ANZ builds up 'cypher cloud' strategy

ANZ will move certain businesses off a Salesforce customer relationship management (CRM) system under a group-wide cloud computing policy established late last year.

The policy was developed in the wake of a September 2011 review by Australian banking regulator APRA but shaped by the more stringent requirements of the Monetary Authority of Singapore (MAS).

“We work towards the MAS standards in Singapore,” ANZ chief information officer Anne Weatherston said, describing the challenge operating in 32 geographies.

“They’ve come out and said absolutely, categorically no cloud. APRA is not quite as prescriptive yet as MAS, but the APRA view is that we [Australia] will follow their lead.”

Weatherston said ANZ’s Australian life insurance business currently used a Salesforce CRM, although no customer data was stored in the cloud.

She described the cloud CRM as “a fantastic product” that she had inherited when she joined ANZ as its CIO three years ago.

ANZ’s Australian competitors, including the Commonwealth Bank and Bank of Queensland, have spoken publicly about adopting a Salesforce CRM in recent months.

“I think Salesforce could be quite useful in our Australian businesses but we want to do things globally consistently,” Weatherston said.

“You’re only as strong as your weakest link … MAS do look at that. I think the MAS view is no Salesforce, even without [storing] data [in the cloud].”

According to ANZ‘s chief technology officer Patrick Maes, the group would not exclude public or hybrid cloud solutions “where that makes sense”.

Maes described ANZ’s target environment as a “cypher cloud”, for which any customer data would be encrypted and depersonalised before moving to public cloud environments.

He noted that the group continued to use Salesforce to manage investor relationships – where no customer data was involved.

“In our policy, we say very clearly that we don’t master customer data in the public cloud or in a hybrid cloud,” Maes explained.

“Going forward, we will probably end up in a hybrid approach … to overcome all the legislation and regulations in terms of privacy and location of data, we’ve come up with a cypher cloud proposition.

“We’re basically saying it’s possible to have customer data in a public cloud capability, but that customer data is depersonalised and encrypted on the cloud provider’s side, so we never can compromise customer data.”

Economies of scale

Speaking to iTnews on the sidelines of the Gartner Symposium this month, Weatherston and Maes explained that ANZ would still enjoy economies of scale through its private cloud.

ANZ has virtualised 40 percent of its infrastructure in the past year, and expects to have 80 percent of its systems in a private cloud environment by 2014.

ANZ’s private cloud currently supports 2000 virtual desktops for ANZ Wealth, with the group’s entire 60,000-desktop fleet to be converted to virtual desktops by 2014.

"The economies of scale that you get in a public cloud, you can get into a private cloud … and in the long-term, depending on your size, it’s easier,” Maes said, noting that public cloud users were still saddled with inspections and disaster recovery requirements.

“Don’t forget for most regulators, a public cloud contract is a material outsourcing contract. You as a bank are still responsible for the cloud provider.”