The IQ Business Group (IQ) today responded to the recent caution by the Australian Prudential Regulation Authority (APRA) regarding the use of cloud computing in the financial services industry. APRA highlighted concerns as to how some cloud-computing solutions might compromise business continuity plans, confidentiality of data and compliance with prudential and legislative requirements. The IQ Business Group, whilst in agreement with APRA on the incorporation of correct risk assessments, believes that the Regulator is underestimating the demand and implementation of internet-based computing solutions.
According to Graham Sammells, CEO of The IQ Business Group, he welcomes this communication from APRA as it adds to the legitimacy of cloud computing solutions. “APRA’s attention to cloud computing reinforces that it is no longer hype and is an acknowledgement that the Regulator itself must adapt to assist organisations assess the benefits of outsourcing and off-shoring Information Technology (IT) solutions.”
Sammells continued, “Cloud computing is not really new and in fact the technology capability has existed in a variety of forms for many years for online businesses such as Amazon, eBay, Gmail, MSN and Salesforce.com. Many financial services institutions are already using cloud computing and I believe that it’s more widespread than even APRA realises. The benefits are being considered as a legitimate alternative to traditional IT solutions by a wide range of APRA-regulated institutions.”
For institutions already using cloud computing, they are considering further expansions into the cloud to realise greater flexibility, faster times to market for new products, economic savings, greater reliability and ease of use.
“These are highly significant reasons for institutions of any size to move away from traditional IT infrastructure to internet-based computing solutions. Cloud-based solutions typically have a commercial model where you pay for what you use, you can try before you buy, and they mitigate the big capital IT investments that we’ve been used to in the past,” he said.
And for those organisations not yet using the cloud, Sammells outlines that it is not only for email, calendar, workflow applications and CRM solutions. “We are seeing entire departments transfer facilities including General Ledger, Contact Centres, Case Management, Document Management, Human Resources and even the Intranet to the cloud. This highlights the need for the Regulator to better understand and prepare for an industry-wide shift for the adoption of virtual IT solutions.”
IQ echoed APRA’s recommendations regarding proper risk assessment of IT infrastructure whether it be in-sourced or out-sourced.
“Where you have IT solutions supporting your core business operations, of course there is a full business case required for assessing the reliability and stability of any IT provider – whether cloud-based or not. Key considerations to be assessed include business continuity and disaster recovery, data access controls, security strategy and framework, software upgrade plans, as well as the vendor’s historical performance on these matters. We counsel our clients to reference check vendor offerings and query how data is stored, who can access it and what safeguards have been put in place to ensure access is by authorised personnel only. Some cloud vendors even have features to choose the region where your data is stored,” continued Sammells.
Sammells further believes that institutions are well aware of the risks associated with any form of IT implementation, dispelling the myth that institutions are seeking cost reductions at any price.
“Even implementing traditional IT infrastructure for core business operations carries risks that would have been apparent to APRA or should have been previously. A number of vendors of cloud-based solutions are really challenging traditional internal IT departments to justify their performance. Often I hear of companies that say they’ve looked at cloud solutions and too quickly formed an opinion that stops them going further. However, when they compare the cloud solution against their incumbent provision of the same service, many companies are realising that the current service comes up well short. Cloud providers typically perform better when it comes to security and disaster recovery because they have bigger budgets to invest than an internal IT department. In addition, reputable cloud vendors have exceptional performance when it comes to managing software and hardware upgrades, and they have superior service standards. So the issues around implementing cloud computing technology are nothing new. It’s just a shift from company-owned assets to the multi-tenant nature of internet-based services.”
“We believe that Australian financial service institutions will increase their adoption of cloud computing levels for a wide variety of reasons, and cost is just one of them. In fact over the next 12 months we expect our consulting engagements across our superannuation, administrators, banking and general finance client base to increase the uptake of cloud computing solutions by 50 per cent,” Sammells concluded.
Graham Sammells is CEO of The IQ Business Group Australia (IQ) and the current chair for the ASFA E-Commerce sub-committee.
Sammells holds an economics degree and graduate diploma in applied finance and investment and has over two decades of Business and IT delivery experience.
Founded in 1998, The IQ Business Group (IQ) is a worldwide provider of comprehensive business solutions and the technologies that enable them. IQ focuses on helping clients improve operational and technological efficiency and reducing operational risk. Today in Australia, the company employs over 80 specialist consultants with major offices in Melbourne and Sydney. It offers four practice lines – Operations, Technology, Risk and Solutions.
Cathryn van der Walt
P: 0402 327 633