APRA urges ‘ongoing dialogue’ on cloud computing
The Australian Prudential Regulation Authority (APRA) has released an information paper on prudential considerations and key principles for outsourcing of shared computing services, including cloud storage.
The regulator expects use of shared computing services will “continually evolve”, along with the maturity of risk management and mitigation techniques applied.
It urges “ongoing dialogue with industry participants to ensure prudent practices are in place and risks are adequately mitigated”.
“While shared computing services may bring benefits such as economies of scale, they also bring associated risks,” APRA says.
The information paper discusses weaknesses APRA has identified during its ongoing supervisory activities, noting “risk management and mitigation techniques are yet to fully mature”.
“In particular, it is not readily evident that ‘public cloud’ arrangements have reached a level of maturity commensurate with usages having an extreme impact if disrupted,” APRA says.
The regulator says it is important that a “cautious and measured approach is adopted for transitioning to a shared computing service, particularly where risks are heightened.
Prudent practices would normally include a well-considered strategy, effective governance arrangements, appropriate consideration of IT risk, including security and recovery, and sufficient assurance mechanisms.”
The information paper is available here.