Skip to content
Payment Card YearbooksPayment Card Yearbooks
0
Autralian regulator voices concerns over cloud risks

Autralian regulator voices concerns over cloud risks

The Australian Prudential Regulation Authority (APRA) has released an information paper on prudential considerations and key principles in relation to outsourcing involving shared computing services, including the cloud.

The information paper uses the term ‘shared computing services’ (whether labelled cloud

Cloud computing services

Autralian regulator voices concerns over cloud risks

or otherwise) to differentiate arrangements which involve the sharing of IT assets (including hardware, software and/or data storage) with other parties, from those where IT assets are dedicated to a single entity.

The use of shared computing services by APRA regulated entities is expected to continually evolve, along with the maturity of the risk management and mitigation techniques applied. APRA therefore encourages ongoing dialogue with industry participants to ensure prudent practices are in place and risks are adequately mitigated when regulated entities seek the advantages that shared computing services may realise.

While shared computing services may bring benefits, such as economies of scale, they also bring associated risks. These can vary considerably depending on the particular usage. Low risk usages are those involving IT assets with low criticality and sensitivity.  Other usages involve heightened risk, such as the exposure of highly critical and/or highly sensitive IT assets to ‘un-trusted’ environments, necessitating a greater degree of caution and supervisory interest. For these arrangements, APRA encourages prior consultation.

The information paper also discusses weaknesses that APRA has identified as part of its ongoing supervisory activities, reflecting that risk management and mitigation techniques are yet to fully mature in this area. In particular, it is not readily evident that ‘public cloud’ arrangements have reached a level of maturity commensurate with usages having an extreme impact if disrupted.

Usages having an extreme impact if disrupted include, in particular, hosting systems of record holding information essential to determining obligations to customers (such as customer identity, current balance/benefits and transaction history).

Copies the information paper are available here

The post Autralian regulator voices concerns over cloud risks appeared first on Payments Cards & Mobile.

Since their origin in 1996 as the Payment Cards Statistical Yearbooks have
expanded each year and now comprise of two separate publications.

The European Payment Cards Yearbook covers the EU27 countries plus Iceland, Norway, Serbia, Switzerland, Turkey and UK.

The Eurasian Payment Card Yearbook covers Russia and the countries of the former Soviet Union – Armenia, Azerbaijan, Belarus, Georgia, Kazakhstan, Kyrgyzstan, Moldova, Ukraine and Uzbekistan.
American Express
Apple Pay
Diners Club
Discover
Maestro
Mastercard
Shop Pay
Union Pay
Visa

© 2024 Payment Card Yearbooks, All rights reserved. Powered by Shopify

Cart 0

Your cart is currently empty.

Start Shopping
Trending Now