Public cloud not mature enough for banks: ANZ CTO

ANZ CTO Patrick Maes has said financial institutions cannot be like startups and put their entire business in AWS because the public cloud market isn't mature enough yet to meet the data security requirements of the banks.
Written by Josh Taylor, Contributor

Until cloud operators can tell the banks where their data is being stored at any one particular time, the public cloud will not be mature enough for financial institutions, according to ANZ CTO Patrick Maes

The chief technology officer made the comments during a panel discussion on the future of cloud at the annual CeBIT conference in Sydney on Wednesday.

Maes was quick to draw the distinction between public and private clouds, and noted that the bank does have a lot of private cloud infrastructure.

"We have a private cloud. The private cloud is not so much for elasticity or cost reduction, it's basically our capability to build a global platform," he said.

But Maes said that while Silicon Valley startups could build their entire business in Amazon Web Services, it was much tougher for financial service providers to go down the public cloud path.

"If you operate in 32 countries across Asia and the Pacific, there are some very stringent regulations about locality and ownership of the data," he said, noting that countries like Indonesia and Singapore have strict rules that data must be hosted locally.

"The difference is not so much in the way you set up the infrastructure, it's about knowing exactly where the data is at a certain given moment in time," he said. "In Singapore, you can't use Salesforce because the data will sit in the US."

The private cloud was the only way to guarantee the locality of data at any particular point of time, Maes said.

"The moment the public cloud providers can support these local regulations, then I think the cloud has a great future."

He said that public cloud providers had yet to meet the requirements for banks to put customer data into the cloud.

"Most of the big cloud providers don't have yet the contextual maturity to guarantee service levels, penalties, and liabilities and importantly what happens with the data at the end of contact," he said.

"But this can be overcome and we have been looking at some of the models you can apply to work in the cloud computing environment."

Australian government chief information officer Glenn Archer said that the Australian government had seen an acceleration in government agencies using cloud services, particularly moving public facing websites into the cloud. But he said that in a lot of cases, it wasn't worth government going to the public cloud because it already had the efficiency of scale that is often the benefit of a public cloud.

"Government already has economy of scale and we have it in bucket loads. The business case is not as strong for us, and then you offset that against some the concerns. The things we just don't know how to do yet and that is to provide absolute surety that we are able to protect the interests of citizens in terms of their data ," he said.

Archer said that the government will today release its latest benchmarking report which shows the largest expense for government IT is in applications at 39 percent.

"Applications are fundamentally the representation of policy and business process. We have inherited a lot of complex policy decisions that go back over decades and those have to be represented within government systems," he said.

But while there was an opportunity to reassess whether these legacy applications could be moved to the cloud to cut cost, he said that it wasn't going to be easy.

"We have to accommodate both the needs of government and its citizens today, but also maintain the legacy of what was the policy, or the legislation or the regulatory environment many decades ago.

"The challenge for us is to both look through the simplified business process going forward but to also recognise that we are not going to be able to solve very easily a lot of that legacy environment."

Editorial standards