Overview:
SEBI released guidelines (Circular no. SEBI/HO/ITD/ITD_VAPT/P/CIR/2023/033) on March 6, 2023, for entities regulated by SEBI, known as Regulated Entities (REs), regarding the use of cloud services. These guidelines establish a framework for REs to ensure security and regulatory compliance when implementing cloud solutions. REs must conduct a thorough risk assessment and implement mandatory control measures before adopting cloud services. Adhering to these guidelines helps REs manage risks effectively, ensuring security and compliance.
The framework requires regulated entities to bolster cloud data security with specific provisions:
- Compulsory use of Hardware Security Modules (HSM) and Key Management Systems (KMS): Regulated entities must employ HSM and KMS to securely store encryption keys, safeguarding data in the cloud.
- In-use data protection through encryption: Encryption must be applied to data during processing or usage in the cloud to prevent unauthorized access or breaches.
- Retention of key control in cloud services: Regulated entities should maintain control over encryption keys in cloud services through two methods:
- Bring-Your-Own-Key (BYOK): Entities bring and manage their encryption keys, enhancing data security.
- Bring-Your-Own-Encryption (BYOE): Entities use their encryption mechanisms, maintaining control over the encryption process and keys for data protection.
How JISA Softech Can Help?
JISA Softech provides comprehensive solutions that empower your organization to effectively tackle the challenges presented by the Framework for the Adoption of Cloud Services. As organizations transition their applications to new infrastructures, it becomes crucial to have a comprehensive solution that can safeguard data both on-premises and in the cloud. JISA Softech offers comprehensive solutions like Hardware Security Module, Key Management, Encryption, and Tokenization solutions designed for hybrid and cloud-native applications.
Securing Data at rest and in motion
We secure data at rest and in motion using column-level and application-level encryption. This strategy encrypts files but keeps metadata unencrypted, enabling cloud service providers to perform tasks without accessing sensitive data. This balance ensures smooth management while protecting confidentiality.
Securing cryptographic keys
We secure cryptographic keys using CryptoBind HSM, a dedicated Hardware Security Module. It offers a secure environment for key management and cryptographic operations. With CryptoBind HSM, organizations retain full control over their keys, preventing CSP access and ensuring ownership and control of cryptographic assets.
Cryptographic key management:
CryptoBind KMS is a centralized solution for automated key updates and distribution across various applications. It manages the lifecycle of symmetric and asymmetric keys, supporting robust business processes and compliance with audits.
Bring your own key :
By offering BYOK, JISA Softech places the power of key ownership back into the hands of customers. With the ability to bring their own master keys, organizations can establish their key management policies and enforce strict access controls. This level of control ensures that only authorized entities can access and decrypt
the data, reducing the risk of unauthorized access and potential data breaches.
Bring your own Encryption:
In the BYOE framework, the Hardware Security Module (HSM) serves as an intermediary between the organization and the storage systems of the Cloud Provider. Additionally, the HSM manages all cryptographic processing tasks.
