Sogeti: Cloud Case Regie 1 July
|
|
- Vincent Preston
- 7 years ago
- Views:
Transcription
1 Sogeti: Cloud Case Regie 1 July Robeco Ronald Koot For institutional investors 1
2 Content Robeco Sourcing / Cloud strategy Vendor Controls Cloud Case Robeco 2
3 Facts and Figures Founded in Rotterdam in 1929 Currently part of Orix group after acquisition in 2013 Part of Rabobank group during the decision and implementation Cloud Solutions A pure-play asset manager: investing is all that we do with an active investment style Core investment capabilities complemented by specialized subsidiaries Global leader in sustainability investing 1,500 employees in 13 countries across Europe, the US, the Middle East, Asia and Australia IT Strategy of standardization and reduction of complexity IT Strategy of reducing costs 3
4 Facts and Figures Robeco IT Facts en Figures 120 FTE (internal and external); Servicing Asset Management, Pension Solutions, Retail and Corporate Departments; Servicing around 1000 people in the Netherlands; Servicing around 200 people internationally (mainly in 6 sales offices) with Wide Area Network and a limited number global applications (such as Trading, CRM and Office365). 4
5 Robeco-IT Outsourcing and Cloud perspective Robeco is an early adopter in the financial services sector regarding IT Sourcing and Cloud; Robeco has a culture of being challenging, opportunistic, entrepreneurial and pragmatic approach/attitude towards IT Sourcing providers; We have limited own IT : We have outsourced our infrastructure (Datacenter, WAN, Desktop, Service Desk); We have minimal custom developed software (mainly in Integration and End User Computing); We have a highly virtualized environment without mainframes as of the end of 2013; We have multiple SaaS and Cloud solutions deployed. Our cloud decisions are based on an extensive risk analysis: Policy and Organizational risks such as loss over governance, cloud service termination and lock-in; Technical risks such as data leakage, DDoS, Deletion of Data, Intercepting data in transit, Encryption, data location en separation of environments, virtualization; Legal risks such as data protection, termination, exit clauses/procedures, right to audit; Others risks such a network breaches and traffic, back-ups, lost of log files. 5
6 IT Sourcing Strategy > Cloud (SaaS) Based on the goals of IT Sourcing, challenges and experience, Application sourcing remains a strategic component of IT Sourcing: Continue to implement packages and standard solutions above custom made solutions (Buy before Build principle). Packages and applications can be implemented SaaS based or on premise. Starting points for Application Sourcing SaaS solutions for non core applications and processes; Custom software only for differentiating applications when standard software is not available/suitable; Investments is build around the simplicity architecture (standard packages, potentially SaaS based); Pension Solutions is build around BPO offering; Retail is build around SaaS/Cloud platform and a custom build website OFS; Corporate Domain and Sales & Marketing is build around standard SaaS deliver solutions. Continue using Application specific IT Sourcing (such as SaaS) based on predefined criteria, including: Reuse of the existing applications, solutions, vendor in order to reduce complexity and become cost efficient; Business case; Business criticality, risk impact; Architectural fit and position in the overall landscape; Amount of integration and interfaces with other applications; Data classification. 6
7 Vendor Control Instruments For institutional investors 7
8 Vendor Control Instruments Identified roles in the control of vendors Generic control model for vendors Distinction in type vendors Risk and importance of a vendor for Robeco Vendor Control Framework Risk Analysis 8
9 Waarde Structure of IT Contract Management Depending on the Kraljicscore a Governance will be implemented: Strategic: IT Contract Owner and/or Business Owner have 1 or 2 times a year a strategic meeting with the key 3rd party vendors about developments at Robeco/vendor and, based on performance of the vendor. Tactical: the Vendor Manager is in the lead for organizing a regular meeting, reporting and evaluation of the vendor. Also Business Owner/representatives and/or IT Contract Owner will participate. Operational: Business has regular meetings with vendor on an operational level together with the Vendor Manager Kraljic Analyse Leverancier 12 Leverancier 11 Leverancier 13 Leverancier 14 Leverancier 8 Leverancier 7 Leverancier 4 Leverancier 9 Leverancier 10 Risico Leverancier 3 Leverancier 5 Leverancier 6 Leverancier 1 Leverancier Key roles in the Governance IT Contract Owner Represents GIS in relation to the services (ICT components) delivered by the vendor to the Business Owner. IT Contract Owner is accountable for the budget except for BPO contracts. Business Owner Represents the end-user organization. Is responsible for the functional part of the vendor provided services. Assesses, initiates and approves changes related to the delivered services.. Vendor Manager Facilitates the Vendor Management processes in order to support the Business Owner and the IT Contract Owner with service levels reporting, financial control, contract management and setting up the governance. Purchasing Facilitates the procurement process during the RFI/RFP phase and negotiation. Robeco 9
