Singapore regulator casts doubt on banking clouds

By on
Singapore regulator casts doubt on banking clouds

Too risky, says Monetary Authority of Singapore.

Banks considering using third party cloud computes for core applications are likely to meet strong opposition from regulators, according to an executive at the Monetary Authority of Singapore.

Tony Chew, director of technology risk at the Monetary Authority of Singapore told a security conference in the United States that regulators were unlikely to allow a bank to put customer data into the cloud without significant due diligence, pointing out that in Singapore such behaviour could be punished with a three year jail term and a hefty fine.

"[Cloud] vendors do not understand the regulatory system and laws applying to financial services," he told McAfee's Focus 2010 security conference in Las Vegas.

Chew also pointed to outages that have affected Amazon Web Services, Google App Engine, and Microsoft Azure, suggesting that there would be a huge loss of confidence in a bank that could not continue to process transactions.

Chew was also concerned by what he termed the 'nested cloud' - scenarios in which cloud providers use services from other providers to deliver a service. A hypothetical example would be an application offered by one provider that runs on virtual servers from Rackspace and uses storage from Amazon S3.

Chew pointed to disclosures in US SEC 10-Q filings by various cloud providers as examples of further cause for concern.

Rackspace's filing, he said, notes that the majority of its customers do not pay the extra fees charged for disaster recovery services. Rackspace customers have experienced interruptions in service, he said.

"How could a bank use such a facility?" he asked, noting that 10-Q filings by Google and Salesforce.com (among others) contain similar disclosures.

While legal requirements differ between countries, regulators generally require financial institutions to demonstrate the reliability, availability, resiliency and recoverability of their systems.

In Australia, this process is overseen by the Australian Prudential Regulatory Authority (APRA) via a series of published guidelines.

The Monetary Authority of Singapore has also issued various sets of guidelines to financial institutions. Among its requirements is the mandatory use of two-factor authentication for online banking sevrices - which Chew said has practically eliminated Internet banking fraud in Singapore. He expects to add specific guidelines around cloud computing to the list in 2011.

The writer travelled to Las Vegas as the guest of McAfee.

Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

You must be a registered member of iTnews to post a comment.
| Register

Poll

New Windows 10 users, are you upgrading from...
Windows 8
Windows 7
Windows XP
Another operating system
Windows Vista
How should the costs of Australia's piracy scheme be split?
Rights holders should foot the whole bill
50/50
ISPs should foot the whole bill
Government should chip in a bit
Other
View poll archive

Whitepapers from our sponsors

What will the stadium of the future look like?
What will the stadium of the future look like?
New technology adoption is pushing enterprise networks to breaking point
New technology adoption is pushing enterprise networks to breaking point
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
The next era of business continuity: Are you ready for an always-on world?
The next era of business continuity: Are you ready for an always-on world?

Log In

Username:
Password:
|  Forgot your password?