Cloudanix

Monetary Authority of Singapore

MAS

What is MAS ?
The Monetary Authority of Singapore (MAS) is the central bank and financial regulatory authority of Singapore that published Technology Risk Management (TRM) Guidelines to help financial firms establish sound technology risk management, strengthen system security, and safeguard sensitive data and transactions. MAS recognizes cloud services as a form of outsourcing. The TRM guidelines contain best practices for financial institutions conducting business in Singapore. While MAS compliance is voluntary, it is widely used as a benchmark for assessing financial institutions' risk.

MAS + Cloud

The primary focus of MAS-TRM is access control and encryption of confidential data. Since MAS recognizes cloud services as outsourcing, customers must ensure best practices are followed. MAS guidelines state that sensitive information must be encrypted before offsite transport and protected on IT systems, servers, and databases through strong access controls, following the principle of “least privilege.” Access rights should be granted based on job responsibility — no intrinsic access should be granted by rank or position. Financial institutions should maintain audit logging of privileged user activities while disallowing privileged users access to logs capturing their actions.

Why Cloudanix?

Although MAS TRM guidelines are not legally binding, they serve as a key benchmark in assessing financial institutions' risks. Compliance helps prevent malicious insider attacks such as breaches or data leaks, which could lead to significant financial and reputational losses. Cloudanix helps you achieve MAS compliance and secures your cloud infrastructure by automating audits with rules that enforce TRM guidelines. For example, our AWS EKS audit recipe includes rules for Non-public Endpoints, EKS Security Groups, ECR Private Repo, and more. These audits detect infringements in access control and privilege management, ensuring you follow MAS security best practices while Cloudanix manages your security audits.

Ready to see your graph?

Connect a cloud account in under 30 minutes. See every finding rooted in identity, asset, and blast radius — with a fix path attached.

Book a Demo

CLOUDANIX

Insights from Cloudanix

Explore guides, checklists, and blogs that simplify cloud security and help you secure your infrastructure.

AI Code Remediation

Learn how AI code remediation automates the process of finding and fixing software vulnerabilities. Discover various techniques for intellig…

What is Code Security?

Learn about code security fundamentals, OWASP Top 10, security tools like SAST/DAST, and best practices for embedding security throughout th…

Read the blog

Cloudanix docs

Cloudanix offers you a single dashboard to secure your workloads. Learn how to set up Cloudanix for your cloud platform from our documentati…

Take a look

Write Vulnerability-Free Code

A comprehensive guide to secure coding practices, covering vulnerabilities, prevention techniques, and industry standards

Know more

Changelog

A complete history of changes, improvements, and fixes for Cloudanix. Subscribe to get notified about the latest updates.

View Changelog

Privacy by Design

A framework for embedding privacy into the entire product development lifecycle, ensuring it is a proactive consideration, not an afterthoug…

Read the blog