10 Vendors in Control In 2014 IT Contract Management will focus on Vendors in Control from different perspectives: Financial in control: We are in control and our costs are in line with budgets License in control: We are compliant and we are not over licensed. When license audits take place we have to be confident and impact is minimal Contract: Depending on the type of contract we have all required clauses such as Escrow, Exit, Right to Audit, Data privacy, assurance. Reporting: Depending on the type of contract we receive relevant and adequate reporting on SLA s and Security Therefore we have created the Vendor Control Framework in cooperation with Legal, Purchasing, Risk Management and Compliance. Categories o Legal o Assurance o Compliance o Security o BCM o SLA o Reporting Control Contractual aspects Infra Outsourcing Vendors SAAS Vendors Business Software License Vendors Infra Softw. and Development Softw. Licenses Vendors BPO Vendors Key Overige Key Overige Key Overige Key Overige Key Overige General Applicable Law x x x x x x x x x x NDA / Confidentiality clause x x x x x x x x x x Third party clause confidentiality x x x x x x Service Description Description of the Service x x x x x x x x x x Use Restrictions Entities/affiliates allowed to use x x x x x x x x x x Scope of Use x x x x x x x x x x Export laws License structure x x x x x x x x Intellectual Property (for Robeco specifics) x x x Robeco 10
11 Risk Analysis for (new) Vendors Type Risk o Organizational risks o Technical risks o Compliance Risks Risk based on o Probability o Impact o Risk mitigation adjustments o Residual Risk In cooperation with o Operational Risk Management o Security o Business Nr. Risks Description of inherent risk Organizational risks 1 P1. Lock-in Risk of not being able to migrate easily from one provider to another 2 P2. Loss of Governance Control and influence on the cloud providers, and conflicts betw een customer hardening procedures and the cloud environment. 3 P3. Compliance challenges The risk of CP s w hich cannot provide evidence of compliancy to all relevant requirements, policies, law s etc. 4 P4. Loss of business reputation due to cotenant activities tenant affecting the reputation of another tenant. Risk of malicious activities carried out by one 5 P5. Cloud service termination or failure The risk of providers to go out of business. The risk of unclear data ow nership. 6 P6. Cloud provider acquisition Acquisition of the cloud provider could increase the likelihood of a strategic shift and may put nonbinding agreements at risk. 7 P7. Supply chain failure A cloud computing provider can outsource certain specialized tasks of its production chain to third parties. The risk of non-compliancy of those subcontractors. 8 Changing regulations This risk of changes in law s and regulations could impact the requirements for both the financial institution and the cloud provider. Changes in regulations could also impact the risks for the outsourcer. 9 Insufficient skills and know ledge to identify risks related to Outsourcing / Cloud computing If the financial institution has insufficient know ledge to identify the risks involved or to assess the operational effectiveness of the controls af the Cloud Service Provider outsourcing is not allow ed. Monitoring outsourcing requires specific skills and know ledge. Robeco 11
12 3 rd party key vendors The following criteria (at least 2 scored per vendor) are used to define 3 rd party key vendors. Budget of the vendor for the current year: > xxxxx Operational risk of the services delivered by the vendor based on the Kraljic score: > 2,5 The service of the vendor supports one of the key-processes of Robeco, such as: Front Office: Investment portfolio management, trading, securities lending Back office : Operations and accounting Retail: Operations, Sales en Marketing Corporate Departments: Risk management, Group Finance and HR IT: core infrastructure, Development BPO: Pension Providers, Private Equity Robeco 12
13 Lessons Learned from Cloud projects Execute a thorough risk analyses; Ensure involvement and commitment from Compliance, Risk Management, Legal and Audit during the risk analysis, contract negotiation and continue during implementation; Ensure commitment from Senior Management. In our case we have involved the In Control Board and the Management Board in our decision making process; Involve DNB early in the process; Multi Vendor Agile working requires extensive coordination; Highly frequent program board meetings to discuss issues and risks. Realize Regie for a (Cloud Provider) is not an IT-party. Take care for a management organization in house with knowledge. Ensure there are good governance arrangements. Robeco 13
14 Cloud: Risk or Opportunity Standard (Service, SLA, Contract) Liability Regulators (Right to Examine) (Wft / BPr) Integration Cost Attractive and efficient Stay up to date (Follow the roadmap) Patriot Act Vendor Lock in Vendor Security Policy Data Privacy Data Location In Control Customization & Configuration Stability & Continuity 14
15 WE DO!!!! Robeco 15
Case Study Cloud Computing
Case Study Cloud Computing Rotterdam Juli 2013 Robeco Ton Ligtvoet, Manager IT Contracts and Infra Projects For institutional investors 1 Facts and figures Robeco IT Servicing Asset Management, Pension
More informationResidual risk. 3 Compliance challenges (i.e. right to examine, exit clause, privacy acy etc.)
