Sogeti: Cloud Case Regie 1 July

Size: px
Start display at page:

Download "Sogeti: Cloud Case Regie 1 July"

Transcription

1 Sogeti: Cloud Case Regie 1 July Robeco Ronald Koot For institutional investors 1

2 Content Robeco Sourcing / Cloud strategy Vendor Controls Cloud Case Robeco 2

3 Facts and Figures Founded in Rotterdam in 1929 Currently part of Orix group after acquisition in 2013 Part of Rabobank group during the decision and implementation Cloud Solutions A pure-play asset manager: investing is all that we do with an active investment style Core investment capabilities complemented by specialized subsidiaries Global leader in sustainability investing 1,500 employees in 13 countries across Europe, the US, the Middle East, Asia and Australia IT Strategy of standardization and reduction of complexity IT Strategy of reducing costs 3

4 Facts and Figures Robeco IT Facts en Figures 120 FTE (internal and external); Servicing Asset Management, Pension Solutions, Retail and Corporate Departments; Servicing around 1000 people in the Netherlands; Servicing around 200 people internationally (mainly in 6 sales offices) with Wide Area Network and a limited number global applications (such as Trading, CRM and Office365). 4

5 Robeco-IT Outsourcing and Cloud perspective Robeco is an early adopter in the financial services sector regarding IT Sourcing and Cloud; Robeco has a culture of being challenging, opportunistic, entrepreneurial and pragmatic approach/attitude towards IT Sourcing providers; We have limited own IT : We have outsourced our infrastructure (Datacenter, WAN, Desktop, Service Desk); We have minimal custom developed software (mainly in Integration and End User Computing); We have a highly virtualized environment without mainframes as of the end of 2013; We have multiple SaaS and Cloud solutions deployed. Our cloud decisions are based on an extensive risk analysis: Policy and Organizational risks such as loss over governance, cloud service termination and lock-in; Technical risks such as data leakage, DDoS, Deletion of Data, Intercepting data in transit, Encryption, data location en separation of environments, virtualization; Legal risks such as data protection, termination, exit clauses/procedures, right to audit; Others risks such a network breaches and traffic, back-ups, lost of log files. 5

6 IT Sourcing Strategy > Cloud (SaaS) Based on the goals of IT Sourcing, challenges and experience, Application sourcing remains a strategic component of IT Sourcing: Continue to implement packages and standard solutions above custom made solutions (Buy before Build principle). Packages and applications can be implemented SaaS based or on premise. Starting points for Application Sourcing SaaS solutions for non core applications and processes; Custom software only for differentiating applications when standard software is not available/suitable; Investments is build around the simplicity architecture (standard packages, potentially SaaS based); Pension Solutions is build around BPO offering; Retail is build around SaaS/Cloud platform and a custom build website OFS; Corporate Domain and Sales & Marketing is build around standard SaaS deliver solutions. Continue using Application specific IT Sourcing (such as SaaS) based on predefined criteria, including: Reuse of the existing applications, solutions, vendor in order to reduce complexity and become cost efficient; Business case; Business criticality, risk impact; Architectural fit and position in the overall landscape; Amount of integration and interfaces with other applications; Data classification. 6

7 Vendor Control Instruments For institutional investors 7

8 Vendor Control Instruments Identified roles in the control of vendors Generic control model for vendors Distinction in type vendors Risk and importance of a vendor for Robeco Vendor Control Framework Risk Analysis 8

9 Waarde Structure of IT Contract Management Depending on the Kraljicscore a Governance will be implemented: Strategic: IT Contract Owner and/or Business Owner have 1 or 2 times a year a strategic meeting with the key 3rd party vendors about developments at Robeco/vendor and, based on performance of the vendor. Tactical: the Vendor Manager is in the lead for organizing a regular meeting, reporting and evaluation of the vendor. Also Business Owner/representatives and/or IT Contract Owner will participate. Operational: Business has regular meetings with vendor on an operational level together with the Vendor Manager Kraljic Analyse Leverancier 12 Leverancier 11 Leverancier 13 Leverancier 14 Leverancier 8 Leverancier 7 Leverancier 4 Leverancier 9 Leverancier 10 Risico Leverancier 3 Leverancier 5 Leverancier 6 Leverancier 1 Leverancier Key roles in the Governance IT Contract Owner Represents GIS in relation to the services (ICT components) delivered by the vendor to the Business Owner. IT Contract Owner is accountable for the budget except for BPO contracts. Business Owner Represents the end-user organization. Is responsible for the functional part of the vendor provided services. Assesses, initiates and approves changes related to the delivered services.. Vendor Manager Facilitates the Vendor Management processes in order to support the Business Owner and the IT Contract Owner with service levels reporting, financial control, contract management and setting up the governance. Purchasing Facilitates the procurement process during the RFI/RFP phase and negotiation. Robeco 9

