Why in News?
- The Securities and Exchange Board of India (SEBI) unveiled a framework for the adoption of cloud services by stock exchanges, clearing corporations and other regulated entities (REs).
What in Today’s Article?
- What is the Background behind the Unveiling of the Framework?
- What is the Framework for Adopting Cloud Services?
What is the Background behind the Unveiling of the Framework?
- Cloud computing refers to the on-demand delivery of computing services (storing, managing and processing data, running applications and other software) over the internet or a network of remote servers.
- Instead of buying and maintaining computer products and services, one can pay to use a cloud computing service saving the time, effort and cost of doing it.
- It is becoming increasingly popular for delivering IT services, thanks to its scalability, ease of deployment, and lower maintenance costs.
- However, it also introduces new cyber security risks and challenges that businesses need to be aware of.
What is the Framework for Adopting Cloud Services?
- A crucial addition to SEBI’s existing guidelines on cloud computing, the framework will cover -
- Governance, Risk and Compliance (GRC),
- Selection of Cloud Service Providers (CSPs),
- Data ownership and data localisation,
- Due-diligence by REs,
- Security controls,
- Legal and regulatory obligations, etc.
- The main objective of the framework is -
- To identify and address the critical risks associated with cloud computing and
- To establish mandatory control measures that REs must implement before adopting cloud services.
- The framework will come into force immediately for all new or proposed cloud onboarding assignments or projects of the REs.
- For REs that are currently availing cloud services should ensure that wherever applicable, all such arrangements are revised and they should be in compliance with the framework within 12 months.