The New Singapore MAS TRM Guidelines 2021 And What’s In There For Security In The Cloud

Rajesh Laskary
2 min readJan 28, 2021

The Monetary Authority of Singapore has recently issued the new MAS TRM Guidelines, January 2021. Here is a quick summary of cybersecurity-related questions organizations may ask themselves in their cloud journey while performing a cloud risk assessment or hire an expert who can help guide them in the right direction.

Cloud has its unique threat landscape, vulnerabilities, and risks. Though following basic information security principles is the key to securing the confidentiality, integrity, and availability of your organizational information assets, the Cloud needs a slightly different approach than it used to be in a conventional data center setup. Technology plays a key role in any organisation and MAS in Singapore has always been a step ahead in providing guidelines on technology risk management for financial institutions. The following highlights are very much related to the cloud controls and significant from a security standpoint.

The Cloud

Key Highlights From TRM Guidelines:

- Uses the word ‘Virtualisation’ 10 times

- Has a dedicated section (#11.4) added on ‘Virtualisation.’

- Talks extensively about the following:

  • Cyber Exercises (#13.3)
  • Service Providers (#3,4,7, etc.)
  • Threat Intelligence (#12.1)
  • Monitoring (#4.5, 12.2, 14.3, etc.)

- Information sharing among organisations remains an essential component of cyber resilience.

Here are a few questions organizations leveraging Cloud must ask themselves:

  1. Do your existing security policies address controls around a virtualised environment?
  2. Do the red and blue team’s VAPT cover the vulnerabilities and threats that the cloud environment may bring in? [Or do they even know about it?]
  3. When was the last time you did a comprehensive risk assessment of your cloud environment?



Rajesh Laskary

Author, Cybersecurity, Cloud, Blockchain Professional(CISSP, CRISC, CISM, CCAK, CIAM, CIST, CEH, COBIT, CBSP, CBE, ISO27001 LA, ISO27005 RM, PMP, PMI-ACP)