10 Vendors in Control In 2014 IT Contract Management will focus on Vendors in Control from different perspectives: Financial in control: We are in control and our costs are in line with budgets License in control: We are compliant and we are not over licensed. When license audits take place we have to be confident and impact is minimal Contract: Depending on the type of contract we have all required clauses such as Escrow, Exit, Right to Audit, Data privacy, assurance. Reporting: Depending on the type of contract we receive relevant and adequate reporting on SLA s and Security Therefore we have created the Vendor Control Framework in cooperation with Legal, Purchasing, Risk Management and Compliance. Categories o Legal o Assurance o Compliance o Security o BCM o SLA o Reporting Control Contractual aspects Infra Outsourcing Vendors SAAS Vendors Business Software License Vendors Infra Softw. and Development Softw. Licenses Vendors BPO Vendors Key Overige Key Overige Key Overige Key Overige Key Overige General Applicable Law x x x x x x x x x x NDA / Confidentiality clause x x x x x x x x x x Third party clause confidentiality x x x x x x Service Description Description of the Service x x x x x x x x x x Use Restrictions Entities/affiliates allowed to use x x x x x x x x x x Scope of Use x x x x x x x x x x Export laws License structure x x x x x x x x Intellectual Property (for Robeco specifics) x x x Robeco 10

11 Risk Analysis for (new) Vendors Type Risk o Organizational risks o Technical risks o Compliance Risks Risk based on o Probability o Impact o Risk mitigation adjustments o Residual Risk In cooperation with o Operational Risk Management o Security o Business Nr. Risks Description of inherent risk Organizational risks 1 P1. Lock-in Risk of not being able to migrate easily from one provider to another 2 P2. Loss of Governance Control and influence on the cloud providers, and conflicts betw een customer hardening procedures and the cloud environment. 3 P3. Compliance challenges The risk of CP s w hich cannot provide evidence of compliancy to all relevant requirements, policies, law s etc. 4 P4. Loss of business reputation due to cotenant activities tenant affecting the reputation of another tenant. Risk of malicious activities carried out by one 5 P5. Cloud service termination or failure The risk of providers to go out of business. The risk of unclear data ow nership. 6 P6. Cloud provider acquisition Acquisition of the cloud provider could increase the likelihood of a strategic shift and may put nonbinding agreements at risk. 7 P7. Supply chain failure A cloud computing provider can outsource certain specialized tasks of its production chain to third parties. The risk of non-compliancy of those subcontractors. 8 Changing regulations This risk of changes in law s and regulations could impact the requirements for both the financial institution and the cloud provider. Changes in regulations could also impact the risks for the outsourcer. 9 Insufficient skills and know ledge to identify risks related to Outsourcing / Cloud computing If the financial institution has insufficient know ledge to identify the risks involved or to assess the operational effectiveness of the controls af the Cloud Service Provider outsourcing is not allow ed. Monitoring outsourcing requires specific skills and know ledge. Robeco 11

12 3 rd party key vendors The following criteria (at least 2 scored per vendor) are used to define 3 rd party key vendors. Budget of the vendor for the current year: > xxxxx Operational risk of the services delivered by the vendor based on the Kraljic score: > 2,5 The service of the vendor supports one of the key-processes of Robeco, such as: Front Office: Investment portfolio management, trading, securities lending Back office : Operations and accounting Retail: Operations, Sales en Marketing Corporate Departments: Risk management, Group Finance and HR IT: core infrastructure, Development BPO: Pension Providers, Private Equity Robeco 12

13 Lessons Learned from Cloud projects Execute a thorough risk analyses; Ensure involvement and commitment from Compliance, Risk Management, Legal and Audit during the risk analysis, contract negotiation and continue during implementation; Ensure commitment from Senior Management. In our case we have involved the In Control Board and the Management Board in our decision making process; Involve DNB early in the process; Multi Vendor Agile working requires extensive coordination; Highly frequent program board meetings to discuss issues and risks. Realize Regie for a (Cloud Provider) is not an IT-party. Take care for a management organization in house with knowledge. Ensure there are good governance arrangements. Robeco 13

14 Cloud: Risk or Opportunity Standard (Service, SLA, Contract) Liability Regulators (Right to Examine) (Wft / BPr) Integration Cost Attractive and efficient Stay up to date (Follow the roadmap) Patriot Act Vendor Lock in Vendor Security Policy Data Privacy Data Location In Control Customization & Configuration Stability & Continuity 14

15 WE DO!!!! Robeco 15

Case Study Cloud Computing

Case Study Cloud Computing Case Study Cloud Computing Rotterdam Juli 2013 Robeco Ton Ligtvoet, Manager IT Contracts and Infra Projects For institutional investors 1 Facts and figures Robeco IT Servicing Asset Management, Pension

More information

Residual risk. 3 Compliance challenges (i.e. right to examine, exit clause, privacy acy etc.)

