D
Don McKenzie
Guest
Regulator warns Australia's finance industry on cloud risks
By Brett Winterford on Nov 16, 2010 4:56 PM (12 hours ago)
========================================================
APRA's cloud computing fears published in open letter.
"The letter will prove a blow to U.S.-owned cloud computing providers such as Amazon's EC2, Salesforce.com, Microsoft's
Azure and Google's App Engine - all of which to date are hosted elsewhere in Asia."
Australian banking regulator APRA has written an open letter to the financial services industry, urging executives to
view cloud computing as a new form of outsourcing or offshoring that requires the regulator's tick of approval.
The rise of cloud computing has - as formerly expressed by CSC chief technology officer Bob Hayward - "caught the
regulator by surprise."
Earlier this year the regulator stepped in to apply pressure on one wealth management firm that had endeavoured to
migrate its CRM system to Salesforce.com, hosted in Singapore.
Today's letter [PDF] - first reported on technology news site Delimiter - reinforced APRA's view that cloud computing is
still untested technically and legally.
The regulator said organisations migrating services such as messaging and calendaring, collaboration and CRM to the
cloud be concerned about serious risks to the business.
"While these applications may seem innocuous, the reality is that they may form an integral part of an institution's
core business processes, including both approval and decision-making, and can be material and critical to the ongoing
operations of the institution," APRA said in the letter.
"APRA has noted that its regulated institutions do not always recognise the significance of cloud computing initiatives
and fail to acknowledge the outsourcing and/or offshoring elements in them," the letter said.
"As a consequence, the initiatives are not being subjected to the usual rigour of existing outsourcing and risk
management frameworks, and the board and senior management are not fully informed and engaged.
"Regulated institutions are reminded that, under the prudential standards on outsourcing, they are required to consult
with APRA prior to entering into any offshoring agreement involving a material business activity."
APRA expects that any outsourcing project that could hinder an organisation's ability to manage risks effectively or
have a "significant impact on the institution's business operations" requires the regulator's approval.
Those wishing to embrace the cloud are required to undertake a "comprehensive risk assessment" around the type of
service, the service provider and where it is located, and the "criticality and sensitivity of the IT assets involved."
"APRA has observed that, to date, assessments of cloud computing proposals typically lack sufficient consideration of
these factors," the letter said.
http://www.itnews.com.au/News/238817,regulator-warns-australias-finance-industry-on-cloud-risks.aspx
Cheers Don...
====================
--
Don McKenzie
Site Map: http://www.dontronics.com/sitemap
E-Mail Contact Page: http://www.dontronics.com/email
Web Camera Page: http://www.dontronics.com/webcam
No More Damn Spam: http://www.dontronics.com/spam
USB Isolator 1000VDC For Protecting Your PC OR Laptop
http://www.dontronics-shop.com/usb-iso-low-full-speed-usb-isolator.html
These products will reduce in price by 5% every month:
http://www.dontronics-shop.com/minus-5-every-month.html
By Brett Winterford on Nov 16, 2010 4:56 PM (12 hours ago)
========================================================
APRA's cloud computing fears published in open letter.
"The letter will prove a blow to U.S.-owned cloud computing providers such as Amazon's EC2, Salesforce.com, Microsoft's
Azure and Google's App Engine - all of which to date are hosted elsewhere in Asia."
Australian banking regulator APRA has written an open letter to the financial services industry, urging executives to
view cloud computing as a new form of outsourcing or offshoring that requires the regulator's tick of approval.
The rise of cloud computing has - as formerly expressed by CSC chief technology officer Bob Hayward - "caught the
regulator by surprise."
Earlier this year the regulator stepped in to apply pressure on one wealth management firm that had endeavoured to
migrate its CRM system to Salesforce.com, hosted in Singapore.
Today's letter [PDF] - first reported on technology news site Delimiter - reinforced APRA's view that cloud computing is
still untested technically and legally.
The regulator said organisations migrating services such as messaging and calendaring, collaboration and CRM to the
cloud be concerned about serious risks to the business.
"While these applications may seem innocuous, the reality is that they may form an integral part of an institution's
core business processes, including both approval and decision-making, and can be material and critical to the ongoing
operations of the institution," APRA said in the letter.
"APRA has noted that its regulated institutions do not always recognise the significance of cloud computing initiatives
and fail to acknowledge the outsourcing and/or offshoring elements in them," the letter said.
"As a consequence, the initiatives are not being subjected to the usual rigour of existing outsourcing and risk
management frameworks, and the board and senior management are not fully informed and engaged.
"Regulated institutions are reminded that, under the prudential standards on outsourcing, they are required to consult
with APRA prior to entering into any offshoring agreement involving a material business activity."
APRA expects that any outsourcing project that could hinder an organisation's ability to manage risks effectively or
have a "significant impact on the institution's business operations" requires the regulator's approval.
Those wishing to embrace the cloud are required to undertake a "comprehensive risk assessment" around the type of
service, the service provider and where it is located, and the "criticality and sensitivity of the IT assets involved."
"APRA has observed that, to date, assessments of cloud computing proposals typically lack sufficient consideration of
these factors," the letter said.
http://www.itnews.com.au/News/238817,regulator-warns-australias-finance-industry-on-cloud-risks.aspx
Cheers Don...
====================
--
Don McKenzie
Site Map: http://www.dontronics.com/sitemap
E-Mail Contact Page: http://www.dontronics.com/email
Web Camera Page: http://www.dontronics.com/webcam
No More Damn Spam: http://www.dontronics.com/spam
USB Isolator 1000VDC For Protecting Your PC OR Laptop
http://www.dontronics-shop.com/usb-iso-low-full-speed-usb-isolator.html
These products will reduce in price by 5% every month:
http://www.dontronics-shop.com/minus-5-every-month.html