Storm Clouds

Posted on April 19, 2012 by Gavin Keeley

With many Australian companies rushing to embrace the real benefits of cloud computing, many are failing to take account of the risks associated with this decision, risks which are very real for director’s liabilities. On the flip side are just as many companies who aren’t using the cloud, but could gain great benefits from doing so, simply because of perceived risks that are untrue.

For a cloud computing implementation to be successful in an organisation it requires solid planning that covers all aspects of the holy trinity – commercial, legal, and technical. As the song goes, “Two out of three ain’t bad” but in the case of cloud computing if all of these 3 aspects haven’t been covered and appropriately balanced there are bound to be problems. Cloud computing requires a true business IT partnership and either party going it on their own could lead to severe unintended consequences. For instance an IT lead initiative should give a solution that works and has good commercial arrangements but, as many are now discovering, leaves the organization exposed to legal or regulatory issues. Similarly business lead initiatives tend to fall fowl of some technical gotcha.

The most notable catch is the potential conflicts between the requirements of the Australian Privacy Act and the US Patriot Act. Specifically this will leave a company exposed to potential breaches of the Privacy Act if the information is stored on a cloud that is either within the US, operated by any US company, or a company that does business with the US, irrespective of where the information is actual stored. This means the issue of data sovereignty is more than which country is my data stored in, because an Australian company storing customer data on a cloud in Australia that is operated by a US company or company that does business with the US e.g. Google, Microsoft, Amazon, Telstra, Optus, Fujitsu would still be subject to the jurisdiction of the Patriot Act. Many companies in Australia are already deploying to cloud services, sometimes without even knowing by contracting services of another company e.g. accountancy firms using cloud based accounting software and haven’t checked or made appropriate changes to their privacy policy or service contract to reflect the Privacy Act requirements. Another issue for many Australian firms to consider is that many ‘clouds’ are offshore, especially in Singapore – which presents its own challenges in terms of jurisdiction on matters such as privacy.

Whilst a lot of this remains theoretical, in so far as no cases have yet been brought to trial and it isn’t known publically if the Patriot Act has been used on data related to Australians (either in Australia or the USA), regulatory breaches have already been recorded. One large Australian financial services company has fallen foul of a compliance issue by using a cloud service. In this instance the regulator didn’t object to the cloud service per se, but to the fact that the company concerned hadn’t followed a clearly defined due diligence process in their move to a cloud service. This case lead to an executive of the organisation declaring the cloud unsuitable for use in financial services companies. However, the benefits of cloud computing are probably most applicable to financial services companies and those that have followed the outlined process have gotten regulatory approval. Therefore in most instances it is not whether the cloud is ready for your company but rather is your company ready for the cloud!

There is still confusion as to what cloud computing actually is in both the business and the IT community. So called “cloud washing” where IT companies have repositioned and repurposed their existing offerings are still all too common, but a lot less of that now than a year ago, as the market becomes more mature and as real cloud services finally arrive. There are also excellent research reports now available that can help guide buyers which were not there a year ago and there is at least one international standards body providing a clear definition for cloud computing, one that can be used to assess a vendors offering for compliance, but it is surprising how many people, IT Professionals included, are simply unaware of this.

Cloud computing, just like previous advances in computing, has the IT industry awash with snake oil sales people leaving a lot of customers chasing an elusive pot of gold at the end of the rainbow, however, for those who plan and chart a course correctly there is definitely a silver lining to their cloud.Image

Unknown's avatar

About Gavin Keeley

I am an experienced technologist and business leader with a career spanning nearly 30 years in international consultancy and corporate roles across a diverse range of sectors. During the last decade I have had a number of Senior Executive roles, as Chief Information Officer or Chief Technology Officer, in large complex corporate and government environments, ranging in size from tens to thousands of IT personnel. During the 80’s and 90’s I founded and established a successful IT Consulting company, after an initial period learning my trade at a ‘big four’ consultancy. The company I founded became renowned, through white papers, trade articles and at conferences, for pioneering with emerging technologies at a portfolio of blue chip companies in Europe and the US. I was at the forefront of the wave of new technologies such as Decision Support and Executive Information in the 80’s and throughout the ‘90’s I was again early with internet and advanced networking technologies - including a number of ‘world first’ client implementations for, amongst others, Oracle and Microsoft More recently I was the first CTO for Aviva in the UK and implemented the world’s first “Pay As You Drive” capability for the Insurer. As Executive General Manager for Business Technology Solutions at Suncorp I was responsible for leading business innovation through technology, and as CTO at Hollard Insurance pioneered a new cloud based technology strategy for the insurer. I have qualifications in both Computing and Business, in addition to my professional teaching qualifications, and media training, that make me a capable communicator. I am a seasoned public speaker at industry conferences, plus a guest lecturer at a number of Universities and have published articles on my leading edge perspectives. I advise companies through the government Mentoring for Growth programme, sit on the boards of a number of Australian companies, and chair the Queensland Group X Digital Careers Program.
This entry was posted in Uncategorized and tagged . Bookmark the permalink.

Leave a comment