Alert:
A nationwide postal strike or lockout may occur as early as November 3, 2004. Dealer Members must take steps to ensure that document delivery requirements prescribed under CIRO Rules continue to be met.
This Notice outlines some technology and cybersecurity controls related to the use of cloud services and application interfaces.
Cloud services and application interfaces are being increasingly targeted and their vulnerabilities exploited by cyber attackers. This Notice identifies some recommended practices that firms can consider to manage these risks. You should ensure that your IT or managed services provider reviews and implements cybersecurity controls applicable to your firm and environment.
Cloud services
The use of cloud services is increasing. Cloud services can help with providing quicker implementations, remote access capabilities, and on-demand models for computing services. Depending on the implementation, the management of a cloud service may differ from the traditional on-premises deployment of servers, applications, and services, which can leverage existing network and server controls. When deploying and managing cloud environments, consider the following controls:
Application Programming Interfaces (APIs)
Firms can make data and applications available outside of the organization through the use of application services and protocols like APIs. As with cloud services, security of APIs ensures the confidentiality of your data and mitigates misuse of application services. The following highlights some controls your firm should consider:
Other resources
Further information and resources on managing cybersecurity threats, including guides and webinars, are available on IIROC’s cybersecurity site.