Immature public cloud not ready for banks
Banking IT executives have continued to bemoan the state of public cloud for the financial services industry, saying that public cloud providers that are offering underwhelming services, and regulators that are strangling innovation, are to blame.
Paul Ventura, head of technology, architecture and integration at BT Financial Group, told ZDNet Australia at the FST Summit on the Gold Coast this week that regulators still have the jitters when it comes to banks using public cloud offerings, and that little is being done to solve the issue.
"Are [regulators] still concerned about the cloud? Absolutely. Are they being directive about how it should be solved? No. Regulators say: 'it's got to be secure and no-one else can touch [the data] and it has to be onshore, etcetera', but how you do that is entirely up to you. The onus is then on the institutions to provide evidence that they're complying with that general directive, so from that point of view I think it's still a struggle [to deploy cloud with the blessing of a regulator]," Ventura told attendees.
He added that agencies like the Australian Prudential Regulatory Authority (APRA) suffer from a reactive approach to policy formation, rather than a proactive approach to solving the problem of privacy and security.
"With regulatory bodies like APRA, it's doing a good job, but they have two perspectives. One is hindsight, to make sure that the things that they outsource are specifically being done; the other is foresight.
"They're looking at where the market is going ... to help them better craft policy. So there's always a slight lag there that's build into the way [regulators] work," he said.
ANZ Bank's chief information officer (CIO) Anne Weatherston recently told a press briefing in Sydney that her organisation's flirtation with the public cloud came to a swift halt after APRA expressed disapproval with the idea.
"I think cloud for banks is very difficult because the regulators are not comfortable with cloud. In cloud, we will pursue virtualisation of private cloud, but we'll monitor the external cloud situation.
"We have actually dabbled a little bit in external cloud here in our insurance business, where we used the [customer relationship management] solution from Salesforce.com but when we explored the possibility of using that on a wider basis, the regulators are nervous about it," she admitted.
Weatherston cited Gartner predictions that Australian CIOs are likely to have some form of public cloud deployment in their businesses by 2015, but the bank CIO said that wouldn't be possible in the current regulatory environment.
The blame for lacklustre results in the public cloud was shared around at the conference, however, with IDC vice-president of Global Research David Potterton pointing the finger at unattractive offerings from public cloud providers for the financial services sector in Australia.
"I think the general consensus ... especially around public cloud offerings is that maturity is not there to handle the scale, and to understand the environment [for financial services].
"I think there's all sorts of issues around [accountability]. When you're a bank, you can't have those issues. It carries all the reputational risk and everything that comes with it, right? So I think the consensus was that [public cloud providers] will get there, but they're still evolving. It's not for now, but it's something for later," said Potterton, adding that all institutions need to come together in institutions like the Open Datacentre Alliance to push forward a global vision of cloud.
"Regulators are looking at institutions to help them and educate them on how [cloud] should be happening. I think that will, over time, develop, and we will get past these issues, but we're still on the journey with that."