’s Privacy Regulations. This may require additional contractual commitments
or other safeguards to be put in place.
FI Checklist:
- Has the CSP identified the exact locations where it will hold Data?
- Only use a CSP that will hold Data in safe and stable locations.
- Have you conducted a review to ensure that the government policies, economic and legal
conditions of the identified locations are safe and stable? Some Financial Regulators, such as
the HKMA, for example, require a detailed assessment and legal opinion to be obtained. The
CSP should be able to help with the risk assessment.
- Check whether there are any additional Privacy Regulation requirements in your country that
will impact the transfer of Personal Data to any overseas locations. Make sure you but in place
any necessary contractual or other commitments to ensure that these are complied with.
Examples of regulations and guidelines which underpin this principle:
- MAS Outsourcing Guidelines, Para 6.9.
- MAS Outsourcing Questionnaire.
- PDPA, Section 26.
13. 10000864-4
13
- HKMA Outsourcing Guidelines, Para 2.9.
- HKMA Outsourcing Guidelines, Para 2.9 and PDPO, Section 33.
- APRA Outsourcing Standard, Para 35.
- APRA Outsourcing Guide.
- APP 8.
7. LIMITS ON DATA USE
CSPs should not use FI’s Data for any purpose other than that which is necessary to provide
the Cloud Service. The contract should prevent CSPs from using FI Data for any secondary
purpose at all times.
Financial Regulators generally require that FIs must prohibit CSPs from using Customer Data for
any unauthorised purposes (for example marketing and advertising). This helps to uphold the
confidentiality of Customer Data and prevent it from being misused or disclosed (see Safe Cloud
Principle 4). If a CSP can use Customer Data for other purposes, it compromises the confidentiality
of such data.
Privacy Regulations also typically require that FIs must not allow CSPs to use Personal Data for
any purposes beyond the purpose for which the Personal Data was collected. This requirement
protects individuals’ privacy so that their Personal Data is only used for purposes that the individuals
would expect and have agreed to (i.e. the receipt of banking or other financial services).
FI Checklist:
- Does the CSP commit that it will not use Data for any other purpose? Check, for example, that
the CSP is not using the Data for the purposes of building analytics, data mining or advertising.
You should contractually prohibit CSPs from using Data for any unauthorised purposes.
- Does the CSP commit to apply strict access controls so that access to Data is limited only to
those within the CSP who require access to the Data to provide the Cloud Services? Check
that the CSP reviews these access controls on a periodic basis.
Examples of regulations and guidelines which underpin this principle:
- MAS Outsourcing Guidelines,
- MAS Outsourcing Questionnaire.
- PDPA, Section 18.
- HKMA Outsourcing Guidelines, Para 2.5.2.
- PDPO, Schedule 1, Data Protection Principles, 3.
14. 10000864-4
14
- APRA Outsourcing Standard, Para 21.
- APRA Data Risk Guide.
- APP 3.
8. DATA SEGREGATION/ISOLATION
FI Customer Data must be segregated from other Data held by the CSPs. CSPs must be able
to identify the FI’s Customer Data and at all times be able to distinguish it from other Data
held by the CSP.
Financial Regulators require FIs to ensure their Customer Data is segregated from other Data,
thereby ensuring security and confidentiality of Customer Data is maintained (see Safe Cloud
Principle 4). This ensures that the integrity of Customer Data is preserved. Data segregation will
also help make any termination easier to deal with since all Customer Data can be more easily
returned and deleted (see Safe Cloud Principle 10).
As noted above, Public Cloud and Community Cloud are multi-tenanted models. This means that
multiple customers will be provisioned from shared infrastructure. Multi-tenanted Cloud Services
can still comply with Safe Cloud Principle 8 but only where the CSP has the ability to provide the
services in a highly secure manner, so that data storage and processing for each tenant is
separated.
FI Checklist:
- Does the CSP ensure (and commit) that Customer Data will be segregated from other Data,
especially from any Data of other customers of the CSP? Have they provided detail as to how
this is achieved?
- If you are looking at a multi-tenanted cloud solution, does the CSP segregate Data storage and
processing for each customer so that one customer cannot access another customer’s Data,
held on the same infrastructure? A CSP who is not able to do so does not offer a Cloud Service
that will meet these Safe Cloud Principles.
- Does the CSP have technology specifically designed to safeguard Customer Data so that it
cannot be accessed or compromised by co-tenants? Has the CSP provided you with a robust
and clear explanation as to how it is able to ensure this?
Examples of regulations and guidelines which underpin this principle:
- MAS Outsourcing Guidelines, Para 6.5.
- MAS TRM Guidelines, Para 5.2.