Residual risk. 3 Compliance challenges (i.e. right to examine, exit clause, privacy acy etc.) Organizational risks 1 Lock-in Risk of not being able to migrate easily from one provider to another 2 Loss of Governance Control and influence on the cloud providers, and conflicts between customer hardening

More information

Cloud Computing. Cloud Computing An insight in the Governance & Security aspects

Cloud Computing. Cloud Computing An insight in the Governance & Security aspects Cloud Computing An insight in the Governance & Security aspects AGENDA Introduction Security Governance Risks Compliance Recommendations References 1 Cloud Computing Peter Hinssen, The New Normal, 2010

More information

LEGAL ISSUES IN CLOUD COMPUTING

LEGAL ISSUES IN CLOUD COMPUTING LEGAL ISSUES IN CLOUD COMPUTING RITAMBHARA AGRAWAL INTELLIGERE 1 CLOUD COMPUTING Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing

More information

Security Challenges of Cloud Providers ( Wie baue ich sichere Luftschlösser in den Wolken )

Security Challenges of Cloud Providers ( Wie baue ich sichere Luftschlösser in den Wolken ) 23.11.2015 Jan Philipp Manager, Cyber Risk Services Enterprise Architect Security Challenges of Cloud Providers ( Wie baue ich sichere Luftschlösser in den Wolken ) Purpose today Introduction» Who I am

More information

ISO 27002:2013 Version Change Summary

ISO 27002:2013 Version Change Summary Information Shield www.informationshield.com 888.641.0500 sales@informationshield.com Information Security Policies Made Easy ISO 27002:2013 Version Change Summary This table highlights the control category

More information

Orchestrating the New Paradigm Cloud Assurance

Orchestrating the New Paradigm Cloud Assurance Orchestrating the New Paradigm Cloud Assurance Amsterdam 17 January 2012 John Hermans - Partner Current business challenges versus traditional IT Organizations are challenged with: Traditional IT seems

More information

Draft Information Technology Policy

Draft Information Technology Policy Draft Information Technology Policy Version 3.0 Draft Date June 2014 Status Draft Approved By: Table of Contents 1.0 Introduction... 6 Background... 6 Purpose... 6 Scope... 6 Legal Framework... 6 2.0 Software

More information

IIA South West Event. A look at key supply chain risks and why contracting is a key step 14 January 2015

IIA South West Event. A look at key supply chain risks and why contracting is a key step 14 January 2015 IIA South West Event A look at key supply chain risks and why contracting is a key step 14 January 2015 Objectives and agenda Page The contact at KPMG with respect to this presentation is: Iain Prince

More information

Managing Cloud Computing Risk

Managing Cloud Computing Risk Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify

More information

CPNI VIEWPOINT 01/2010 CLOUD COMPUTING

CPNI VIEWPOINT 01/2010 CLOUD COMPUTING CPNI VIEWPOINT 01/2010 CLOUD COMPUTING MARCH 2010 Acknowledgements This viewpoint is based upon a research document compiled on behalf of CPNI by Deloitte. The findings presented here have been subjected

More information

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.

More information

What s the Path? Information Life-cycle part of Vendor Management

What s the Path? Information Life-cycle part of Vendor Management Disclaimer The materials provided in this presentation and any comments or information provided by the presenter are for educational purposes only and nothing conveyed or provided should be considered

More information

Cloud Security Introduction and Overview

Cloud Security Introduction and Overview Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious

More information

Audit Report. Effectiveness of IT Controls at the Global Fund Follow-up report. GF-OIG-15-20b 26 November 2015 Geneva, Switzerland

Audit Report. Effectiveness of IT Controls at the Global Fund Follow-up report. GF-OIG-15-20b 26 November 2015 Geneva, Switzerland Audit Report Effectiveness of IT Controls at the Global Fund Follow-up report GF-OIG-15-20b Geneva, Switzerland Table of Contents I. Background and scope... 3 II. Executive Summary... 4 III. Status of

More information

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 1 VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 2 Agenda Introduction Vendor Management what is? Available Guidance Vendor Management

More information

EXIN Cloud Computing Foundation

EXIN Cloud Computing Foundation EXIN Cloud Computing Foundation Sample exam Edition 201606 Copyright 2016 EXIN All rights reserved. No part of this publication may be published, reproduced, copied or stored in a data processing system

More information

Cloud Computing: Background, Risks and Audit Recommendations

Cloud Computing: Background, Risks and Audit Recommendations Cloud Computing: Background, Risks and Audit Recommendations October 30, 2014 Table of Contents Cloud Computing: Overview 3 Multiple Models of Cloud Computing 11 Deployment Models 16 Considerations For

More information

Acquia Comments on EU Recommendations for Data Processing in the Cloud

Acquia Comments on EU Recommendations for Data Processing in the Cloud Acquia Comments on EU Recommendations for Data Processing in the Cloud Executive Summary On July 1, 2012, European Union (EU) data protection regulators provided guidelines for service providers processing

More information

Cloud computing: benefits, risks and recommendations for information security

Cloud computing: benefits, risks and recommendations for information security Cloud computing: benefits, risks and recommendations for information security Dr Giles Hogben Secure Services Programme Manager European Network and Information Security Agency (ENISA) Goals of my presentation

More information

Domain 1 The Process of Auditing Information Systems

Domain 1 The Process of Auditing Information Systems Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge

