Commonwealth Bank of Australia (CBA) has migrated its entire core banking system to data centres within Amazon Web Services (AWS). An RMIT expert discusses the move and some of the challenges the Australian bank may face shifting to the American cloud provider.
Dr Nalin Arachchilage, Associate Professor in Cyber Security
"CBA's move to AWS marks a significant milestone in the Australian financial sector's digital transformation journey, reflecting a strategic shift toward cloud-native resilience, scalability, and innovation, aiming to enhance service reliability and accelerate digital banking capabilities.
"On the positive side, major cloud providers like Amazon have mature, well-resourced cybersecurity ecosystems which will allow CBA to standardise its security posture, strengthen disaster recovery, and accelerate digital service delivery to customers through cloud-native innovation. It also positions the bank to adopt AI-driven threat analytics and quantum-safe encryption more efficiently than on legacy systems.
"On the other hand, as AWS operates local data centres within Australia, it remains a United States-based corporation. This raises legitimate concerns about jurisdictional control and potential foreign government access. For a bank entrusted with sensitive financial and personal data, ensuring strict contractual, regulatory, and technical safeguards is essential to uphold data sovereignty and consumer privacy.
"Consumers expect their data to remain protected, private, and locally governed. CBA must therefore communicate clearly and proactively about how customer information is stored, accessed, and secured. Transparent governance and strong public assurance will be vital to maintaining consumer trust during this transition.
"CBA's move to AWS represents a cybersecurity recalibration: one that enhances agility, scalability, and intelligence in banking operations, but also demands rigorous governance, risk management, and public accountability."
Dr Nalin Arachchilage is an Associate Professor in Cyber Security at RMIT University. His research expertise spans human-centric cyber security, quantum-safe cryptography, space & satellite security, secure software engineering, and responsible artificial intelligence (AI).
***