Organizational risks 1 Lock-in Risk of not being able to migrate easily from one provider to another 2 Loss of Governance Control and influence on the cloud providers, and conflicts between customer hardening
More informationISO 27002:2013 Version Change Summary
Information Shield www.informationshield.com 888.641.0500 sales@informationshield.com Information Security Policies Made Easy ISO 27002:2013 Version Change Summary This table highlights the control category
More informationOrchestrating the New Paradigm Cloud Assurance
Orchestrating the New Paradigm Cloud Assurance Amsterdam 17 January 2012 John Hermans - Partner Current business challenges versus traditional IT Organizations are challenged with: Traditional IT seems
More informationCloud Computing. Cloud Computing An insight in the Governance & Security aspects
Cloud Computing An insight in the Governance & Security aspects AGENDA Introduction Security Governance Risks Compliance Recommendations References 1 Cloud Computing Peter Hinssen, The New Normal, 2010
More informationWhat s the Path? Information Life-cycle part of Vendor Management
Disclaimer The materials provided in this presentation and any comments or information provided by the presenter are for educational purposes only and nothing conveyed or provided should be considered
More informationAudit Report. Effectiveness of IT Controls at the Global Fund Follow-up report. GF-OIG-15-20b 26 November 2015 Geneva, Switzerland
Audit Report Effectiveness of IT Controls at the Global Fund Follow-up report GF-OIG-15-20b Geneva, Switzerland Table of Contents I. Background and scope... 3 II. Executive Summary... 4 III. Status of
More informationWP9 D9.5 Risk Analysis and Countermeasures
WP9 D9.5 Risk Analysis and Countermeasures Risk Analysis approach for the Cloud for Europe PCP pilots Friday 20150911 Jan Colpaert Fedict, BE Starting points - observations any Before using cloud technology,
More informationSecurity Challenges of Cloud Providers ( Wie baue ich sichere Luftschlösser in den Wolken )
23.11.2015 Jan Philipp Manager, Cyber Risk Services Enterprise Architect Security Challenges of Cloud Providers ( Wie baue ich sichere Luftschlösser in den Wolken ) Purpose today Introduction» Who I am
More informationArticle 29 Working Party Issues Opinion on Cloud Computing
Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,
More informationThe HR Skinny: Effectively managing international employee data flows
The HR Skinny: Effectively managing international employee data flows Topics we will cover today Laws affecting HR data flows HR international data protection challenges and strategic solutions Case study
More informationHIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT
HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.
