The chief information officer of ANZ's financial management subsidiary has called on colleagues and security managers to focus on securing applications, rather than data, in a cloud environment.
The traditional concerns of cloud data storage, including data sovereignty and management, could be overcome, ANZ Wealth's Greg Booker said.
Booker joined the financial group following ANZ's take-over of ING's local subsidiary in 2009.
He has since overseen integration of IT infrastructure for six financial management subsidiaries under the ANZ Wealth banner, while also aligning and moving infrastructure within the overarching vision of global CIO, Ann Weatherston.
Weatherston recently charted a six-year IT course for the banking group, which included heavy virtualisation of the bank's infrastructure.
In attempts to facilitate a private cloud migration, ANZ Wealth turned to the nation's banking regulator, the Australian Prudential Regulatory Authority (APRA), to help overcome traditional constraints and potential opposition to moves of customer data.
Booker told industry at an Australian Information Industry Association event this week that APRA's involvement had made the regulator "very comfortable about what we're doing from a data perspective, where we store that data and how that data is managed for us".
The move had helped ANZ Wealth adopt a company-wide mandate that all new infrastructure was at least 50 percent virtualised.
ANZ Wealth had taken early steps toward server virtualisation in Wollongong, which allowed Booker to establish new testing environments in two days.
With ING's older infrastructure, testing environments typically required six months and $400,000 or more to establish.
The company had since also adopted elements of Salesforce.com's product suite, a measure normally frowned up due to the data sovereignty concerns associated with an overseas cloud provider.
Booker said cloud and virtualisation plans at ANZ Wealth and its parent company were still in their infancy, and "toddling along".
One of his key concerns was the level of security applied to applications in a virtualised space, rather than the network edge.
"We actually need to be able to apply different security levels to different applications and if we can't do that, that is going to limit what we can do from a cloud perspective," he said.
"There'll be opportunities to put numerous systems out into the cloud but until we can provide certainly security and even data-level security on applications, then I think the opportunity to move those out into the cloud is going to be very limited."
Businesses would also have to overcome the technology gap between senior and junior IT staff, in which the former often held an overly protective view of technology in the workplace, according to Booker.
Weatherston has publicly expressed doubts over the need to move to a cloud environment in coming years, preferring to focus on "aggressive virtualisation" instead.