Module: General Practice
Q93: Consider the following statements regarding the "Shared Responsibility Model" in Cloud Computing for banks.
The Cloud Service Provider (CSP) is responsible for the security OF the cloud (physical infrastructure, networking).
The Bank is responsible for security IN the cloud (data classification, identity management, encryption).
The RBI Master Direction on Outsourcing of IT Services mandates that banks cannot outsource "Core Management Functions" to the cloud provider.
The Bank is responsible for security IN the cloud (data classification, identity management, encryption).
The RBI Master Direction on Outsourcing of IT Services mandates that banks cannot outsource "Core Management Functions" to the cloud provider.
✅ Correct Answer: D
🎯 Quick Answer:
All statements are correct. Concept: Cloud Governance in Banking. The Model: Security is shared. The CSP secures the hardware (servers, cables), but the Bank must secure the data on those servers (who logs in, is the data encrypted?). If a bank leaves a database open to the public, that is the Bank's fault, not the CSP's. Regulatory: RBI explicitly forbids outsourcing "Core Management Functions" (like policy making, strategic planning, or compliance monitoring) to any third party, including cloud providers. The bank retains ultimate accountability.