Cyber Security Solutions for Compliance

Compliance requirements for RBI, SEBI & IRDAI Regulated Industries.

RBI Guidelines for Banks

The Reserve Bank of India (RBI) has guidelines for banks to ensure the security of customer data. These guidelines include:

Encryption

Banks must use encryption to protect customer data while it's being stored and transmitted.

Access controls

Banks must implement access controls to ensure that only authorized personnel can access customer data.

Data protection policies

Banks must have clear policies and procedures for handling and processing customer data

SEBI Cyber Security Framework for Equity Trading Platform

The new framework requires regulated entities to Deploy HSM

Compulsorily use Hardware Security Modules (HSM) and Key Management Systems (KMS) to store encryption keys and to secure cloud data effectively.

Ensure "In-use" data protection through encryption.

Retain control of keys when using cloud services, using either Bring-Your-Own-Key (BYOK) or Bring-Your-Own-Encryption (BYOE) approaches.

IRDAI Information and Cyber Security Guidelines for Insurance Company

Cyber Security Policy, Security Domain Policy, Section 2.12 – ‘Cryptographic Controls’

Organization shall ensure that the cloud service provider support Key Management Interoperability Protocol (KMIP). KMIP provides a standardized way to manage encryption keys across diverse infrastructures.

Organization shall prefer Hardware encryption keys, in compliance with the Federated Information Processing Standard (FIPS) 140 2-3 and above, whenever compatible.

Organization shall devise encryption, key management procedures in accordance with the already existing Organization’s information security policy for the following:

  • PTo encrypt data in transit, at rest, backup media
  • PTo Secure key store
  • PTo protect encryption keys
  • PTo ensure encryption is based on industry/government standards
  • PTo Limit access to key stores
  • PKey backup and recoverability
  • PTo test these procedures

Data Security Solution – Fortanix

Fortanix provides a centralized, single point of control and management of encryption keys across hybrid multicloud environments.

One Unified Data Security Platform

A powerful, agile platform that let’s you discover data security vulnerabilities, assess their severity and remediate them – all in a single platform.

Data Security Manager

Enterprise Encryption and Key Management

Fortanix streamlines disparate processes for data encryption, data tokenization, key management, credential and certificate storage, and more without requiring expensive upkeep and maintenance.

Encrypt data at-rest, in-transit, and in-use with a single platform.

Automate key distribution, rotation, and revocation across the company.

Protect private information and sensitive data with vaultless data tokenization.

OT Security Solution – XAGE

Shield Your Enterprise. Empower Your Workforce.

Xage delivers access and protection that’s easy to deploy, easy to manage, and easy to use, while stopping cyberattacks at every stage.

Access Any Asset

  • Secure access to legacy systems
  • Unify access control across multiple cloud services
  • Protect all interactions across workloads, applications, and data

Universal Zero Trust Access

  • Granular, identity-based policy enforcement
  • Zero trust with defense-in-depth 
  • Just-in-time access control with collaboration
  • Zero Trust Network Access
  • Privileged Access Management
  • Microsegmentation
  • Multi-party Secure Data Exchange
  • Protect identities
  • Workloads  
  • Assets in IT
  • OT
  • Cloud

Ready to Transform Your IT?

Let’s talk about how MPCL can empower your business through technology.