More information

Securing the Cloud with IBM Security Systems. IBM Security Systems. 2012 IBM Corporation. 2012 2012 IBM IBM Corporation Corporation

Securing the Cloud with IBM Security Systems. IBM Security Systems. 2012 IBM Corporation. 2012 2012 IBM IBM Corporation Corporation Securing the Cloud with IBM Security Systems 1 2012 2012 IBM IBM Corporation Corporation IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns

More information

IT Audit in the Cloud

IT Audit in the Cloud IT Audit in the Cloud Pavlina Ivanova, CISM ISACA-Sofia Chapter Content: o 1. Introduction o 2. Cloud Computing o 3. IT Audit in the Cloud o 4. Residual Risks o Used Resources o Questions 1. ISACA Trust

More information

WP9 D9.5 Risk Analysis and Countermeasures

WP9 D9.5 Risk Analysis and Countermeasures WP9 D9.5 Risk Analysis and Countermeasures Risk Analysis approach for the Cloud for Europe PCP pilots Friday 20150911 Jan Colpaert Fedict, BE Starting points - observations any Before using cloud technology,

More information

The HR Skinny: Effectively managing international employee data flows

The HR Skinny: Effectively managing international employee data flows The HR Skinny: Effectively managing international employee data flows Topics we will cover today Laws affecting HR data flows HR international data protection challenges and strategic solutions Case study

More information

Article 29 Working Party Issues Opinion on Cloud Computing

Article 29 Working Party Issues Opinion on Cloud Computing Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,

More information

Comparison of Controls between ISO/IEC 27001:2013 & ISO/IEC 27001:2005

Comparison of Controls between ISO/IEC 27001:2013 & ISO/IEC 27001:2005 Comparison of Controls between ISO/IEC 27001:2013 & ISO/IEC 27001:2005 Introduction The new standard ISO/IEC 27001:2013 has been released officially on 1 st October 2013. Since we understand that information

More information

Cloud Security & Risk Management PRESENTATION AT THE OPEN GROUP CONFERENCE

Cloud Security & Risk Management PRESENTATION AT THE OPEN GROUP CONFERENCE Cloud Security & Risk Management PRESENTATION AT THE OPEN GROUP CONFERENCE MARCH 2011 Image Area VARAD G. VARADARAJAN ENTERPRISE ARCHITECTURE COE COGNIZANT TECHNOLOGY SOLUTIONS For details please email:

More information

Cloud Service Rollout. Chapter 9

Cloud Service Rollout. Chapter 9 Cloud Service Rollout Chapter 9 Cloud Service Topics Cloud service rollout plans vary depending on the type of cloud service SaaS, PaaS, or IaaS and the vendor. Unit Topics Identifying vendor roles and

More information

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225

More information

Corporate Presentation 2016

Corporate Presentation 2016 Corporate Presentation 2016 2 AGENDA About SPAMINA Cool Vendor 2016 The Security Challenge 3 Concerns over data protection and confidentiality Why Spamina? SPAMINA Platform 4 Parla Secure Cloud Email ParlaMI

More information

Software as a Service Decision Guide and Best Practices

Software as a Service Decision Guide and Best Practices Software as a Service Decision Guide and Best Practices Purpose of this document Software as a Service (SaaS) is software owned, delivered and managed remotely by one or more providers [Gartner, SaaS Hype

More information

EuroCloud Star Audit. A strong partnership that provides you with a competitive advantage

EuroCloud Star Audit. A strong partnership that provides you with a competitive advantage EuroCloud Star Audit A strong partnership that provides you with a competitive advantage Strong and advantageous? 5 topics to consider 99% of all organisations are SME, with little internal Know- how.

More information

Protec'ng Data and Privacy in a World of Clouds and Third Par'es Vincent Campitelli

Protec'ng Data and Privacy in a World of Clouds and Third Par'es Vincent Campitelli Protec'ng Data and Privacy in a World of Clouds and Third Par'es Vincent Campitelli Vice President, IT Risk Management McKesson Corpora-on What is Your Business Model? Economic Moats In business, I look

More information

Understanding the Software Contracts Process

Understanding the Software Contracts Process Understanding the Software Contracts Process By John Seidl, Partner Tompkins Associates More and more often, companies are purchasing supply chain software from commercial software vendors rather than

More information

Applying Business Architecture to the Cloud

Applying Business Architecture to the Cloud Applying Business Architecture to the Cloud Mike Rosen, Chief Scientist Mike.Rosen@ WiltonConsultingGroup.com Michael Rosen Agenda n What do we mean by the cloud? n Sample architecture and cloud support

More information

Adopting Cloud Computing with a RISK Mitigation Strategy

Adopting Cloud Computing with a RISK Mitigation Strategy Adopting Cloud Computing with a RISK Mitigation Strategy TS Yu, OGCIO 21 March 2013 1. Introduction 2. Security Challenges Agenda 3. Risk Mitigation Strategy Before start using When using 4. Policy & Guidelines