More informationManaging Cloud Computing Risk
Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify
More informationWHITE PAPER. Mitigate BPO Security Issues
WHITE PAPER Mitigate BPO Security Issues INTRODUCTION Business Process Outsourcing (BPO) is a common practice these days: from front office to back office, HR to accounting, offshore to near shore. However,
More informationDraft Information Technology Policy
Draft Information Technology Policy Version 3.0 Draft Date June 2014 Status Draft Approved By: Table of Contents 1.0 Introduction... 6 Background... 6 Purpose... 6 Scope... 6 Legal Framework... 6 2.0 Software
More informationCloud Computing: Background, Risks and Audit Recommendations
Cloud Computing: Background, Risks and Audit Recommendations October 30, 2014 Table of Contents Cloud Computing: Overview 3 Multiple Models of Cloud Computing 11 Deployment Models 16 Considerations For
More informationCloud Security Introduction and Overview
Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious
More informationAcquia Comments on EU Recommendations for Data Processing in the Cloud
Acquia Comments on EU Recommendations for Data Processing in the Cloud Executive Summary On July 1, 2012, European Union (EU) data protection regulators provided guidelines for service providers processing
More informationLEGAL ISSUES IN CLOUD COMPUTING
LEGAL ISSUES IN CLOUD COMPUTING RITAMBHARA AGRAWAL INTELLIGERE 1 CLOUD COMPUTING Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing
More informationIIA South West Event. A look at key supply chain risks and why contracting is a key step 14 January 2015
IIA South West Event A look at key supply chain risks and why contracting is a key step 14 January 2015 Objectives and agenda Page The contact at KPMG with respect to this presentation is: Iain Prince
More informationApplying Business Architecture to the Cloud
Applying Business Architecture to the Cloud Mike Rosen, Chief Scientist Mike.Rosen@ WiltonConsultingGroup.com Michael Rosen Agenda n What do we mean by the cloud? n Sample architecture and cloud support
More informationTHIRD PARTY. T i m L i e t z R e g i o n a l P r a c t i c e L e a d e r R i s k A d v i s o r y S e r v i c e s
MANAGING THIRD PARTY RISK T i m L i e t z R e g i o n a l P r a c t i c e L e a d e r R i s k A d v i s o r y S e r v i c e s Experis -- a different kind of talent company. Experis Tuesday, January 08,
More informationRetention & Disposition in the Cloud Do you really have control?
InterPARES Trust Retention & Disposition in the Cloud Do you really have control? Franks Patricia, San Jose State University, San Jose, USA and Alan Doyle, University of British Columbia, Canada October
More informationThe European Cloud Journey. Gabriella Cattaneo, European Government Consulting IDC s European Cloud Research Team February 24, 2014
The European Cloud Journey Gabriella Cattaneo, European Government Consulting IDC s European Cloud Research Team February 24, 2014 The Cloud market grows fast (Forecast 2014, WE) Market Value Bill. 10.2
More informationVENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium
1 VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 2 Agenda Introduction Vendor Management what is? Available Guidance Vendor Management
More informationState of Oregon. State of Oregon 1
State of Oregon State of Oregon 1 Table of Contents 1. Introduction...1 2. Information Asset Management...2 3. Communication Operations...7 3.3 Workstation Management... 7 3.9 Log management... 11 4. Information
More informationCPNI VIEWPOINT 01/2010 CLOUD COMPUTING
CPNI VIEWPOINT 01/2010 CLOUD COMPUTING MARCH 2010 Acknowledgements This viewpoint is based upon a research document compiled on behalf of CPNI by Deloitte. The findings presented here have been subjected
More informationIT Audit in the Cloud
IT Audit in the Cloud Pavlina Ivanova, CISM ISACA-Sofia Chapter Content: o 1. Introduction o 2. Cloud Computing o 3. IT Audit in the Cloud o 4. Residual Risks o Used Resources o Questions 1. ISACA Trust
More informationCorporate Presentation 2016
Corporate Presentation 2016 2 AGENDA About SPAMINA Cool Vendor 2016 The Security Challenge 3 Concerns over data protection and confidentiality Why Spamina? SPAMINA Platform 4 Parla Secure Cloud Email ParlaMI
More informationIT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
More informationDomain 1 The Process of Auditing Information Systems
Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge
More informationCloud Security & Risk Management PRESENTATION AT THE OPEN GROUP CONFERENCE
Cloud Security & Risk Management PRESENTATION AT THE OPEN GROUP CONFERENCE MARCH 2011 Image Area VARAD G. VARADARAJAN ENTERPRISE ARCHITECTURE COE COGNIZANT TECHNOLOGY SOLUTIONS For details please email:
More informationUnderstanding the Software Contracts Process
Understanding the Software Contracts Process By John Seidl, Partner Tompkins Associates More and more often, companies are purchasing supply chain software from commercial software vendors rather than
More informationPrivate & Hybrid Cloud: Risk, Security and Audit. Scott Lowry, Hassan Javed VMware, Inc. March 2012
Private & Hybrid Cloud: Risk, Security and Audit Scott Lowry, Hassan Javed VMware, Inc. March 2012 Private and Hybrid Cloud - Risk, Security and Audit Objectives: Explain the technology and benefits behind
More informationNewcastle University Information Security Procedures Version 3
Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations
More informationSATURDAY, FEBRUARY 28, 2015 CLE 10 (Ethics) 9:30 a.m. 10:30 a.m. Moving to the Cloud - Identifying & Managing Legal, Ethical and Compliance Risks
SATURDAY, FEBRUARY 28, 2015 CLE 10 (Ethics) 9:30 a.m. 10:30 a.m. Moving to the Cloud - Identifying & Managing Legal, Ethical and Compliance Risks Moving to the Cloud - Identifying & Managing Legal, Ethical
More informationEuroCloud Star Audit. A strong partnership that provides you with a competitive advantage
EuroCloud Star Audit A strong partnership that provides you with a competitive advantage Strong and advantageous? 5 topics to consider 99% of all organisations are SME, with little internal Know- how.
