CFOs and CIOs: How can you mitigate concerns when moving to the cloud?
|
|
- Kevin Brendan Gardner
- 8 years ago
- Views:
Transcription
1 CFOs and CIOs: How can you mitigate concerns when moving to the cloud?
2 Contents Review: How do you know when to reach for the clouds? 3 Identify business objectives and use of technology to meet objectives 4 How can cloud computing help reshape business objectives? 5 From a risk perspective, is there data that is too sensitive for the cloud? 6 What cloud service contract attributes deserve extra attention 9 Navigating the clouds with altimeters and instruments 10
3 Review: How do you know when to reach for the clouds? As many companies move some (or most) of their data to the cloud, many CFOs and CIOs grapple with the decision of what data to move and when to move that data. They have to weigh the relative benefits and costs of moving to the cloud. They also have to consider specific risks such as security and application risks, and process complexity and the degree of customization required. service provider, and how to manage risks while operating in a cloud computing environment. It identifies potential deal breakers and enablers CFOs and CIOs should consider in this migration. The Four Faces of the CFO 1 can offer insights to answer the question How can you mitigate concerns when moving to the cloud? Different industries and organizations will likely have varying propensities to put their data in the cloud. While information technology investments generally require a business case, the organizations that have a high propensity for using cloud computing technology will likely need to make a different business case not to use cloud. In other words, decision makers will likely have to selectively discourage on-premises information technology investments. Four Faces of the CFO Catalyst Leading edge Threshold performance Finance function Strategist Cloud computing technology and SaaS applications can become a welcoming platform for innovation and the strategic use of technology for driving business value. This second whitepaper in our CFO Program series on cloud computing, How can you mitigate concerns when moving to the cloud provides additional perspective to help CFOs and CIOs make decisions around what to place into the cloud, and how to structure the relationship with the cloud Steward Execution Efficiency Control Operator 1 Deloitte CFO Center Four Faces of the CFO CFOs and CIOs How can you mitigate concerns when moving to the cloud? 3
4 Identify business objectives and use of technology to meet objectives Catalyst Leading edge Threshold performance Efficiency Execution Finance function Strategist computing can inform the business objective of improving the CRM environment. Rather than needing additional hardware, time to write new code, and perhaps the need to hire additional IT staff, the organization can use a cloud-based CRM environment. There is no extra cost for computers nor staff; rather the service is purchased. However, there are multiple issues that should be examined before an organization embarks on such an endeavor. Steward Control Operator In a cloud computing environment, the organization obtains a service that might be cost prohibitive had that organization developed that service on its own. However, when examining the total cost of ownership (TCO) for a cloud service, the CFO and CIO should include consideration for increased risk, compliance and governance costs. There is an inter-relationship between business objectives, information, and technology. Organizations often find that defining business objectives and gathering the needed information to address those business objectives is only part of the solution. The organization should also make effective use of technology. It is a symbiotic relationship; technology should be used in accordance with the businesses objectives, but the business objectives should be informed by the technology. Imagine an organization that would like to engage in a more robust customer relationship management (CRM) initiative. The current on-premises system is over 10 years old and most of the time is spent just keeping the on-premises system running. The current IT staff do not have sufficient additional time to add new features to the system, and the current hardware environment does not have much additional capacity. This is a time in which current technological alternatives in the form of cloud A SaaS or cloud application will likely provide new capabilities and agility for the organization at a lower price point than could be accomplished internally, but the TCO should include consideration for risk monitoring and compliance costs. Increases in capacity and flexibility usually come at a cost requiring new trade-offs between cost / flexibility / capacity and relative risk. If there is too much risk (e.g., potential for exposure of confidential data), the organization will likely not want to avail itself to the technology. Alternatively, if the benefits exceed the potential risks, the organization will likely want to use the new technology. The risk appetite of the organization may also differentiate the organization that uses these resources. Two virtually identical firms, when faced with the same choice, may choose different outcomes because one firm has a more conservative risk profile while the other has a more aggressive risk profile. Both firms have made valid decisions based upon their respective risk tolerances. 4
