The Securities and Exchange Board of India (SEBI) introduced a new cloud framework for its regulated entities (REs)* on March 6, 2023. This framework is aimed at enabling REs to adopt cloud while maintaining data security, privacy, and regulatory compliance. In this article, Asish Karunakaran, Vice President and Head of Financial Services Cloud at Tata Communications, will discuss the key takeaways from the SEBI advisory framework.
It’s essential for REs* to optimise cloud-enabled transformation and achieve holistic operational efficiency and transformation. After all, the varied benefits of cloud will shape the future of how services are delivered by these entities.
In this regard, SEBI’s cloud framework provides a comprehensive set of guidelines for REs* to safely unlock value at scale with cloud.
Key takeaways from the SEBI advisory framework
The new SEBI guidelines should be viewed as an extension of the existing framework, although this can sometimes be challenging for REs*, particularly those who are new to the cloud.
Here are some of the crucial takeaways from the latest SEBI guidelines:
- Mandatory empanelment with the Ministry of Electronics and Information Technology (MeitY): REs* must only choose the services of cloud service providers (CSPs) that are empanelled with MeitY and hold valid STQC audit status, because they’re solely accountable for the confidentiality, integrity and security of their data. As such, REs* are required to perform a detailed due diligence before selecting the CSPs. They must also ensure they’re continuously adhering to the guidelines and controls prescribed by regulators, including encryption requirements, log retention, isolation and auditability.
- Mandatory establishment of security operations centres (SOCs): All cloud deployments made by REs* should be monitored and managed through SOCs. These include all in-house, third-party and managed cloud services.
- Keeping data within the geographical boundaries of the nation, country risk and concentration risk: Data localisation is one of the significant mandates of SEBI. REs* must ensure that onboarding CSPs to adopt cloud doesn’t compromise data integrity and security. The entities are required to have adequate contingency and exit strategies to mitigate risk to the country.
- Anytime auditability by SEBI or Government of India -certified bodies: SEBI has been steadfast about auditability. The framework clearly states that SEBI and other GOI-certified regulators have complete authority to conduct audits of REs* data logs and their cloud adoption practises at any time. This mandate brings the entire cloud chain – the REs*, the CSPs and the third parties – under the ambit of SEBI and GOI.
- Seizure of CSP resources if necessary: The framework even goes one step ahead and states SEBI can seize logs, hardware, and any other resource deemed necessary in their pursuit for transparency and weeding out irregularities. REs* must accept this mandate to comply with the framework.
- Mandatory tripartite agreement between the REs*, CSPs and CSP vendors/partners: For the new mandates to bear desired results, SEBI has also instructed REs* to enter three-way agreements with their CSPs and third-party stakeholders. This is to ensure that all parties are on the same page and the cloud journey is both fruitful and secure.
- Mandatory exit strategy: REs* using Software as a service (SaaS) and Platform as a service (PaaS) tend to rely heavily on native cloud capabilities, thereby increasing risk of vendor lock in. Hence, the framework emphasises that REs* must have an exit strategy in place to mitigate any future risks. This means that REs* should adopt an extremely cautious approach while selecting a cloud provider, as well as at the time of designing the stack and the services going to be consumed.
Relevance of private and community cloud
In alignment with SEBI’s framework, a hybrid of private and community cloud is more suitable for maintaining compliance with ever evolving regulatory guidelines. This is because while public cloud alone offers more capabilities, it’s also reliant on native capabilities which leave REs* more vulnerable to data breaches and security lapses.
However, private and community cloud provide significant advantages over public cloud since its offers flexibility in aligning controls and compliance with stringent guidelines from regulators. Here are some of the essential benefits of private and community cloud for REs*:
- Control: Private and community cloud can allow REs* to have enhanced control over their data and information. This is key for them to always secure their data assets, as prescribed by SEBI.
- Security: Unlike public cloud, private and community cloud enable REs* to remain on top of their data and user controls without heavily relying on third parties and external stakeholders.
- Customisation and compliance: These are important advantages as REs* have greater freedom to customise their cloud operations in compliance with the SEBI guidelines.
- Predictability and cost control: Private and community cloud operates in a niche environment which allows deliverables and services to be highly customisable. And in turn, this enables control on the cost.
In conclusion
SEBI’s cloud adoption framework is a positive development for the financial sector in India. With the increasing adoption of cloud technology in the sector, it’s essential that appropriate safeguards are in place to protect sensitive data. SEBI’s framework addresses this and paves a way towards a more secure and efficient financial sector in India by guiding REs* with a clear roadmap for adopting cloud while keeping data secure and staying compliant.
As highly skilled domain experts with years of experience and in-depth knowledge of the financial services industry, Tata Communications can partner with you on your cloud journey. We thrive on the principles of focused customer centricity, enhanced operational interoperability, strengthened core competencies, and improved compliance and governance.
Our private, industry specific cloud solutions are aimed at helping our clients optimise their data, ensure complete security and maintain compliance with changing guidelines. Based on these, our team can help you expedite and optimise cloud adoption in line with SEBI’s guidelines.
Learn how Tata Communications’ IZO™ Financial Cloud Services can help you create a cloud ecosystem that is purpose built for your business, while ensuring you stay compliant with all regulatory requirements.
*Please Note: The advisory is applicable to the below REs:
- All Stock Exchanges
- All Clearing Corporations
- All Depositories
- All Stockbrokers through Exchanges
- All Depository Participants through Depositories
- All Mutual Funds / Asset Management companies / Trustee Companies / Boards of Trustees of Mutual Funds / Association of Mutual Funds of India
- All KYC registration agencies
- All Qualified registrars to an issue / share transfer agent
Transformational Hybrid SolutionsOur cloud-enablement services offer the best performance on your traffic-heavy websites or mission-critical applications.
