Source: www.sourcedgroup.com

CTRAG – A Walkthrough
Cloud adoption for financial services is well underway globally, and with the impending release of the Cloud Technology Risk Assessment Guidelines (https://www.bnm.gov.my/documents/20124/938039/ED_CTRAG_20220603.pdf) the central bank of Malaysia is moving to ensure that both Institutional and Neo banks under its jurisdiction are provided with clear and updated guidelines as they embrace the move to the cloud. While the current Risk Management in Technology (RMiT) is still relevant and a solid foundation for IT operations in general, the CTRAG expands on the RMiT Cloud Services section. First impressions are its guidelines are generally forward-thinking, in line with the challenges and disruption that come with cloud adoption.

There is a call out in the section for financial institutions to understand the shared responsibility model and how it varies between the Cloud Service Provider (CSP) and the financial institution when adopting different cloud services (Infrastructure-as-a-Service/IaaS, Platform-as-a-Service/PaaS, and Software-as-a-Service/SaaS).

CTRAG suggests that risk management strategies should be tailored to cloud service models – a crucial point we strongly echo.

Related Articles