Maker Pro
Maker Pro

Regulator warns Australia's finance industry on cloud risks

D

Don McKenzie

Jan 1, 1970
0
Regulator warns Australia's finance industry on cloud risks
By Brett Winterford on Nov 16, 2010 4:56 PM (12 hours ago)
========================================================

APRA's cloud computing fears published in open letter.

"The letter will prove a blow to U.S.-owned cloud computing providers such as Amazon's EC2, Salesforce.com, Microsoft's
Azure and Google's App Engine - all of which to date are hosted elsewhere in Asia."

Australian banking regulator APRA has written an open letter to the financial services industry, urging executives to
view cloud computing as a new form of outsourcing or offshoring that requires the regulator's tick of approval.

The rise of cloud computing has - as formerly expressed by CSC chief technology officer Bob Hayward - "caught the
regulator by surprise."

Earlier this year the regulator stepped in to apply pressure on one wealth management firm that had endeavoured to
migrate its CRM system to Salesforce.com, hosted in Singapore.

Today's letter [PDF] - first reported on technology news site Delimiter - reinforced APRA's view that cloud computing is
still untested technically and legally.

The regulator said organisations migrating services such as messaging and calendaring, collaboration and CRM to the
cloud be concerned about serious risks to the business.

"While these applications may seem innocuous, the reality is that they may form an integral part of an institution's
core business processes, including both approval and decision-making, and can be material and critical to the ongoing
operations of the institution," APRA said in the letter.

"APRA has noted that its regulated institutions do not always recognise the significance of cloud computing initiatives
and fail to acknowledge the outsourcing and/or offshoring elements in them," the letter said.

"As a consequence, the initiatives are not being subjected to the usual rigour of existing outsourcing and risk
management frameworks, and the board and senior management are not fully informed and engaged.

"Regulated institutions are reminded that, under the prudential standards on outsourcing, they are required to consult
with APRA prior to entering into any offshoring agreement involving a material business activity."

APRA expects that any outsourcing project that could hinder an organisation's ability to manage risks effectively or
have a "significant impact on the institution's business operations" requires the regulator's approval.

Those wishing to embrace the cloud are required to undertake a "comprehensive risk assessment" around the type of
service, the service provider and where it is located, and the "criticality and sensitivity of the IT assets involved."

"APRA has observed that, to date, assessments of cloud computing proposals typically lack sufficient consideration of
these factors," the letter said.

http://www.itnews.com.au/News/238817,regulator-warns-australias-finance-industry-on-cloud-risks.aspx

Cheers Don...

====================


--
Don McKenzie

Site Map: http://www.dontronics.com/sitemap
E-Mail Contact Page: http://www.dontronics.com/email
Web Camera Page: http://www.dontronics.com/webcam
No More Damn Spam: http://www.dontronics.com/spam

USB Isolator 1000VDC For Protecting Your PC OR Laptop
http://www.dontronics-shop.com/usb-iso-low-full-speed-usb-isolator.html

These products will reduce in price by 5% every month:
http://www.dontronics-shop.com/minus-5-every-month.html
 
M

me here

Jan 1, 1970
0
Don said:
Regulator warns Australia's finance industry on cloud risks
By Brett Winterford on Nov 16, 2010 4:56 PM (12 hours ago)
========================================================

APRA's cloud computing fears published in open letter.

"The letter will prove a blow to U.S.-owned cloud computing providers
such as Amazon's EC2, Salesforce.com, Microsoft's Azure and Google's
App Engine - all of which to date are hosted elsewhere in Asia."

Australian banking regulator APRA has written an open letter to the
financial services industry, urging executives to view cloud
computing as a new form of outsourcing or offshoring that requires
the regulator's tick of approval.

The rise of cloud computing has - as formerly expressed by CSC chief
technology officer Bob Hayward - "caught the regulator by surprise."

Earlier this year the regulator stepped in to apply pressure on one
wealth management firm that had endeavoured to migrate its CRM system
to Salesforce.com, hosted in Singapore.

Today's letter [PDF] - first reported on technology news site
Delimiter - reinforced APRA's view that cloud computing is still
untested technically and legally.

The regulator said organisations migrating services such as messaging
and calendaring, collaboration and CRM to the cloud be concerned
about serious risks to the business.

"While these applications may seem innocuous, the reality is that
they may form an integral part of an institution's core business
processes, including both approval and decision-making, and can be
material and critical to the ongoing operations of the institution,"
APRA said in the letter.

"APRA has noted that its regulated institutions do not always
recognise the significance of cloud computing initiatives and fail to
acknowledge the outsourcing and/or offshoring elements in them," the
letter said.

"As a consequence, the initiatives are not being subjected to the
usual rigour of existing outsourcing and risk management frameworks,
and the board and senior management are not fully informed and
engaged.

"Regulated institutions are reminded that, under the prudential
standards on outsourcing, they are required to consult with APRA
prior to entering into any offshoring agreement involving a material
business activity."

APRA expects that any outsourcing project that could hinder an
organisation's ability to manage risks effectively or have a
"significant impact on the institution's business operations"
requires the regulator's approval.

Those wishing to embrace the cloud are required to undertake a
"comprehensive risk assessment" around the type of service, the
service provider and where it is located, and the "criticality and
sensitivity of the IT assets involved."

"APRA has observed that, to date, assessments of cloud computing
proposals typically lack sufficient consideration of these factors,"
the letter said.

http://www.itnews.com.au/News/238817,regulator-warns-australias-financ
e-industry-on-cloud-risks.aspx

Cheers Don...

====================

Good article.

--
 
Top