If the CBA says it’s ok, it’s ok.
On Tuesday one of the country’s most prominent technologists, Michael Harte, the chief information officer of the Commonwealth Bank of Australia, told 750 people in a public conference that security concerns about the cloud were “garbage”.
His actual words were, thanks to iTnews and ComputerWorld: “”The favourite [excuses] I used to hear when I talked to the big household names in infrastructure equipment was, ‘[The cloud] doesn’t look very secure, Michael. You can’t do that. And there’s data sovereignty; you’d want to look very, very carefully at that.’ […] I’m here to tell you those concerns are garbage,” Harte said.
I can understand that cloud computing is a conceptual leap for business owners. What is the cloud? Where is my information being stored? How is it being kept secure?
No-one these days has the time to carry out due diligence and check these things, even if they knew the right questions to ask.
But there is no more need to ask those questions when it comes to running your server and storing data with the big players like Amazon. (Let’s leave aside for now the more complex topic of security and software-as-a-service.)
If anyone has an incentive to carry out due diligence, measure risk and weigh up benefits it’s a bank. And yet Harte has moved a dozen applications in the CBA to Amazon and is in the process of moving a lot more. His findings: the cost of IT hardware dropped 40 percent, the cost of storage dropped 50 percent, and the cost of testing applications fell 50 percent too.
Plus there was “the happiness that you can get from your business partners because you’re delivering services on demand within minutes or within days rather than within days, months, weeks, that it normally took.”
Australia’s biggest bank has done the work for everybody in deciding whether the cloud as a delivery mechanism is safe. With the usual caveat that nothing is 100 percent safe, whether in the cloud or in your office, we can stop asking if the cloud is safe enough. If the CBA says it is safe then you’re either paranoid or technophobic to believe otherwise.
This doesn’t equal blind faith in the cloud; we don’t know which applications the CBA is running on Amazon, whether it has a different service agreement to the standard user or if the bank is using the cloud service as the only location to store data or just as a backup.
But as one software developer tweeted from the audience, “If CBA can manage the risks of using AWS, I’m finding it hard to think of a business that couldn’t do the same.”
If you want to run your own server, that’s ok. Just be aware that you will pay a premium for your IT, carry a greater risk of losing data and move more slowly as a business than your competitors who, like the Commonwealth Bank, are moving to the cloud.
Updated 27/11/12: Added qualification against blind faith.