More information

Written Testimony. Mark Kneidinger. Director, Federal Network Resilience. Office of Cybersecurity and Communications

Written Testimony. Mark Kneidinger. Director, Federal Network Resilience. Office of Cybersecurity and Communications Written Testimony of Mark Kneidinger Director, Federal Network Resilience Office of Cybersecurity and Communications U.S. Department of Homeland Security Before the U.S. House of Representatives Committee

More information

EAaaS Cloud Security Best Practices

EAaaS Cloud Security Best Practices EAaaS Cloud Security Best Practices A Technical White Paper by Sennovate Inc Jan 2013 EAaaS Cloud Security Best Practices Page 1 Introduction: Cloud security is an ever evolving subject that is difficult

More information

Creating Dynamic IT Infrastructure at Reduced Cost with Cloud Computing

Creating Dynamic IT Infrastructure at Reduced Cost with Cloud Computing Creating Dynamic IT Infrastructure at Reduced Cost with Cloud Computing White Paper Date: 12/9/2011 Version: 0.4 (Final) Author: Matt Baker, Clarity Business and IT Solutions Creating Dynamic IT Infrastructure

More information

Enterprise Architecture Program

Enterprise Architecture Program IT@UMN Enterprise Architecture Program Guiding Principles 1 Page Enterprise Architecture Guiding Principles Enterprise architecture guiding principles must be considered for all academic and administrative

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

Validating Enterprise Systems: A Practical Guide

Validating Enterprise Systems: A Practical Guide Table of Contents Validating Enterprise Systems: A Practical Guide Foreword 1 Introduction The Need for Guidance on Compliant Enterprise Systems What is an Enterprise System The Need to Validate Enterprise

More information

State of Oregon. State of Oregon 1

State of Oregon. State of Oregon 1 State of Oregon State of Oregon 1 Table of Contents 1. Introduction...1 2. Information Asset Management...2 3. Communication Operations...7 3.3 Workstation Management... 7 3.9 Log management... 11 4. Information

More information

Software Defined Hybrid IT. Execute your 2020 plan

Software Defined Hybrid IT. Execute your 2020 plan Software Defined Hybrid IT Execute your 2020 plan Disruptive Change Changing IT Service Delivery Cloud Computing Social Computing Big Data Mobility Cyber Security 2015 Unisys Corporation. All rights reserved.

More information

Cloud Security Trust Cisco to Protect Your Data

Cloud Security Trust Cisco to Protect Your Data Trust Cisco to Protect Your Data As cloud adoption accelerates, organizations are increasingly placing their trust in third-party cloud service providers (CSPs). But can you fully trust your most sensitive

More information

Cloud Computing. Hot topics in relation to security, liability and privacy. Steven De Schrijver

Cloud Computing. Hot topics in relation to security, liability and privacy. Steven De Schrijver Cloud Computing Hot topics in relation to security, liability and privacy Steven De Schrijver Cloud Computing : who and what is involved? Data Cloud Service Provider (e.g. SaaS, PaaS, IaaS) Sub-contractor

More information

Study on Cloud security in Japan

Study on Cloud security in Japan Study on Cloud security in Japan 2011/February Professor Yonosuke HARADA INSTITUTE of INFORMATION SECURITY (C) ITGI Japan Content 1 Background 2 Survey 2.1 Respondents 2.2 User on cloud services 2.3 Risk

More information

Introduction to AWS Security July 2015

Introduction to AWS Security July 2015 Introduction to AWS Security July 2015 Page 1 of 7 Table of Contents Introduction... 3 Security of the AWS Infrastructure... 3 Security Products and Features... 4 Network Security... 4 Inventory and Configuration

More information

Achieve Economic Synergies by Managing Your Human Capital In The Cloud

Achieve Economic Synergies by Managing Your Human Capital In The Cloud Achieve Economic Synergies by Managing Your Human Capital In The Cloud By Orblogic, March 12, 2014 KEY POINTS TO CONSIDER C LOUD S OLUTIONS A RE P RACTICAL AND E ASY TO I MPLEMENT Time to market and rapid

More information

What Is The Cloud And How Can Your Agency Use It. Tom Konop Mark Piontek Cathleen Christensen

What Is The Cloud And How Can Your Agency Use It. Tom Konop Mark Piontek Cathleen Christensen What Is The Cloud And How Can Your Agency Use It Tom Konop Mark Piontek Cathleen Christensen Video Computer Basics: What is the Cloud What is Cloud Computing Cloud Computing Basics The use of the word

More information

Team A SaaS Strategy

Team A SaaS Strategy Team A SaaS Strategy What is a strategy? Strategy is the direction and scope of an organization over the long-term term: : which achieves advantages for the organization through its configuration of resources

More information

EXIN Cloud Computing Foundation

EXIN Cloud Computing Foundation Sample Questions EXIN Cloud Computing Foundation Edition April 2013 Copyright 2013 EXIN All rights reserved. No part of this publication may be published, reproduced, copied or stored in a data processing