More informationCloud Computing. Making legal aspects less cloudy. Erik Luysterborg Partner Cyber Security & Privacy Belgium EMEA Data Protection & Privacy Leader
Cloud Computing Making legal aspects less cloudy Erik Luysterborg Partner Cyber Security & Privacy Belgium EMEA Data Protection & Privacy Leader 30 September 2014 1 Contents A. Introduction: a short walk
More informationCloud computing: benefits, risks and recommendations for information security
Cloud computing: benefits, risks and recommendations for information security Dr Giles Hogben Secure Services Programme Manager European Network and Information Security Agency (ENISA) Goals of my presentation
More informationStudy on Cloud security in Japan
Study on Cloud security in Japan 2011/February Professor Yonosuke HARADA INSTITUTE of INFORMATION SECURITY (C) ITGI Japan Content 1 Background 2 Survey 2.1 Respondents 2.2 User on cloud services 2.3 Risk
More informationSecuring the Microsoft Cloud
Securing the Microsoft Cloud Securing the Microsoft Cloud Page 1 Securing the Microsoft Cloud Microsoft recognizes that trust is necessary for organizations and consumers to fully embrace and benefit from
More informationInformation Security ISO Standards. Feb 11, 2015. Glen Bruce Director, Enterprise Risk Security & Privacy
Information Security ISO Standards Feb 11, 2015 Glen Bruce Director, Enterprise Risk Security & Privacy Agenda 1. Introduction Information security risks and requirements 2. Information Security Management
More informationUSE OF CLOUD COMPUTING BY SMALL AND MEDIUM ENTERPRISES
1 USE OF CLOUD COMPUTING BY SMALL AND MEDIUM ENTERPRISES Introduction Small and Medium Enterprises (SMEs) are the drivers of a nation s economy SMEs are leading the way for entering new global markets
More informationThe Changing IT Risk Landscape Understanding and managing existing and emerging risks
The Changing IT Risk Landscape Understanding and managing existing and emerging risks IIA @ Noon Kareem Sadek Senior Manager, Deloitte Canada Chris Close Senior Manager, Deloitte Canada December 2, 2015
More informationAdding Cloud Solutions to Customer Contracts Robert J. Scott
Adding Cloud Solutions to Customer Contracts Robert J. Scott MSP vs. Cloud Who owns the hardware? Where does the data reside? Dedicated vs. Multi tenant? Who contracts with 3 rd parties? How are services
More informationCLOUD SECURITY THROUGH COBIT, ISO 27001 ISMS CONTROLS, ASSURANCE AND COMPLIANCE
CLOUD SECURITY THROUGH COBIT, ISO 27001 ISMS CONTROLS, ASSURANCE AND COMPLIANCE Indranil Mukherjee Singapore ISC Pte Ltd Session ID: CLD T02 Session Classification: Intermediate Cloud Computing from a
More informationCloud Risk Management: How to Consolidate your CSP and Corporate Risk Profile
Cloud Risk Management: How to Consolidate your CSP and Corporate Risk Profile Jerry Wertelecky, CPA, Fellow HKIoD & Managing Director INTRODUCTION Jerry Wertelecky Country of Birth: United States Current
More informationProtec'ng Data and Privacy in a World of Clouds and Third Par'es Vincent Campitelli
Protec'ng Data and Privacy in a World of Clouds and Third Par'es Vincent Campitelli Vice President, IT Risk Management McKesson Corpora-on What is Your Business Model? Economic Moats In business, I look
More informationSoftware as a Service Decision Guide and Best Practices
Software as a Service Decision Guide and Best Practices Purpose of this document Software as a Service (SaaS) is software owned, delivered and managed remotely by one or more providers [Gartner, SaaS Hype
More informationSECURITY CONCERNS AND SOLUTIONS FOR CLOUD COMPUTING
SECURITY CONCERNS AND SOLUTIONS FOR CLOUD COMPUTING 1. K.SURIYA Assistant professor Department of Computer Applications Dhanalakshmi Srinivasan College of Arts and Science for Womren Perambalur Mail: Surik.mca@gmail.com
