With Australia's banks increasingly turning to the public cloud, the country's financial services watchdog has warned of "areas of weakness" in how the shift is being managed.
In an information paper (PDF), the Australian Prudential Regulation Authority (APRA) says that it has seen an increase in the "volume, materiality, and complexity of outsourcing arrangements involving shared computing services (including cloud)" that have come across its desk.
With use of the cloud still in its infancy, the APRA says it has spotted "weakness" in how these deals are being set up, prompting it to put out the paper, which supersedes a 2010 letter sent out to financial services firms.
"While shared computing services may bring benefits, such as economies of scale, they also bring associated risks," warns the paper.
The regulator makes clear that while the cloud may be appropriate in some instances, for critical IT assets, the situation is different: "In light of weaknesses in arrangements observed by APRA, it is not readily evident that risk management and mitigation techniques for public cloud arrangements have reached a level of maturity commensurate with usages having an extreme impact if disrupted."
Earlier this year, Bank of Queensland was forced to write off $10 million on a new cloud-related customer relationship management system because it failed to meet "operational and regulatory requirements".
Despite the concerns of regulators such as the APRA, banks are convinced of cloud computing's potential. This week HSBC posted a YouTube video extolling its ability to help multinationals reinvent business models.