More information

Cloud Computing. Bringing the Cloud into Focus

Cloud Computing. Bringing the Cloud into Focus Cloud Computing Bringing the Cloud into Focus November 2011 Introduction Ken Cochrane CEO, IT/NET Partner, KPGM Performance and Technology National co-leader IT Advisory Services KPMG Andrew Brewin Vice

More information

Cloud Security Trust Cisco to Protect Your Data

Cloud Security Trust Cisco to Protect Your Data Trust Cisco to Protect Your Data As cloud adoption accelerates, organizations are increasingly placing their trust in third-party cloud service providers (CSPs). But can you fully trust your most sensitive

More information

Private & Hybrid Cloud: Risk, Security and Audit. Scott Lowry, Hassan Javed VMware, Inc. March 2012

Private & Hybrid Cloud: Risk, Security and Audit. Scott Lowry, Hassan Javed VMware, Inc. March 2012 Private & Hybrid Cloud: Risk, Security and Audit Scott Lowry, Hassan Javed VMware, Inc. March 2012 Private and Hybrid Cloud - Risk, Security and Audit Objectives: Explain the technology and benefits behind

More information

SATURDAY, FEBRUARY 28, 2015 CLE 10 (Ethics) 9:30 a.m. 10:30 a.m. Moving to the Cloud - Identifying & Managing Legal, Ethical and Compliance Risks

SATURDAY, FEBRUARY 28, 2015 CLE 10 (Ethics) 9:30 a.m. 10:30 a.m. Moving to the Cloud - Identifying & Managing Legal, Ethical and Compliance Risks SATURDAY, FEBRUARY 28, 2015 CLE 10 (Ethics) 9:30 a.m. 10:30 a.m. Moving to the Cloud - Identifying & Managing Legal, Ethical and Compliance Risks Moving to the Cloud - Identifying & Managing Legal, Ethical

More information

WHITE PAPER. Mitigate BPO Security Issues

WHITE PAPER. Mitigate BPO Security Issues WHITE PAPER Mitigate BPO Security Issues INTRODUCTION Business Process Outsourcing (BPO) is a common practice these days: from front office to back office, HR to accounting, offshore to near shore. However,

More information

What Cloud computing means in real life

What Cloud computing means in real life ITU TRCSL Symposium on Cloud Computing Session 2: Cloud Computing Foundation and Requirements What Cloud computing means in real life Saman Perera Senior General Manager Information Systems Mobitel (Pvt)

More information

International Journal of Innovative Technology & Adaptive Management (IJITAM) ISSN: 2347-3622, Volume-1, Issue-5, February 2014

International Journal of Innovative Technology & Adaptive Management (IJITAM) ISSN: 2347-3622, Volume-1, Issue-5, February 2014 An Overview on Cloud Computing Services And Related Threats Bipasha Mallick Assistant Professor, Haldia Institute Of Technology bipasm@gmail.com Abstract. Cloud computing promises to increase the velocity

More information

Important Considerations for Ariba Implementations: Case OP

Important Considerations for Ariba Implementations: Case OP Important Considerations for Ariba Implementations: Case OP SAPSA Impuls Conference 18.11.2015, Stockholm Olli Sihvonen (olli.sihvonen@accenture.com) SAP Sourcing & Procurement Lead, Accenture Finland

More information

Is Your Data Safe in the Cloud?

Is Your Data Safe in the Cloud? Is Your Data Safe in the? Is Your Data Safe in the? : Tactics and Any organization likely to be using public cloud computing are also likely to be storing data in the cloud. Yet storing data in the cloud

More information

NSW Government. Data Centre & Cloud Readiness Assessment Services Standard. v1.0. June 2015

NSW Government. Data Centre & Cloud Readiness Assessment Services Standard. v1.0. June 2015 NSW Government Data Centre & Cloud Readiness Assessment Services Standard v1.0 June 2015 ICT Services Office of Finance & Services McKell Building 2-24 Rawson Place SYDNEY NSW 2000 standards@finance.nsw.gov.au

More information

Adding Cloud Solutions to Customer Contracts Robert J. Scott

Adding Cloud Solutions to Customer Contracts Robert J. Scott Adding Cloud Solutions to Customer Contracts Robert J. Scott MSP vs. Cloud Who owns the hardware? Where does the data reside? Dedicated vs. Multi tenant? Who contracts with 3 rd parties? How are services

More information

Cloud Computing Governance & Security. Security Risks in the Cloud

Cloud Computing Governance & Security. Security Risks in the Cloud Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud

More information

Cloud Sourcing New Market Dynamics Require Changes To Sourcing Strategy. Gaetano Santucci November 2012

Cloud Sourcing New Market Dynamics Require Changes To Sourcing Strategy. Gaetano Santucci November 2012 Cloud Sourcing New Market Dynamics Require Changes To Sourcing Strategy Gaetano Santucci November 2012 Four powerful dynamics are reshaping the IT services ecosystem The innovation revolution The tech