15. 10000864-4
15
- MAS Outsourcing Questionnaire.
- HKMA Outsourcing Guidelines, Para 2.5.2.
- APRA Data Risk Guide.
9. CONDITIONS ON SUBCONTRACTING
CSPs may only use subcontractors if the subcontractors are subject to equivalent controls
as the CSP.
Most CSPs will rely on the use of subcontractors to provide certain support services. This should
not be a problem but Financial Regulators require that subcontractors are not used unless the CSP
ensures that the subcontractor will have equivalent protections and controls in place as the CSP.
This principle ensures continued legal and regulatory compliance no matter who holds the Data or
provides the services.
Privacy Regulations in certain countries also require that sharing Personal Data with subcontractors
is subject to scrutiny to ensure that applicable commitments are met (notably in relation to security,
transfers overseas and use of the Personal Data solely for the specified purposes and on behalf,
ultimately, of the FI).
FI Checklist:
- Has the CSP explained to you how and when it uses subcontractors? You should only use a
CSP who will explain why the subcontractors will have access to the Data.
- Your CSP must be able to provide you with a list of the subcontractors that it uses and with any
updates to this list over time.
- Does the CSP have in place controls to ensure that its subcontractors are subject to equivalent
commitments? Security, confidentiality, limitation on use and transparency of exact location as
well as the other Safe Cloud Principles are all relevant here and the CSP should be able to
demonstrate that these principles are covered.
Examples of regulations and guidelines which underpin this principle:
- MAS Outsourcing Guidelines, Para 6.4.
- MAS Outsourcing Questionnaire.
- PDPA, Section 17.
16. 10000864-4
16
- HKMA Outsourcing Guidelines, Para 2.6.
- PDPO, Schedule 1, Data Protection Principles, 4(2).
- APRA Outsourcing Standard, Para 25 and 26.
- APRA Outsourcing Guide.
- APP 6.
10. CONDITIONS ON TERMINATION
FIs must have appropriate exit provisions in the contract with the CSP. To the extent that
the FI requires, on termination, the CSP must work with the FI to return the FI’s Data to the
FI and then the CSP must permanently delete the Data from the CSP’s systems. Any Data
that does not need to be returned to the FI must be permanently deleted by the CSP.
Upon termination of a Cloud Service contract, Financial Regulators generally require that CSPs
return, delete or destroy Customer Data. This principle helps maintain and safeguard the
confidentiality of Customer Data (see Safe Cloud Principle 4). If a CSP can continue to hold
Customer Data after termination, that information’s confidentiality will be at risk.
In addition, Privacy Regulations in most countries require that Personal Data is deleted or destroyed
when it is no longer required. This requirement protects individuals’ privacy so that their Personal
Data will not be held for longer than is necessary by the CSP.
FI Checklist:
- Does the CSP give a clear contractual commitment that it will work with you to return Data and
then permanently delete it from its systems?
- Look for CSPs that use best practice procedures and a data wiping solution which are compliant
with the National Institute of Standards and Technology’s Guidelines for Media Sanitization (set
out in publication NIST 800-88).
- Check that the CSP uses a destruction process that destroys and renders the recovery of
information impossible for hard drives that cannot be wiped.
- ISO27001 accreditation will help in this respect since it requires secure disposal or re-use of
equipment and disposal of media.
Examples of regulations and guidelines which underpin this principle:
17. 10000864-4
17
- MAS Outsourcing Guidelines, Para 6.4.
- MAS Outsourcing Questionnaire.
- MAS TRM Guidelines.
- PDPA, Section 25.
- HKMA Outsourcing Guidelines, Para 2.5.4.
- PDPO, Schedule 1, Data Protection Principles, 2(3).
- APRA Outsourcing Standard, Para 25.
- APRA Outsourcing Guide, Para 15.
- APP 11.
18. 10000864-4
18
GLOSSARY:
Advanced Encryption Standard. A standard for the encryption of electronic data established by
the U.S. National Institute of Standards and Technology (NIST).
APPs. The Australian Privacy Principles. From 12 March 2014, the Australian Privacy Principles
will apply to FIs.
APRA. The Australian Prudential Regulation Authority. The Australian regulator for FIs.
APRA BCM Standard. A prudential standard made by the APRA under the Australian Banking Act
that all FIs must comply with to deal with contingency issues. A legislative instrument.
APRA Data Risk Guide. Prudential Practice Guide CPG 235 – Managing Data Risk. APRA’s guide
to assist FIs in appropriately managing their data risk.
APRA Outsourcing Guide. Prudential Practice Guide PPG 231 — Outsourcing. APRA’s guide to
assist FIs to comply with the APRA Outsourcing Standard and, more generally, to outline prudent
practices in relation to managing outsourcing arrangements.
