One of the hardest things for National Australia Bank (NAB), when it comes to building its private cloud, is ensuring that apps that are moved into that environment are not just virtualised incarnations of apps from the old IT infrastructure, according to NAB technology head of strategy and innovation Denis Curran.
The bank began its cloud journey in 2009, a year after it announced ato overhaul its core banking systems.
NAB enlisted the help of IBM to build an internal private cloud with an infrastructure-on-demand platform in the bank's new datacentre in Melbourne, which will be ready to run in pilot mode by July 2013.
The bank is also either retiring or consolidating around 30 smaller datacentres — some are only computer rooms — that are scattered across Australia, into the new facility. NAB is retiring one of its existing and ageing datacentres, as well.
In a whitepaper released earlier this month, NAB senior manager for datacentre transformation Tim Palmer said that the company wanted to minimise the migration of old technology into the new facility as much as possible.
That is exactly the challenge NAB is facing right now with its internal private cloud, with Curran noting that NAB still has a lot of work to do if it wants to move applications properly from the old infrastructure into to the cloud.
"That means we really have to rethink how we run solutions to make sure that, in the future, they are designed and deployed for the cloud, rather than for the old style infrastructure," he told ZDNet Australia at the Intel Cloud Summit in Bangkok, Thailand, earlier this week.. "There is a real risk that it's just taking them from an old infrastructure to a virtual environment, but we actually want to get them to the cloud environment.
"That is by far the biggest challenge — it's a very substantial undertaking."
Security in the cloud
As a foundation member of the, NAB is keen to promote open and interoperable standards for cloud computing. It was recently revealed that the bank was developing a security standard proof of concept for compliance by service providers, based on an ODCA model.
NAB is building its own internal private cloud, but it is also looking for opportunities to take up an external cloud from a third-party provider.
Curran was unperturbed by the security risks associated with external cloud services, including having less control and visibility into the external provider's infrastructure.
"One of the things to understand is what the risks are," he said. "There are a range of risks you have, irrespective of whether it's in the external or internal cloud."
"Some of the vendors will have superb security arrangements in place that might be, in some areas, better than what we might have in legacy systems, internally."
Carefully assessing the security credentials of cloud providers is a standard part of the decision-making process, according to Curran.
He highlighted that there is no such thing as 100 per cent secure when it comes to cloud computing, and it all comes down to risk management and putting the right controls in place.
"Data breaches in general, if you look at, doesn't make a difference to anybody, whether it happened because it was in the cloud or not," Curran said. "Fundamentally, there was a data breach, and that has consequences in terms of how you manage it."
NAB has no specific guideline as to how much of its IT assets it wants to host in an external cloud, at this stage. The bank has also yet to decide whether it will host some of its data offshore.
Spandas Lui was at the Intel Cloud Summit as a guest of Intel.