Overview
In 2023, the Securities and Exchange Board of India (SEBI) introduced a new framework for the adoption of cloud services by SEBI-regulated entities (REs). The purpose of this framework is to enhance data security and privacy by ensuring that sensitive financial information is securely managed in the cloud environment. The framework mandates the use Hardware Security Modules (HSM) and Key Management Systems (KMS) to store encryption keys and safeguard cloud data. Additionally, REs are required to protect "in-use" data through encryption and maintain control over their encryption keys when using cloud services, either through Bring-Your-Own-Key (BYOK) or Bring-Your-Own-Encryption (BYOE) approaches. Those measures bolster the overall security posture and ensure that data stored and processed in the cloud remains secure and compliant.
How Fortanix Helps
Fortanix delivers essential data security capabilities through a unified platform, enabling financial organizations and their ICT providers to identify at-risk services, prioritize remediation efforts, and safeguard sensitive data across all layers and systems—both on-premises and in the cloud.
Cryptographic Posture Management
Improve operational resiliency. Discover, assess, and remediate your encryption key vulnerabilities with powerful insights into your cryptographic security posture across multi-cloud and on-prem environments for a complete inventory and visibility into security gaps.
Data Encryption and Tokenization
Build resilient ICT risk management foundation. Encrypt data across databases, virtual machines, filesystems, and multi-cloud for complete security and compliance without performance loss and at scale. With data tokenization in place, replace sensitive data to prevent data exposure while putting it work.
Encryption Key Management
Centralize and simplify key lifecycle management for hybrid mutlicloud in a single-pane-of-glass. Store keys in natively integrated FIPS 140-2 level 3 certified HSM, available on-premises or SaaS.
Zero Trust Architecture
Manage ICT 3rd party risk with Granular Role-Based Access Controls and other advanced operational and security features ensure that only authorized users can access encryption keys or see decrypted data for a specified duration of the business case.
Featured Resource
The Securities and Exchange Board of India (SEBI) Framework for Cloud Services Adoption
Highlights
Stay up to date with the latest developments.
