Banks build clouds, secure savings

Beverley Head
Thursday, 17 March 2011 15:30

Business IT - Technology

Migrating test and development to a cloud computing environment has cut the time it takes Westpac to provision a system used for testing from 14 days to four hours. It's just one of the benefits that Australia's major banks are starting to accrue from their early adventures in cloud computing which for some are pointing to a step change in terms of efficiency and agility.

Speaking at an Australian Information Industry Association banking and financial services lunch in Sydney today Commonwealth Bank, Westpac, and ANZ Wealth Technology all sent strong signals about the important role cloud computing is expected to play in terms of delivering cost efficient and nimble IT services.

While most have started using internal clouds, some are using external, even offshore cloud providers. Holding financial data offshore has however already attracted the attention of the Australian Prudential Regulation Authority (APRA), the financial sector watchdog.

In November the organisation sent bank trustees a letter warning about the potential risks associated with moving computing to a third party's cloud service. It made clear that its ability to perform as a regulator should not be compromised by the migration of data to the cloud.

While APRA as yet has no specific prudential requirements with regard to cloud computing, it reminded trustees of the requirement to consult with APRA before any offshoring occurred, making clear that moving data to cloud computing services hosted overseas would require that prior consultation.

Greg Booker, the CIO of ANZ Wealth Management, who runs an IT team of 500 people, said that the organisation had migrated four applications to the cloud, although that had now dropped down to three, and was using Salesforce's offshore cloud for some CRM activities.

'We're running a couple of cloud applications with data offshore and have had some long conversations with APRA around the risk analysis associated with that. I have no doubt whatsoever this is an area which will at some point be tested.

'APRA's s position is that cloud is in its infancy and represents a set of challenges that really aren't that much different from when we were doing the early days of outsourcing or offshoring and some of those things got tested and came up with the appropriate methods and means to make sure our data was protected.

'The key challenges APRA sees and we see are what if your vendor vanishes, what if your cloud vendor ceases to exist? How do you protect yourself, how do you protect your business?