Core NetworksTata Communications™ global IT infrastructure and fibre network delivers the resources you need, when and where you need them.
Network Resources  
Unified Communications As A ServiceBreak the barriers of borders efficiently and increase productivity with Tata Communications’ UC&C solutions.
Global SIP ConnectEmpower your business with our SIP network and witness it grow exponentially.
InstaCC™ - Contact Centre As A ServiceCloud contact centre solutions for digital customers experience and agent productivity.
DIGO – Communications Platform as a ServiceDIGO is an in-network cloud communications platform, enabling you to power up converged contextual human-to-everything conversations globally.
Unified Communication Resources Case studies, industry papers and other interesting content to help you explore our unified communications solution better.
IoT SolutionsThe Internet of Things is transforming the way we experience the world around us for good. Find out more about our Internet Of Things related solutions here.
Mobility SolutionsTata Communications’ mobility services enable your enterprise to maintain seamless communication across borders, with complete visibility of cost and usage.
Multi-Cloud SolutionsWith enterprises transitioning to a hybrid multi-cloud infrastructure, getting the right deployment model that yields ROI can be a daunting task.
Cloud ComplianceCompliant with data privacy standards across different countries and is also designed to protect customers’ privacy at all levels.
IZO™ Cloud Platform & ServicesIZO™ is a flexible, one-stop cloud enablement platform designed to help you navigate complexity for more agile business performance.
Managed Infrastructure ServicesIntegrated with our integrated Tier-1 network to help your business grow efficiently across borders.
Cloud PartnersWe support a global ecosystem for seamless, secure connectivity to multiple solutions through a single provider.
Governance, Risk, and ComplianceRisk and Threat management services to reduce security thefts across your business and improve overall efficiencies and costs.
Cloud SecurityBest-in-class security by our global secure web gateway helps provide visibility and control of users inside and outside the office.
Threat Management - SOCIndustry-leading threat-management service to minimise risk, with an efficient global solution against emerging security breaches and attacks.
Advanced Network SecurityManaged security services for a predictive and proactive range of solutions, driving visibility and context to prevent attacks.
Cyber Security ResourcesCase studies, industry papers and other interesting content to help you explore our securtiy solution better.
Hosted & Managed ServicesTata Communications provide new models for efficient wholesale carrier voice service management. With our managed hosting services make your voice business more efficient and better protected
Wholesale Voice Transport & Termination ServicesYour long-distance international voice traffic is in good hands. End-to-end, voice access & carrier services which includes voice transport and termination with a trusted, global partner.
Voice Access ServicesTata Communication’s provide solutions which take care of your carrier & voice services, from conferencing to call centre or business support applications.
CDN Acceleration ServicesOur CDN Web Site Acceleration (WSA) solution helps deliver static and dynamic content, guaranteeing higher performance for your website.
CDN SecuritySafeguard your website data and customers’ information by securing your website from hacks and other mala fide cyber activities.
Video CDNDeliver high-quality video content to your customers across platforms – website, app and OTT delivery.
Elevate CXIncrease customer satisfaction while empowering your service team to deliver world-class customer experience and engagement.
Live Event ServicesTata Communications’ live event services help battle the share if eyeballs as on-demand video drives an explosion of diverse content available on tap for a global audience.
Media Cloud Infrastructure ServicesTata Communications’ media cloud infrastructure offers flexible storage & compute services to build custom media applications.
Global Media NetworkTata Communications’ global media network combines our expertise as a global tier-1 connectivity provider with our end-to-end media ecosystem.
Use CasesUse cases of Tata Communications’ Media Entertainment Services
Remote Production SolutionsMedia contribution, preparation and distribution are highly capital-intensive for producers of live TV and video content, and their workflows are complex.
Media Cloud Ecosystem SolutionsThe Tata Communications media cloud infrastructure services offer the basic building blocks for a cloud infrastructure-as-a-service.
Global Contribution & Distribution SolutionsTata Communications’ global contribution and distribution solution is built to reduce capital outlay and grow global footprint.
Satellite Alternative SolutionsAs more and more consumers choose to cut the cord & switch to internet-based entertainment options, broadcasters are faced with capital allocation decisions.
LeadershipA look into the pillars of Tata communications who carry the torch and are living embodiment of Tata’s values and ethos.
Culture & DiversityHere at Tata Communications we are committed to creating a culture of openness, curiosity and learning. We also believe in driving an extra mile to recognize new talent and cultivate skills.
OfficesA list of Tata Communications office locations worldwide.
SustainabilityTata Communications adopts a holistic approach and harnesses the power of new-age technologies like 5G, IoT and AI to build a sustainable digital world.
FAQCheck out our FAQs section for more information.
BoardHave a look at our board of members.
ResultsFind out more about our quarterly results.
Investor PresentationsFollow our repository of investor presentations.
FilingsGet all information regarding filings of Tata communications in one place.
Investor EventsAll investor related event schedule and information at one place.
GovernanceAt Tata, we believe in following our corporate social responsibility which is why we have set up a team for corporate governance.
SharesGet a better understanding of our shares, dividends etc.
SupportGet all investor related contact information here.
Oracle
Amazon Web Services
Microsoft
Google Cloud
IBM Cloud
Salesforce
Alibaba Cloud
Digital Futures
Smart Cities
Corporate Venturing and Innovation