APRA Outsourcing Standard. A prudential standard made by the APRA under the Australian
Banking Act that all FIs must comply with when outsourcing a material business activity. A
legislative instrument.
APRA Security Guide. Prudential Practice Guide PPG 234 – Management of security risk in
information and information technology. APRA’s guide to assist FIs in the management of security
risk in information and information technology.
Banking Ordinance. The Hong Kong Banking Ordinance.
Cloud Security Alliance (CSA) Cloud Control Matrix (CCM). The CSA is a not-for-profit, member
driven organisation of leading industry practitioners focused on helping customers make the right
decisions when moving into the cloud. The CSA published the CCM, which provides a detailed
understanding of the security and privacy concepts and principles that are aligned to the CSA’s
guidance.
Cloud Services. See “Overview of Cloud Services”. At its most basic, Cloud Services means on
demand network access to a shared pool of configurable computing resources.
Community Cloud. See Overview Section.
CSP – Cloud Service Provider. A third party that provides Cloud Services.
19. 10000864-4
19
Customer Data. A subcategory of Data. Customer data, which may be defined differently from
jurisdiction to jurisdiction, shall for the purposes of this document be generally taken to mean any
data which relates to a customer of an FI.
Data. When using Cloud Services, FIs may transfer various kinds of data to CSPs, for CSPs to
help, store, destroy, manage and/or process. This data may include FI’s business confidential
information, information about the FI’s clients, personal data relating to the FI’s clients and/or the
FI’s employees. There are two key subcategories of Data: Customer Data and Personal Data.
FIs – Financial Institutions. See Introduction Section.
Financial Regulator. A regulatory body with supervisory authority over FIs e.g. MAS, HKMA and
APRA.
FISMA. The US Federal Information Security Management Act requires US federal agencies to
implement information security programmes. CSP’s may be granted authority to operation under
FISMA by federal agencies. Operating under FISMA requires transparency and frequent security
reporting to federal customers.
HIPAA. The US Health Insurance Portability and Accountability Act. This US law applies to
healthcare entities and governs the use, disclose and safeguarding of protected health information
(PHI) and imposes requirements on covered entities to sign business associate agreements with
their CSPs that have access to PHI.
HKMA. The Hong Kong Monetary Authority. The Hong Kong regulator for FIs.
HKMA BCP Guidelines. Non-statutory guidelines published by the HKMA in its Supervisory Policy
Manual, which the HKMA expects FIs to take into consideration in relation to business continuity
planning.
HKMA Outsourcing Guidelines. Non-statutory guidelines published by the HKMA in its
Supervisory Policy Manual, which the HKMA recommends that all FIs address when outsourcing
their activities.
HKMA Technology Guidelines. Non-statutory guidelines published by the HKMA in its
Supervisory Policy Manual setting out the general principles for technology risk management that
all FIs are expect to consider in managing technology-related risks.
Hybrid Cloud. See Overview Section.
ISO27001. ISO 27001 is a system standard published by the International Organisation for
Standardisation that formally mandates specific security requirements around management,
systems and controls and incident management.
20. 10000864-4
20
MAS. The Monetary Authority of Singapore. The Singaporean regulator for FIs.
MAS Banking Secrecy Notice. MAS Notice 634 to Banks: Banking Secrecy – Conditions for
Outsourcing.
MAS BCM Guidelines. MAS Business Continuity Management Guidelines 2003.
MAS TRM Guidelines. MAS Technology Risk Guidelines 2013. Guide on addressing existing and
emerging technology risks that confront FIs.
MAS Outsourcing Guidelines. MAS Guidelines on Outsourcing 2004 and updated 2005.
MAS Outsourcing Questionnaire. MAS Technology Questionnaire on Outsourcing.
Personal Data. A subcategory of Data. Personal Data (or similar terms in laws or regulations) may
be defined differently from jurisdiction to jurisdiction. For the purposes of this document, it means
broadly any data that relates to an individual, including personally identifying information or
information associated with or derived from an individual’s use of the FI’s financial services or as a
result of the relationship as a customer or employee of the FI.
PDPA. The Singapore Personal Data Protection Act 2012.
PDPO. The Hong Kong Personal Data (Privacy) Ordinance 1995 as amended by the Hong Kong
Personal Data (Privacy) (Amendment) Ordinance 2012.
Privacy Regulations. Regulations that govern the FIs collection, use and disclosure of Personal
Data e.g. the APPs, the PDPA and the PDPO.
Private Cloud. See Overview Section.
Public Cloud. See Overview Section.