APRA warning shows cloud maturity: Salesforce.com


A long-time proponent of cloud computing has hailed a warning by the Australian Prudential Regulatory Authority about the technology as evidence of its maturity and growing adoption — rather than as a potential problem for the nation’s financial sector.

Several weeks ago, in an open letter to the entire financial sector which it helps regulate, APRA warned that the “innocuous” nature of cloud computing services could mask hidden concerns about offshoring.

“The initiatives are not being subjected to the usual rigour of existing outsourcing and risk management frameworks, and the board and senior management are not fully informed and engaged,” wrote Puay Sim, the regulator’s general manager of its supervisory support division.

But in a statement issued today (full PDF), global cloud computing vendor Salesforce.com — which has been pushing the technology for a decade in its long-running fight against rivals like Oracle and SAP — classified APRA’s warning as “a welcome development that signals a new era for the IT industry in Australia”.

“The letter is an acknowledgement that Australian financial services institutions are rapidly adopting cloud computing — just like their counterparts in North America, Europe and other parts of Asia – and need to be judicious in their deployment of cloud services,” the company wrote. “APRA’s guidance will help assure that as the Australian financial services industry moves to the cloud it adopts best practices for IT continuity, confidentiality, integrity, and compliance with legislative and prudential requirements.”

The news comes as this week the level of debate around security and privacy questions surrounding cloud computing in general hit fever pitch, stemming from a conference held in Sydney by the International Association of Privacy Professionals.

Minister for Home Affairs and Justice, Brendan O’Connor, for example, told the conference that while the potential of cloud computing was “rapidly being revealed”, so too were its vulnerabilities. “We know that cyber criminals are very innovative. When they see new technology they exploit it,” he said.

“Cyber criminals can not only steal data from clouds. They can also hide data in clouds. Rogue cloud service providers based in countries with lax cybercrime laws can provide confidential hosting and data storage services, which facilitates the storage and distribution of criminal data, avoiding detection by law enforcement agencies. They can, for example, secretly store and distribute child abuse material for commercial purposes.”

“Cyber criminals can control servers in clouds, denying legitimate users access to websites and targeting websites with repeated messages or images. There have also been suggestions that clouds can be used as launching pads for new attacks, such as trying all possible password combinations to break into encrypted data.”

And Electronic Frontiers Australia chairman Colin Jacobs reportedly said the increased use of virtualised environments posed a new set of privacy risks for enterprises.

However, Salesforce.com pointed out in its statement that over the past 12 years since it was formed, it had “earned the trust” of more than 87,200 customers around the globe — including big names such as Citibank, Japan Post, Sun Trust Bank and security vendor Symantec.

“Salesforce.com takes its mission of being a trusted cloud service provider for its customers very seriously,” the company said. “Integral to this mission is complying with applicable laws, including those related to privacy and data protection, and providing a secure infrastructure to host its customers’ data.”

Image credit: Mackenzie and John, Creative Commons