Securities and Exchange Commission of Pakistan (SECP) warns all businesses in Pakistan regarding the selection of cloud service providers. It has issued cloud adoption guidelines for Incorporated Companies/Business Entities that will apply to all companies registered with SECP under the Companies Act 2017, Securities Act 2015, Insurance Ordinance 2000, and NBFC Regulations 2008.
SECP warns businesses against Indian and Israeli servers
The SECP said that while selecting Cloud Service Providers, all business entities must remain vigilant that their selected service providers do not offer services via data centers located in hostile countries such as India and Israel. SECP also stressed the businesses entities for early enforcement of guidelines. Moreover, these guidelines pertain to the all-new IT, migrating legacy applications, and data to the cloud.
SECP’s cloud adoption guidelines to counter cyberattacks
According to the SECP’s Cloud Adoption Guidelines issued for Incorporated Companies/Business Entities, Cloud Computing is a technological framework that offers convenient, on-demand access to a shared pool of resources such as servers, storage, and applications, over the internet.
The commission has stated that the business entities must thoroughly study all service providers before deciding which one to choose. The organization should assess if the cybersecurity requirements are met by the Cloud model under consideration. The requirements should then be evaluated by comparing them with Pakistan Cloud-First Policy 2021, National Cybersecurity Policy 2021, sector-specific guidelines, authentication requirements, and other specific cybersecurity measures and regulations.
Businesses supervised by sector-specific regulators must comply with the guidelines
The BEs incorporated with the SECP but overseen by sector-specific regulators need to confirm compliance with sector-specific guidelines on Cloud-based services by their regulators.
Services such as cloud storage and email are offered free of cost, the SECP has advised that if they reach the maximum limit they can simply pay a small amount of fee. Moreover, it is to be noted that some cloud service providers offer free trials hence BEs must be extremely careful before considering purchasing such cloud services. The SECP’s cloud adoption guidelines aim to ensure that all BEs utilize all the best cloud services without facing any security risks.
The SECP said that there is a strong demand for cloud adoption by BEs for cloud-based server capacity, information and database management, security, system, and user access management, ERP, CRM, and collaboration tools. Throughout the adoption process, BEs need to focus on the areas of trust, security, legal, compliance, and organizational issues.
Source: Pro Pakistani