On growing use and demands for high speed internet and cloud computing technologies in banks and all financial service related sector Bangladesh Bank (BB) issued a set of guidelines for safety and security.
In this regard the central bank's Banking Regulation and Policy Department sent letters to all the chief executive officers and managing directors of banks, financial institutions, mobile financial services providers, payment systems providers and all other financial service providers asking to follow the newly set guidelines on Thursday.
The BB guideline on cloud computing aims for financing systems is to maintain a strong firewall, restrict intruders in financial systems, to avoid risks and to build a strong information technology infrastructure in financial sectors.
It directs the banks and all financial service providers to ensure a safe and secured cloud computing within 31 December this year as per guidelines.
The BB circular states over the recent years, Cloud Computing has created advantages in scale, resource elasticity, organizational agility, and operational resiliency.
Cloud Computing enables banks and other financial institutions to respond rapidly on customer demands for products and experiences.
Trust in an effective financial system is crucial for a fully functioning economy. Cloud Computing is gaining increased use in recent years as Bank, Non-Bank Financial Institution (NBFI), Mobile Financial Service Provider (MFSP), Payment Service Provider (PSP), Payment System Operator (PSO) and other financial service providers seek to get relative easy access to new technologies and also achieve immediate economies of scale.
However, the organizations remain accountable for their overall end to end delivery of business activities, including any outsourced components.
From a business strategy perspective, updated applications and platform transformations are significantly simpler on a cloud system.
Cloud Computing should be effectively managed to identify risks and monitor any industry concentration to mitigate risks to the overall financial stability of the economy.
This guideline is applicable to Bank, NBFI, MFSP, PSP, PSO and other financial service providers. Throughout this guideline all these institutions will be termed together as "The Organization".
This guideline addresses the approach and principles necessary for adoption of Cloud Computing by the Organization. However, this guideline does not prescribe or recommend any specific Cloud Computing service, service arrangement, service agreement, service provider or deployment models.
The Organization must perform their own analysis to determine if cloud computing meets their strategic aims whilst managing any associated risks and compliance with regulatory requirements.
The BB letter also states that the main objectives of the cloud guidelines are to establish a minimum baseline for management of Cloud Computing in the Organization based on the following key areas: a. To ensure proper due diligence while using Cloud Computing. b. To ensure security and data privacy requirements. c. To ensure interoperability and portability of data and services between intra cloud environments. d. To ensure the roles and responsibilities of the relevant parties. e.
To ensure organizational security, privacy and its computing requirements. f. To ensure a secure environment for processing of data. g. To ensure awareness of stakeholders roles and responsibilities for protection of information in cloud environment. h. To ensure business continuity, resilience and recovery capabilities. i. To ensure effective Cloud Service Provider (CSP) management. j. To ensure the best practices (industry standard) of the usage of technology.
Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
The three main Cloud Computing models are Infrastructure as a Service (IaaS), Software as a Service (SaaS), and Platform as a Service (PaaS). Cloud Backup: Cloud backup is the process of backing up data to a remote cloud-based server.
