Aegon's Internal Cloud Broker

Transcription

1 Aegon's Internal Cloud Broker Cloud FS Americas Metropolitan West, NYC July 21, 2015 John Linn

2 Aegon at a glance Focus History Rating About Aegon Life insurance, pensions & asset management Dating back 170 years AA- financial strength rating Countries Employees Present in over 20 countries across the world Around 28,000 employees As per March 31, 2015 Underlying earnings before tax in 2014 Revenue-generating investments Paid out in claims and benefits in 2014 Our results EUR 1.9 billion EUR 638 billion EUR 34 billion 2 As per March 31, 2015

3 Navigating Opposing Forces Opportunities: Next-gen technologies provide a competitive advantage Easy, low cost entry (rent versus own) Scalable, flexible, and ubiquitous Interest in integrating Cloud services with on premise Constraints: Cloudy Thinking Money, Security, All or Nothing Efforts trapped in isolation Downside danger of service provider termination or lock-in Regulatory compliance 3

4 Hurdles Taxes Risk Assessment Adopting Common Global Solutions & Local Regulators Right to Audit Contracts Data Sovereignty Data Protection Directive Business Continuity Data Privacy Security Standards $ Cloud Hangover Cloud Provider Selection Governing the Ungovernable You must be THIS TALL To Ride This Ride 4

5 Emerging Needs Workload consulting Identification of total cost of ownership (TCO) and quantifying benefits Cloud services register of approved Cloud services Common third-party risk management process to identify blockers early Operational support Workload Deployment Definition Identifying a Cloud Use Case Selection Vendor Comparison and Decision Deployment Development, Integration, and Portability Management Aggregation, Portal & Billing Customization, and Runtime Support 5

6 Third Party Risk Management Framework Plans, Metrics, Risk Classification, and Governance Due Diligence (including resiliency and critical fourth parties) & third party selection Contract negotiation Roles and responsibilities for oversight and relationship management Documentation and reporting Ongoing monitoring Termination, including contingency plans Procurement Process Independent Review (assessment to determine process alignment with strategy and risk management effectiveness) 6

7 Clarification Through RASCI R Who is Responsible? The person who has to do it A Who is Accountable? The final decision maker S Who is Supporting? Resources allocated to responsible to help carry out the task C Who is Consulted? Persons requiring two way communication before a decision I Who is Informed? The person kept up-to-date or told after a decision 7

8 Exit Ongoing Monitoring Example: Ongoing Monitoring of Third Party Business Unit (BU) - 1st Line Functional Roles Risk 2nd Line Cloud Broker Outputs RASCI Business Owner Management C-Level Project Team 3rd party Relationship Manager Subject Mater Experts Design Authority Procurement Legal Compliance Information Security Chief Risk Officer (CRO) Operational Risk Management Mgrs Local Operational Risk Committees Global Risk Cloud Consulting Cloud Design and Build Cloud Run Global Procurement Deliverable Artifact / Outcome Third Party Outsourcing Monitoring Ongoing Monitoring Periodically monitor costs, performance, and ability to comply with contract, legal requirements, third party resiliency and financial I A/R C C C C I R health, and critical fourth parties Report on design & effectiveness of internal controls with third party I A/R I I I R Report on risks with third party I A/R I I C/I R Should arrangement be terminated? A R C C C I R Invoke contingency plan / exit strategy C A/R R R S C I R Terminate arrangement C A/R R R I I R RASCI Assignments shown in Red are only applicable when the solution chosen is a cloud offering. Begin Monitor costs, performance, contract compliance, legal requirements, third party resiliency and financial health, and critical fourth parties Report on internal controls effectiveness Report on risks with third party Terminate arrangement? No Yes 8 Invoke contingency plan / exit strategy Terminate arrangement End

9 Cloud Broker Services Business Unit Shadow IT Business Unit Solution Architects Cloud Brokering Cloud Consulting Cloud Design and Construction Cloud Operations 9 Central go-to team for business units and other global stakeholders for Cloud services Provides assurance new Cloud capabilities adhere to policies and requirements Ensures Cloud capabilities align with business and technical requirements by leveraging existing processes Define reference architecture and service blueprints (for example, integration layers) Engineer and implement automated platforms and solutions Plan and manage projects Provide configuration change, release and deployment management Test, validate and evaluate services Operate and monitor services and components Provide capacity, availability and service level management Perform incident and problem management Provide request fulfilment Maintain Cloud and Automation infrastructure Oversee and manage automated processes (patching, compliance, etc.)

10 Upcoming events Questions? May June Annual General Meeting of Shareholders The Hague May 20, 2015 JP Morgan insurance conference London June 2, 2015 Goldman Sachs conference London June 15,