More informationCloud Sourcing New Market Dynamics Require Changes To Sourcing Strategy. Gaetano Santucci November 2012
Cloud Sourcing New Market Dynamics Require Changes To Sourcing Strategy Gaetano Santucci November 2012 Four powerful dynamics are reshaping the IT services ecosystem The innovation revolution The tech
More informationTeam A SaaS Strategy
Team A SaaS Strategy What is a strategy? Strategy is the direction and scope of an organization over the long-term term: : which achieves advantages for the organization through its configuration of resources
More informationSoftware Defined Hybrid IT. Execute your 2020 plan
Software Defined Hybrid IT Execute your 2020 plan Disruptive Change Changing IT Service Delivery Cloud Computing Social Computing Big Data Mobility Cyber Security 2015 Unisys Corporation. All rights reserved.
More informationHow to Protect Intellectual Property While Offshore Outsourcing?
WHITE PAPER [Type text] How to Protect Intellectual Property While Offshore Outsourcing? In an era of increasing data theft, it is important for organizations to ensure that the Intellectual Property related
More informationThe NREN s core activities are in providing network and associated services to its user community that usually comprises:
3 NREN and its Users The NREN s core activities are in providing network and associated services to its user community that usually comprises: Higher education institutions and possibly other levels of
More informationSecurely Outsourcing to the Cloud: Five Key Questions to Ask
WHITE PAPER JULY 2014 Securely Outsourcing to the Cloud: Five Key Questions to Ask Russell Miller Tyson Whitten CA Technologies, Security Management 2 WHITE PAPER: SECURELY OUTSOURCING TO THE CLOUD: FIVE
More informationHow To Protect Your Data In The Cloud
Cloud Computing Hot topics in relation to security, liability and privacy Steven De Schrijver Cloud Computing : who and what is involved? Data Cloud Service Provider (e.g. SaaS, PaaS, IaaS) Sub-contractor
More informationCloud Security Trust Cisco to Protect Your Data
Trust Cisco to Protect Your Data As cloud adoption accelerates, organizations are increasingly placing their trust in third-party cloud service providers (CSPs). But can you fully trust your most sensitive
More informationare some of the key drivers behind mandates from executives to move IT infrastructure from on-premises to the cloud.
W H I T E PA P E R Public Network External Application MTA Moving to the Cloud Important Things to Consider Before Migrating Your Messaging Infrastructure to the Cloud Fallback MTA External Corporate MTAs
More informationWhat Is The Cloud And How Can Your Agency Use It. Tom Konop Mark Piontek Cathleen Christensen
What Is The Cloud And How Can Your Agency Use It Tom Konop Mark Piontek Cathleen Christensen Video Computer Basics: What is the Cloud What is Cloud Computing Cloud Computing Basics The use of the word
More informationVirginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101
Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro
More informationInternational Journal of Innovative Technology & Adaptive Management (IJITAM) ISSN: 2347-3622, Volume-1, Issue-5, February 2014
An Overview on Cloud Computing Services And Related Threats Bipasha Mallick Assistant Professor, Haldia Institute Of Technology bipasm@gmail.com Abstract. Cloud computing promises to increase the velocity
More informationSecurity Officer s Checklist in a Sourcing Deal
Security Officer s Checklist in a Sourcing Deal Guide Share Europe Ostend, May 9th 2014 Johan Van Mengsel IBM Distinguished IT Specialist IBM Client Abstract Sourcing deals creates opportunities and challenges.
