JUser: :_load: Unable to load user with ID: 3667
Monday, 21 November 2011 14:16

Lawyers warn of cloud rogue risks


Organisations which jump into the cloud without performing some form of due diligence on the personnel who will have access to their data are exposing themselves to high levels of risk according to international legal firm Norton Rose.

The firm has released its second international outsourcing survey, which also examines cloud computing and offshoring. Although a relatively small sample - 74 companies - was interviewed for Norton Rose's Outsourcing in a Brave New World report, it offers important insights as to what could well become cloud best practice.

According to Michael Park, a technology partner in the firm's Australian practice; 'Where a company puts any elements of its business into the cloud it must ensure that due diligence has been undertaken on the suppliers' staff given that they may have access to data about the company and its clients.'

But the firm's research found that two thirds of companies weren't conducting that level of detailed due diligence of a supplier's staff, and also found that some suppliers actively discouraged the practice. In fact 35 per cent of customers conduct no due diligence on a supplier's personnel whatsoever.

As the Norton Rose report notes; 'We were surprised at these results. A project manager who has misrepresented his qualifications might fatally damage a project. In light of the prevailing economic climate and the fallout from rogue employees at Satyam and EDS, we think that customers should review their processes to ensure they are properly protected.'

The report made clear the potential risks of failing to properly protect data - especially for financial institutions using outsourcers of cloud providers.

'It is not just data privacy regulators who can impose fines on financial institutions, financial regulators can too. For example, the UK FSA imposed a £2.75 million fine on Zurich Insurance plc when its captive outsourcer in South Africa lost customer data.'

The report also pointed to changes in Singapore where the Monetary Authority has since August required financial institutions entering IT outsourcing to supply information detailing what the outsourcing contract entails, policies, board approval and whether legal advice has been obtained.

In Australia meanwhile APRA has made clear to financial institutions that it expects them to conduct the same level of due diligence on cloud suppliers as they are required to perform before outsourcing or offshoring IT work.

This may go some way to explaining why Norton Rose's report found that despite all the brouhaha about cloud, only 25 per cent of financial sector organisations currently use cloud computing.

Peter Redshaw, the managing vice president of research banking and investment services at Gartner confirmed this general reticence to the cloud from financial organisations. He however said that it was data sovereignty that was the big barrier for banks, with many of them being bound by regulation or legislation to keep at least some of their data onshore rather than in a cloud hosted on international data centres.

Banks were also keen to be convinced of clouds' security, resilience and approach to encryption he said.

Mr Redshaw said that he was surprised by the lack of banking specific cloud services that were yet being crafted by the industry. However he forecast that in the future a new class of supplier - a cloud services brokerage - might emerge to bundle up specific cloud based banking services for the financial sector.

These he said might operate in much the same way as an ISP offers internet access. He said telcos and systems integrators were the most likely candidates to become cloud service brokers.

Mr Redshaw said that when Gartner asked financial sector CIOs about their cloud intentions at the end of 2010 only 7 per cent had any sort of infrastructure in the cloud, and 5 per cent were using Software as a service. Mr Redshaw however expected that to shift significantly over the coming four years.

By the end of 2015 Gartner's forecast has 43 per cent of financial institutions expecting to use infrastructure as a service, and 38 per cent planning to use some SaaS.


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more




Recent Comments