Yet another major Australian bank goes hard with Amazon cloud


blog It seems like it was only yesterday that Australia’s major financial services organisations were holding their noses and sniffing at the bad smell that they associated with ‘low-grade’ cloud computing services operated by offshore technology giants such as Amazon Web Services. At that stage, it was very much more the vogue for the banks and insurers to use infrastructure provided by ‘trusted’ providers such as Fujitsu, IBM, HP, CSC and so on. Well, how the worm has turned. It was only last month that it was revealed that National Australia Bank had switched its entire public-facing website into Amazon’s cloud, and this week Suncorp joined the throng, planning what The Australian describes as a “complete transfer” into the cloud. The newspaper reports (we recommend you click here for the full article):

“A very large cloud is forming over Suncorp as the financial institution looks at planting all of its 2000 applications inside external cloud computing providers Amazon, Oracle and others.”

More information on this project comes from iTNews, which has been on a junket to Las Vegas to hear Suncorp chief information officer Jeff Smith talk on the topic. Presumably there has also been blackjack involved.

Of course, NAB and Suncorp aren’t the first major Australian banks to jump on this trend. Readers who’ve been with us for a while will recall that CommBank chief information officer Michael Harte was singing Amazon’s praises some twelve months ago, and the CIO was actually working to get inter-bank cooperation with vendors and regulators on cloud computing as early as April 2010. However, we truly are now seeing a major trend. Huge financial services institutions are openly placing a lot of their server processing needs into Amazon’s public cloud. These are organisations with very high security needs, and very watchful regulators holding them to account. If they can do it, anyone can.


  1. Suncorp are mostly an Insurance company, not a “major” bank. Suncorp’s banking is small potatoes, but their CIO seems to be very cavalier in regards to security, his BYO policy for employees is a good example of this.

    I’m really surprised Australian Financial regulators would allow financial details to be kept on any “cloud” platform, let alone one based in the USA, where privacy it totally disregarded, and full access to any and everything given to the USA government and agencies.

    • I think you’ll find that no customer data let alone any transaction system is yet available by Suncorp or Commbank in the cloud. This article, and certainly of what I can see, only their public facing websites are cloud hosted.

    • If you actually read the article you would have noticed that only the external facing website and applications are hosted in the cloud. These are transaction front-ends. No financial or customer data would be stored on cloud servers in these scenarios.

    • Hey Daniel, enough with “the cloud” already! This term is useless.

      What we are talking about here is “Cloud Services” … which are simply an evolved form of outsourcing that leverages large scale shared service apps and infrastructure. Q: How do we judge the trustworthiness of a cloud service? A: The same was as any other form of outsourced service … (1) assess the financial and operational integrity of the vendor, (2) assess the functionality and operational specifics of the service offering, (3) match these against your requirements. The proof of the pudding is in the eating.

      AWS stacks up pretty well as a trustworthy provider of large scale cloud services. Its service offerings are leading-edge in terms of functionality and security … and commercially very attractive. The data is hosted in redundant facilities in Sydney and can be accessed over a secure VPN. As I like to say … “cloudy is as cloudy does”. The best way to assess a cloud service is to put it to the test.

      Can anyone suggest case studies of large enterprises that have put an enterprise-grade cloud service to the test and then decided to reverse out of it back into a dedicated on-premise solution?

  2. So, it’s specious to say “These are organisations with very high security needs, and very watchful regulators holding them to account”, because most of the websites aren’t scrutinised by regulators. And while certainly, the banks may lose some _reputation_ if the frontends go down, the security needs aren’t the same as for the banking systems themselves.

  3. All the complaints assume that the data is more secure when hosted on-premise than in the cloud, which in most cases is a fallacy.

    Simply being “on premise” in your own data centre means absolutely nothing for security.

Comments are closed.