More information

Securely Outsourcing to the Cloud: Five Key Questions to Ask

Securely Outsourcing to the Cloud: Five Key Questions to Ask WHITE PAPER JULY 2014 Securely Outsourcing to the Cloud: Five Key Questions to Ask Russell Miller Tyson Whitten CA Technologies, Security Management 2 WHITE PAPER: SECURELY OUTSOURCING TO THE CLOUD: FIVE

More information

Intel Enhanced Data Security Assessment Form

Intel Enhanced Data Security Assessment Form Intel Enhanced Data Security Assessment Form Supplier Name: Address: Respondent Name & Role: Signature of responsible party: Role: By placing my name in the box above I am acknowledging that I am authorized

More information

Private vs. Public Cloud Solutions

Private vs. Public Cloud Solutions Private vs. Public Cloud Solutions Selecting the right cloud technology to fit your organization Introduction As cloud storage evolves, different cloud solutions have emerged. Our first cloud whitepaper

More information

Virginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101

Virginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101 Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro

More information

Realizing the Value Proposition of Cloud Computing

Realizing the Value Proposition of Cloud Computing Realizing the Value Proposition of Cloud Computing CIO s Enterprise IT Strategy for Cloud Jitendra Pal Thethi Abstract Cloud Computing is a model for provisioning and consuming IT capabilities on a need

More information

Cloud computing Alessandro Galtieri Pavel Klimov Severin Loeffler

Cloud computing Alessandro Galtieri Pavel Klimov Severin Loeffler Cloud computing Alessandro Galtieri, Senior Lawyer, Colt Technology Services, London, UK Pavel Klimov, General Counsel EMEA, Unisys, London, UK Severin Loeffler, Assistant General Counsel, Central Eastern

More information

Security Threat Risk Assessment: the final key piece of the PIA puzzle

Security Threat Risk Assessment: the final key piece of the PIA puzzle Security Threat Risk Assessment: the final key piece of the PIA puzzle Curtis Kore, Information Security Analyst Angela Swan, Director, Information Security Agenda Introduction Current issues The value

More information

Cloud Computing: Contracting and Compliance Issues for In-House Counsel

Cloud Computing: Contracting and Compliance Issues for In-House Counsel International In-house Counsel Journal Vol. 6, No. 23, Spring 2013, 1 Cloud Computing: Contracting and Compliance Issues for In-House Counsel SHAHAB AHMED Director Legal and Corporate Affairs, Microsoft,

More information

On Premise Vs Cloud: Selection Approach & Implementation Strategies

On Premise Vs Cloud: Selection Approach & Implementation Strategies On Premise Vs Cloud: Selection Approach & Implementation Strategies Session ID#:10143 Prepared by: Praveen Kumar Practice Manager AST Corporation @Praveenk74 REMINDER Check in on the COLLABORATE mobile

More information

Security Officer s Checklist in a Sourcing Deal

Security Officer s Checklist in a Sourcing Deal Security Officer s Checklist in a Sourcing Deal Guide Share Europe Ostend, May 9th 2014 Johan Van Mengsel IBM Distinguished IT Specialist IBM Client Abstract Sourcing deals creates opportunities and challenges.

More information

Microsoft Dynamics CRM 2011 Customization and Configuration

Microsoft Dynamics CRM 2011 Customization and Configuration Course 80294B: Microsoft Dynamics CRM 2011 Customization and Configuration Course Details Course Outline Module 1: Business Units and Security Roles This module explains how to create and configure Business

More information

Cloud Security Fails & How the SDLC could (not?) have prevented them

Cloud Security Fails & How the SDLC could (not?) have prevented them Cloud Security Fails & How the SDLC could (not?) have prevented them CSA CEE Summit 2015, Ljubjana By Christopher Scheuring, ERNW Germany #2 /whoami Christopher Scheuring Security Analyst @ ERNW Since

More information

Supplier Security Assessment Questionnaire

Supplier Security Assessment Questionnaire HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.

More information

Refresher on cloud computing

Refresher on cloud computing Refresher on cloud computing Cloud computing is a form of outsourcing where the organization outsources data processing to computers owned by the vendor. Outsourcing may also include utilizing the vendor

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

Information Security Team

Information Security Team Title Document number Add document Document status number Draft Owner Approver(s) CISO Information Security Team Version Version history Version date 0.01-0.05 Initial drafts of handbook 26 Oct 2015 Preface

More information

GMI CLOUD SERVICES. GMI Business Services To Be Migrated: Deployment, Migration, Security, Management

GMI CLOUD SERVICES. GMI Business Services To Be Migrated: Deployment, Migration, Security, Management GMI CLOUD SERVICES Deployment, Migration, Security, Management SOLUTION OVERVIEW BUSINESS SERVICES CLOUD MIGRATION Founded in 1983, General Microsystems Inc. (GMI) is a holistic provider of product and

More information

Cloud security architecture

Cloud security architecture ericsson White paper Uen 284 23-3244 January 2015 Cloud security architecture from process to deployment The Trust Engine concept and logical cloud security architecture presented in this paper provide

More information

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security

More information

Retention & Disposition in the Cloud Do you really have control?

