The Australian Prudential Regulation Authority (APRA) recently released an information paper that highlights the risks of cloud computing.
According to the regulator of the Australian financial services industry, outsourcing in the banking industry was increasingly occurring in a way that involved the sharing of IT assets or cloud computing. This is driven by banks' desire to cut costs as it is more cost-effective to use IT infrastructure built and maintained by external companies.
After reviewing such outsourcing arrangements, APRA highlighted several weaknesses on how the industry is managing this shift.
"Risk management practices, including risk identification and mitigation techniques, are still maturing for these types of arrangements, elevating the level of risk to APRA-regulated entities," said APRA.
The regulator also said that while cloud may be appropriate in some instances, the situation is different for critical IT assets. "In light of weaknesses in arrangements observed by APRA, it is not readily evident that risk management and mitigation techniques for public cloud arrangements have reached a level of maturity commensurate with usages having an extreme impact if disrupted."
Even though APRA did not outline new prudential standards relating to cloud computing or outsourcing in the paper, it said that further guidance was worthwhile because of the recent growth in outsourced IT that involved shared computing services.
Sign up for CIO Asia eNewsletters.