An Australian regulator has warned the country's financial services firms about failing to put in place proper risk and governance processes for cloud computing in relation to outsourcing and offshoring.
In an open letter, the Australian Prudential Regulatory Authority (APRA) says that that although cloud computing in the financial services sector is not yet widespread, several firms are using - or considering using - the technology for things such as mail, instant messaging, CRM and scheduling.
The body says that while these applications may appear "innocuous" they could form an integral part of core business processes and some firms are not recognising the significance of cloud computing, failing to acknowledge their outsourcing and offshoring elements.
This means that these initiatives "are not being subjected to the usual rigour of existing outsourcing and risk management frameworks".
The watchdog says firms need to address concerns relating to their ability to continue operations if cloud computing services go down. It also raises worries about the confidentiality and integrity of sensitive data, especially in relation to customers.
"Regulated institutions are reminded that, under the prudential standards on outsourcing, they are required to consult with APRA prior to entering into any offshoring agreement involving a material business activity," warns the letter.
Companies are expected to provide a comprehensive risk assessment as part of the consultations, involving an assessment of the "specific arrangements underlying the services offered, the service provider, the location from which the services are to be provided and the criticality and sensitivity of the IT assets involved".
You can read the letter, first spotted by Delimiter, here.