While most have started using internal clouds, some are using external, even offshore cloud providers. Holding financial data offshore has however already attracted the attention of the Australian Prudential Regulation Authority (APRA), the financial sector watchdog.
In November the organisation sent bank trustees a letter warning about the potential risks associated with moving computing to a third party's cloud service. It made clear that its ability to perform as a regulator should not be compromised by the migration of data to the cloud.
While APRA as yet has no specific prudential requirements with regard to cloud computing, it reminded trustees of the requirement to consult with APRA before any offshoring occurred, making clear that moving data to cloud computing services hosted overseas would require that prior consultation.
Greg Booker, the CIO of ANZ Wealth Management, who runs an IT team of 500 people, said that the organisation had migrated four applications to the cloud, although that had now dropped down to three, and was using Salesforce's offshore cloud for some CRM activities.
'We're running a couple of cloud applications with data offshore and have had some long conversations with APRA around the risk analysis associated with that. I have no doubt whatsoever this is an area which will at some point be tested.
'APRA's s position is that cloud is in its infancy and represents a set of challenges that really aren't that much different from when we were doing the early days of outsourcing or offshoring and some of those things got tested and came up with the appropriate methods and means to make sure our data was protected.
'The key challenges APRA sees and we see are what if your vendor vanishes, what if your cloud vendor ceases to exist? How do you protect yourself, how do you protect your business?