More informationISO 27001 Controls and Objectives
ISO 27001 s and Objectives A.5 Security policy A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements
More informationCloud Service Rollout. Chapter 9
Cloud Service Rollout Chapter 9 Cloud Service Topics Cloud service rollout plans vary depending on the type of cloud service SaaS, PaaS, or IaaS and the vendor. Unit Topics Identifying vendor roles and
More informationProgram Overview. CDP is a registered certification designed and administered by Identity Management Institute (IMI).
Overview Certified in Data Protection (CDP) is a comprehensive global training and certification program which leverages international security standards and privacy laws to teach candidates on how to
More informationD. L. Corbet & Assoc., LLC
Demystifying the Cloud OR Cloudy with a Chance of Data D. L. Corbet & Assoc., LLC thelinuxguy@donet.com Why 'The Cloud' Common Clouds Considerations and Risk Why 'The Cloud' Distributed Very Large / Very
More informationSupplier Security Assessment Questionnaire
HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.
More informationCloud Computing Readiness - Background
IT Best Practices Audit Cloud Computing Readiness - Background Cloud based offerings are maturing and finally taking off after a long period (e.g. Software as a Service offerings have been available for
More informationCloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org
Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security
More informationAt the Heart of Connected Manufacturing
www.niit-tech.com At the Heart of Connected Manufacturing Transforming Manufacturing Operations to Drive Agility and Profitability The success of the new manufacturing network hinges on the agility of
More informationSecuring the Cloud with IBM Security Systems. IBM Security Systems. 2012 IBM Corporation. 2012 2012 IBM IBM Corporation Corporation
Securing the Cloud with IBM Security Systems 1 2012 2012 IBM IBM Corporation Corporation IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns
More informationEAaaS Cloud Security Best Practices
EAaaS Cloud Security Best Practices A Technical White Paper by Sennovate Inc Jan 2013 EAaaS Cloud Security Best Practices Page 1 Introduction: Cloud security is an ever evolving subject that is difficult
More informationTHE CLOUD: OPPORTUNITIES AND ISSUES
THE CLOUD: OPPORTUNITIES AND ISSUES OF IMMATERIALITY Alberto Pera Partner, Gianni Origoni Grippo Cappelli & Partners THE CLOUD IS A NO-LAND TERRITORY Data can be accessed and processed from anywhere via
More informationAchieving Data Privacy in the Cloud
Achieving Data Privacy in the Cloud Study of Information Technology Privacy and Compliance of Small to Medium-Sized Organizations in germany Sponsored by microsoft Independently Conducted by Ponemon Institute
More informationAnn Geyer Tunitas Group. CGEIT Domains
1 CGEIT Exam Prep May 17, 2011 Ann Geyer Tunitas Group CGEIT Domains 2 Job Practice Areas by Domain 25% IT Gov Frameworks 20% Risk Mgmt 15% Strategic Alignment 15% Value Delivery 13% Resource Mgmt 12%
More informationOperational Risk. The new FSA requirements. Contents. February 2004
Operational Risk The new FSA requirements February 2004 Contents Purpose Definition of OR by FSA Factors to take into account Business functions within a company with individual OR plans for their function
More informationCloud Services and Business Process Outsourcing
Cloud Services and Business Process Outsourcing What security concerns surround Cloud Services and Outsourcing? Prepared for the Western NY ISACA Conference April 28 2015 Presenter Kevin Wilkins, CISSP
More informationOn Premise Vs Cloud: Selection Approach & Implementation Strategies
On Premise Vs Cloud: Selection Approach & Implementation Strategies Session ID#:10143 Prepared by: Praveen Kumar Practice Manager AST Corporation @Praveenk74 REMINDER Check in on the COLLABORATE mobile
More informationWhite Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK. By James Christiansen, VP, Information Risk Management
White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK By James Christiansen, VP, Information Management Executive Summary The Common Story of a Third-Party Data Breach It begins with a story in the newspaper.
