You are here

Cyber panel flags concentration risk in cloud technology for banks, insurers

colin-mas2-2.jpg
The Cyber Security Advisory Panel, which advises the Monetary Authority of Singapore (MAS) on cyberthreats, on Tuesday flagged the rising concerns about concentration risks as a growing number of financial services are now relying on a limited pool of cloud service providers.

THE Cyber Security Advisory Panel, which advises the Monetary Authority of Singapore (MAS) on cyberthreats, on Tuesday flagged the rising concerns about concentration risks as a growing number of financial services are now relying on a limited pool of cloud service providers.

The panel met with the regulatory body as well as representatives from the banking and insurance industries in Singapore to discuss concerns over cloud technology and the trend of using open plugged-in code from third-party partners, or open application programming interfaces (API).

In a press statement, MAS said that the panel suggested that financial institutions should implement ways to secure data stored on the cloud and their network connections to the cloud service provider. Meanwhile, cloud service providers should be more transparent with their customers on how they implement security measures to protect their systems and information.

That being said, the panel also recommended that small and medium financial institutions can tap on "reputable" public cloud services to get cost savings, system scalability and speed to market, without compromising on cyber security.

sentifi.com

Market voices on:

In its second annual meeting, the panel discussed how banks and insurers are actively making their APIs available to third parties such as service providers and business partners. APIs are sets of code issued by a business or institution that determine how one application communicates with another. For example, a Google Maps API enables app developers to embed Google Maps in Web pages. With APIs, software developers save on time needed to build new apps, and can update the information embedded.

But the panel flagged that as APIs expose financial institutions to higher risks of cyberthreat, banks and insurers should be monitoring for suspicious events that arise from the use of API services.