What is APRA?
APRA is an independent statutory authority that oversees institutions across banking, insurance, and superannuation and promotes Australia's financial system stability. It is the prudential regulator of the Australian financial services industry. In February 2018, Australia’s Notifiable Data Breach Scheme legislation became a law which introduced new reporting guidelines and penalties for organizations governed by the Australian Privacy Act. In response to this, the Australian Prudential Regulation Authority (APRA) updated its July 2015 paper. APRA stated that this was in response to its observation of the growing usage of cloud computing services by APRA-regulated organizations and the associated rise in risk and vulnerabilities. The update also specified the essential requirements that APRA-regulated entities must implement and maintain for outsourcing regarding cloud computing services. Furthermore, the update ups the bar regarding APRA’s view of cloud practitioners. In July 2015, APRA published an information paper titled’ Outsourcing involving shared computing services. The article focuses on the fundamental principles and prudential considerations that should be considered for utilizing cloud computing services.
APRA + Cloud
Over the past decade, cloud computing has had a significant impact on the financial sector globally. It has helped the banking sector to be cost-effective, reliable, and productive. Cloud infrastructures have reduced the capital expense of buying and setting up hardware and software at data centers. This has allowed organizations of all sizes and levels to utilize elastic and virtually limitless data and network storage. However, together with these benefits, cloud computing also presents profound risks. Security in the cloud servers is a significant risk. Financial institutions must maintain the confidentiality and security of the customer’s financial information and internal company data. Recognizing these risks and thus the momentum at which cloud computing impacts the financial sector, the Australian Prudential Regulation Authority (APRA) has called on regulated entities to implement comprehensive cloud-adoption strategies. These strategies focus on risk assessment, regular assurance processes, and efficient governance. APRA stresses risk assessment and management and its engagement with the APRA regulated entities in this process.
APRA's primary focus is on an entity's ability to continue operations and meet obligations, even in case of any disruption. APRA also stresses that the entity should ensure critical and sensitive data and comply with the legislative and prudential requirements. With the new information security standard CPS 234 recently introduced by APRA, financial institutions like banking, insurance, and superannuation providers must check in on their information security protocols. Cloudanix was built to solve this problem! Cloudanix automates audits that perform various checks consisting of different rules on a wide variety of recipes that we provide. For instance, our AWS recipe of EC2 Audit contains several rules like Public Snapshots, Older Instances Running, Default VPC Not In Use, EC2 IAM Roles, EC2 Instance Counts, and many more. These audit rules help you comply with APRA and takes care of the assurance processes and data security and privacy. Our audit lets you know in the audit report if you are violating APRA. We have many other recipes that ensure you stay APRA compliant and build trust with your customers while we are taking care of your security audits!