More informationAchieve Economic Synergies by Managing Your Human Capital In The Cloud
Achieve Economic Synergies by Managing Your Human Capital In The Cloud By Orblogic, March 12, 2014 KEY POINTS TO CONSIDER C LOUD S OLUTIONS A RE P RACTICAL AND E ASY TO I MPLEMENT Time to market and rapid
More informationChapter 2 INDUSTRIAL BUYING BEHAVIOUR: DECISION MAKING IN PURCHASING
Chapter 1 THE ROLE OF PURCHASING IN THE VALUE CHAIN The role and importance of the purchasing and supply function in the value chain. The difference between concepts such as ordering, buying, purchasing,
More informationCyber Security and Cloud Computing. Dr Daniel Prince Course Director MSc in Cyber Security d.prince@lancaster.ac.uk
Cyber Security and Cloud Computing Dr Daniel Prince Course Director MSc in Cyber Security d.prince@lancaster.ac.uk Scope of Today SME Attractors for Cloud Switching to the Cloud Public Private Hybrid Big
More informationTO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel
AL 2000 12 O OCC ADVISORY LETTER Comptroller of the Currency Administrator of National Banks Subject: Risk Management of Outsourcing Technology Services TO: Chief Executive Officers of National Banks,
More informationSeminar on Unfair Competition Enforcement in the United States and Supply Chain Cybersecurity Issues. Palace Hotel Saigon, HCMC, November 19 th 2014
Seminar on Unfair Competition Enforcement in the United States and Supply Chain Cybersecurity Issues Palace Hotel Saigon, HCMC, November 19 th 2014 Cyber Security and Supply Chain Integrity as Risk Factors
More informationGuarantee Microsoft Office 365 end-user experience
Guarantee Microsoft Office 365 end-user experience APPLICATION BRIEF Guarantee Microsoft Office 365 end-user experience Most enterprises are considering moving their Office productivity tools to the cloud,
More informationCloud Computing. What we should be auditing
Cloud Computing What we should be auditing What is cloud computing? Model Description What it does Examples SAAS Software as a service Applications often available through a browser Workday, Salesforce.com
More informationNSW Government. Cloud Services Policy and Guidelines
NSW Government Cloud Services Policy and Guidelines August 2013 1 CONTENTS 1. Introduction 2 1.1 Policy statement 3 1.2 Purpose 3 1.3 Scope 3 1.4 Responsibility 3 2. Cloud services for NSW Government 4
More informationCLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM
CLOUD STORAGE SECURITY INTRODUCTION Gordon Arnold, IBM SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members may use this material
More informationCloud Computing: Contracting and Compliance Issues for In-House Counsel
International In-house Counsel Journal Vol. 6, No. 23, Spring 2013, 1 Cloud Computing: Contracting and Compliance Issues for In-House Counsel SHAHAB AHMED Director Legal and Corporate Affairs, Microsoft,
More informationValidating Enterprise Systems: A Practical Guide
Table of Contents Validating Enterprise Systems: A Practical Guide Foreword 1 Introduction The Need for Guidance on Compliant Enterprise Systems What is an Enterprise System The Need to Validate Enterprise
More informationThird Party Security Guidelines. e-governance
for e-governance Draft DEPARTMENT OF ELECTRONICS AND INFORMATION TECHNOLOGY Ministry of Communication and Information Technology, Government of India. Document Control S/L Type of Information Document
More informationCloud Call Centre. itouch Vision. This document gives an overview of the cloud call Centre and discusses the different features and functionality.
itouch Vision Cloud Call Centre This document gives an overview of the cloud call Centre and discusses the different features and functionality. For further information, about implementation and pricing
More informationIBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation
IBM Cloud Security Draft for Discussion September 12, 2011 IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing
More informationIT OUTSOURCING SECURITY
IT OUTSOURCING SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationIs Your Data Safe in the Cloud?
Is Your Data Safe in the? Is Your Data Safe in the? : Tactics and Any organization likely to be using public cloud computing are also likely to be storing data in the cloud. Yet storing data in the cloud
More informationCanvassing the Cloud. An Eversheds LLP and PA Consulting Group study into the adoption of Cloud technologies
Canvassing the Cloud An Eversheds LLP and PA Consulting Group study into the adoption of Cloud technologies Contents Foreword 1 Insights from the study 2 Defining the Cloud 3 Study results 4 General 4
More informationBelow you ll find out how we helped clients with our Design, Consulting and Management services.
PROJECT PORTFOLIO Introduction Nephin and its team have worked in a wide variety of industries, both nationally and internationally. This work ranges from designing large, cutting-edge facilities for large
More informationSAM Benefits Overview
SAM Benefits Overview control. optimize. grow. M Software Asset Management What is SAM? Software Asset Management, often referred to as SAM, is a vital set of continuous business processes that provide
More information