Australian security professionals are more risk averse to cloud computing than overseas counterparts, according to the Information Security Forum (ISF).
More of them also have the ear of chief executives and area respected point of contact for projects that carry implications for information risk management, claims ISF vice president Steve Durbin.
“A number of Australia organisations would love to be bold, but they want to know about the implications of jumping into cloud computing. They are not diving in like elsewhere,” he said.
The ISF claims to have Australia’s big banks, financial institutions, large retailers and some mining companies and government agencies as members.
On a visit to Australia from London, Durbin said a large retailer and ISF member had pulled large chunks of data from its saleforce.com system following requests from its information security team.
“The security guys saw lots of data, like buying habits and financial data, and said to pull data [in-house] that would not restrict business opportunities,” Durbin said.
“In Salesforce you can hold a massive amount of data in there. Do you need to hold it? It may be a risk.”
He said executives had become jittery of security breaches, and had set policies demanding projects with risk implications are first approved by IT security.
“Large Australian organisations get risk – they get it more than many other countries.”
That has forced security professionals “out of dark cupboards” and into a more high-profile business role, from a “traffic cop to strategic planner”, he said.