Salesforce: APRA cloud warnings not bad

Long-time proponent of cloud computing Salesforce has hailed a warning by the Australian Prudential Regulatory Authority about the technology as evidence of the tech's maturity and growing adoption rather than as a potential problem.

Several weeks ago, in an open letter to the entire financial sector, APRA warned that the "innocuous" nature of cloud computing services could mask hidden concerns about offshoring.

"The initiatives are not being subjected to the usual rigour of existing outsourcing and risk management frameworks, and the board and senior management are not fully informed and engaged," wrote Puay Sim, the regulator's general manager of its supervisory support division.

But in a statement issued today, global cloud computing vendor Salesforce classified APRA's warning as "a welcome development that signals a new era for the IT industry in Australia".

"The letter is an acknowledgement that Australian financial services institutions are rapidly adopting cloud computing — just like their counterparts in North America, Europe and other parts of Asia — and need to be judicious in their deployment of cloud services," the company wrote. "APRA's guidance will help assure that as the Australian financial services industry moves to the cloud it adopts best practices for IT continuity, confidentiality, integrity, and compliance with legislative and prudential requirements."

In the wake of the International Association of Privacy Professionals conference in Sydney, the general level of debate around security and privacy questions surrounding cloud computing hit fever pitch this week.

Australian Privacy Commissioner Timothy Pilgrim said that the cloud could enhance privacy because data wasn't being stored on devices which could be lost.

However, Minister for Home Affairs and Justice, Brendan O'Connor, told the conference that while the potential of cloud computing was "rapidly being revealed", so too were its vulnerabilities. "We know that cyber criminals are very innovative. When they see new technology they exploit it," he said.

"Cyber criminals can not only steal data from clouds. They can also hide data in clouds. Rogue cloud service providers based in countries with lax cybercrime laws can provide confidential hosting and data storage services, which facilitates the storage and distribution of criminal data, avoiding detection by law enforcement agencies. They can, for example, secretly store and distribute child abuse material for commercial purposes."

"Cyber criminals can control servers in clouds, denying legitimate users access to websites and targeting websites with repeated messages or images. There have also been suggestions that clouds can be used as launching pads for new attacks, such as trying all possible password combinations to break into encrypted data."

And Electronic Frontiers Australia chairman Colin Jacobs reportedly said the increased use of virtualised environments posed a new set of privacy risks for enterprises.

However, Salesforce pointed out in its statement that over the past 12 years since it was formed, it had "earned the trust" of more than 87,200 customers around the globe — including big names such as Citibank, Japan Post, Sun Trust Bank and security vendor Symantec.

"Salesforce.com takes its mission of being a trusted cloud service provider for its customers very seriously," the company said. "Integral to this mission is complying with applicable laws, including those related to privacy and data protection, and providing a secure infrastructure to host its customers' data."