According to Gartner, worldwide end-user spending on public clouds could reach almost $500 billion in 2022. In addition to the financial benefits (cost effectiveness), cloud computing offers more scalability, flexibility, mobility, and operational efficiency. For various reasons, it is very obvious that storing and analyzing data on the cloud is at the core of digital transformation.
And that’s why Indian commercial banks want the regulator, the Reserve Bank of India (RBI) to lay down a clear set of security and compliance guidelines that would allow Indian banks to adopt cloud computing in a big way.
Grappled with falling margins, accumulating non-performing assets, and declining efficiency ratios due to business disruption caused by the Fintech industry, Indian banks and financial institutions require outsourcing guidelines from the RBI on hiring cloud-based services.
Indian financial institutions depend on MeiTy (The Ministry of Electronics and Information Technology) and TRAI. However, due to the sensitive nature of business (confidential data of customers), commercial banks are looking for explicit guidelines from the Central Bank. They want to have clear regulatory mandates on the protocols to be followed when data is saved on a cloud, according to ET, which cited a report being submitted by banks to the regulator.
Cloud Security and Compliance Guidelines
As we have discussed before, it is important to have data security standards and compliance guidelines to ensure that financial institutions migrating workloads to the cloud are in a position to mitigate the insider and third-party threats to sensitive data.
Compliance standards such as FedRAMP in the US, for instance, clearly lays down the guidelines for the federal agencies that manage data in third-party cloud service providers’ infrastructure. These well-defined sets of policies are explicit on what protocol needs to be followed for authentication, authorization and audits when data is hosted on cloud.
Lack of guidelines will not only discourage financial institutions to migrate data to the cloud, but will also make them vulnerable to data breaches. In this backdrop, banking organizations from the Indian subcontinent are in the soup. The dominant and prominent RBI guidelines for IT security compliance are yet to have any clear set of rules for organizations that want to host data on a cloud or anything exclusive to the IaaS infrastructure.
Hence, even if the organizations are ready to migrate to cloud platforms, the security and compliance aspects raise questions. For the BFSI industry, a well-explained policy of do’s and don’ts can definitely help organizations to stay secure from emerging IT threats. In India, many organizations are eager to switch IT operations from on-prem datacenter to cloud services, but there are uncertainties due to ambiguity over the compliance framework.
We believe that this is the right time for the regulatory authorities to provide clear guidelines on this matter. These guidelines will:
- Help to boost the productivity of the banking industry as well as its profitability
- Remove ambiguity over what protocols need to be followed when migrating data to cloud
- Fasten the pace of digital transformation
- Build a compliance framework for data security on cloud
- Create a resilient banking ecosystem
The regulatory authority must urgently look into the challenges faced by Indian high-street banks and quickly provide explicit mandates in order to enable them to reap the benefits of digital transformation.