MAS + Cloud
The primary focus of MAS-TRM is access control and encryption of confidential data. Since MAS recognizes cloud services as a form of outsourcing, it is the customer’s job to ensure they follow the best practices. MAS guidelines state encrypting sensitive or confidential information before it is transported offsite for storage. MAS guidelines also recommend that confidential information stored on IT systems, servers, and databases should be encrypted and protected through strong access controls, bearing in mind the principle of “least privilege”. Grant access rights and privileges should be given based on job responsibility. As such, no one should have any intrinsic right to access confidential data by virtue of rank or position. MAS recommends financial institutions maintain audit logging of system activities performed by privileged users and, at the same time, disallow privileged users from accessing systems logs in which their activities are being captured.