Retention & Disposition in the Cloud Do you really have control? InterPARES Trust Retention & Disposition in the Cloud Do you really have control? Franks Patricia, San Jose State University, San Jose, USA and Alan Doyle, University of British Columbia, Canada October

More information

Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015

Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015 Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015 The following comprises a checklist of areas that genomic research organizations or consortia (collectively referred

More information

CLOUD MIGRATION STRATEGIES

CLOUD MIGRATION STRATEGIES CLOUD MIGRATION STRATEGIES Faculty Contributor: Dr. Rahul De Student Contributors: Mayur Agrawal, Sudheender S Abstract This article identifies the common challenges that typical IT managers face while

More information

THIRD PARTY. T i m L i e t z R e g i o n a l P r a c t i c e L e a d e r R i s k A d v i s o r y S e r v i c e s

THIRD PARTY. T i m L i e t z R e g i o n a l P r a c t i c e L e a d e r R i s k A d v i s o r y S e r v i c e s MANAGING THIRD PARTY RISK T i m L i e t z R e g i o n a l P r a c t i c e L e a d e r R i s k A d v i s o r y S e r v i c e s Experis -- a different kind of talent company. Experis Tuesday, January 08,

More information

The European Cloud Journey. Gabriella Cattaneo, European Government Consulting IDC s European Cloud Research Team February 24, 2014

The European Cloud Journey. Gabriella Cattaneo, European Government Consulting IDC s European Cloud Research Team February 24, 2014 The European Cloud Journey Gabriella Cattaneo, European Government Consulting IDC s European Cloud Research Team February 24, 2014 The Cloud market grows fast (Forecast 2014, WE) Market Value Bill. 10.2

More information

Project Type Guide. Project Planning and Management (PPM) V2.0. Custom Development Version 1.1 January 2014. PPM Project Type Custom Development

Project Type Guide. Project Planning and Management (PPM) V2.0. Custom Development Version 1.1 January 2014. PPM Project Type Custom Development Project Planning and Management (PPM) V2.0 Project Type Guide Custom Development Version 1.1 January 2014 Last Revision: 1/22/2014 Page 1 Project Type Guide Summary: Custom Development Custom software

More information

Cloud Risk Management: How to Consolidate your CSP and Corporate Risk Profile

Cloud Risk Management: How to Consolidate your CSP and Corporate Risk Profile Cloud Risk Management: How to Consolidate your CSP and Corporate Risk Profile Jerry Wertelecky, CPA, Fellow HKIoD & Managing Director INTRODUCTION Jerry Wertelecky Country of Birth: United States Current

More information

D. L. Corbet & Assoc., LLC

D. L. Corbet & Assoc., LLC Demystifying the Cloud OR Cloudy with a Chance of Data D. L. Corbet & Assoc., LLC thelinuxguy@donet.com Why 'The Cloud' Common Clouds Considerations and Risk Why 'The Cloud' Distributed Very Large / Very

More information

USE OF CLOUD COMPUTING BY SMALL AND MEDIUM ENTERPRISES

USE OF CLOUD COMPUTING BY SMALL AND MEDIUM ENTERPRISES 1 USE OF CLOUD COMPUTING BY SMALL AND MEDIUM ENTERPRISES Introduction Small and Medium Enterprises (SMEs) are the drivers of a nation s economy SMEs are leading the way for entering new global markets

More information

Asia/Pacific. Yanna Dharmasthira

Asia/Pacific. Yanna Dharmasthira Trends and Directions of SaaSS in Asia/Pacific Yanna Dharmasthira October 2013 Notes accompany this presentation. Please select Notes Page view. These materials can be reproduced only with written approval

More information

Cloud Computing: Legal Risks and Best Practices

Cloud Computing: Legal Risks and Best Practices Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent

More information

Third Party Security Guidelines. e-governance

Third Party Security Guidelines. e-governance for e-governance Draft DEPARTMENT OF ELECTRONICS AND INFORMATION TECHNOLOGY Ministry of Communication and Information Technology, Government of India. Document Control S/L Type of Information Document

More information

EXECUTIVE SUMMARY. Cloud Pilot Project - Final Report

EXECUTIVE SUMMARY. Cloud Pilot Project - Final Report EXECUTIVE SUMMARY Cloud-based as-a-service offerings present significant opportunities for government to benefit from scalable multi-tenanted environments, lower costs per-user, improved business processes

More information

Assessing Risks in the Cloud

Assessing Risks in the Cloud Assessing Risks in the Cloud Jim Reavis Executive Director Cloud Security Alliance Agenda Definitions of Cloud & Cloud Usage Key Cloud Risks About CSA CSA Guidance approach to Addressing Risks Research

More information

How to Protect Intellectual Property While Offshore Outsourcing?

How to Protect Intellectual Property While Offshore Outsourcing? WHITE PAPER [Type text] How to Protect Intellectual Property While Offshore Outsourcing? In an era of increasing data theft, it is important for organizations to ensure that the Intellectual Property related

More information