5 How can cloud computing help reshape business objectives? As organizations consider cloud computing technology to meet their business objectives, there is an opportunity to redefine or advance objectives given the capabilities of cloud computing. Catalyst Leading edge Strategist Some CIOs have identified cloud computing as a platform that elevates the value that information technology brings to the organization. Through the relative ease of creating new applications, and the ability for functional business employees to request or even create SaaS applications that help them meet their business objectives, cloud computing has strengthened the culture and functional ownership of how technology can further enable meeting business objectives. While introducing new technology can present risks to the organization, there is also a (potentially greater) possible risk of not allowing the technology that employees and functional leaders recognize will likely help them be effective. The organization risks being left behind from a technology perspective as well as an employee engagement and business capability perspective. Steward Threshold performance Execution Efficiency Control Finance function Efficiency Operator Cloud information tends to be easier to share. IT needs to provide easy to use tools, and to support mobility. This is a significant transition of how we think about IT." In some cases, there are dramatic cost advantages. We feel there is a temporary cost to support the transition. A big concern is availability to the application; if I don't have access to cloud, I can't do anything. CIOs and CFOs have found that cloud computing has opened the door to internal innovation. This has resulted in positive collaborative and motivational impacts to their organizations 2. From a catalyst perspective, cloud computing can help move the dial on employee engagement and cross-business collaboration. From a risk perspective, organizations should consider the risks of adopting cloud technology, and the risk of not adopting cloud technology, given the availability of the technology, and the implications on the organizational values. 2 Based on interviews conducted as part of Deloitte s CFO Program Fellows & Scholars initiative, which connects Deloitte practitioners ( Fellows ) and professors from universities ( Scholars ) to develop CFO relevant insights and research. CFOs and CIOs How can you mitigate concerns when moving to the cloud? 5
6 From a risk perspective, is there data that is too sensitive for the cloud? CFOs and CIOs have indicated varying levels of sensitivity to having their information in the cloud, or off-premises, rather than on-premises. Regulatory and industry considerations such as those found in healthcare and financial services become prevalent in the data location decision making. For other considerations, such as those stemming from the fear of others accessing content, an evaluation of the content by purpose can help clarify the decision about what data, if any, to move to the cloud. Whether using a value chain approach or other means to identify the purpose of data in the organization, CFOs and CIOs awareness of cloud computing capabilities can help them make informed decisions. Catalyst Leading edge Threshold performance Execution Efficiency Control Finance function Strategist Steward Operator Cloud Computing Service Provider Capability Map 3 Governance and compliance Capabilities that support monitoring and validation of alignment with firm policies, establishing a governance model to determine compliance with regulations, establishing up-time targets conformity, proactively evaluating service demand and scaling to meet changes, monitoring service levels throughout the service lifecycle, and addressing poor performance. Risk, privacy and security management Business operations Capabilities that support evaluating opportunities to determine a strategy that manages risk against, establishing guidelines about how, when and by whom personal data should be accessed, creating a disaster recovery plan and monitoring readiness, and developing policies and practices for how information assets should be accessed and used. Capabilities that support the receipt and validation of sales quotes, creation of orders, supply chain response, and order fulfillment; the management of price-plans, the execution of core billing calculation engines, and the ability to handle billing inquiries; the setup and management of a channel strategy. Also includes capabilities needed to provide customer care and support, including the management of returns, renewals, upgrades and cross-grades, plus any required professional services. Technology architecture and infrastructure Technical capabilities that are needed across the enterprise from basic and messaging services, to collaboration and social media, identity management, content and master data management, through to integration services and business intelligence solutions as well as the underlying infrastructure Service management Capabilities to provide clear governance to manage the relationship between the service provider and the business consumer, and to create clarity around performance and service delivery expectations. Includes capabilities to align business needs with shared services capacity through effective demand management and resource planning and to focus on continuous improvement of services delivered. People and organization Capabilities needed to manage the organizational shift to be cloud enabled including managing organizational change and design, planning workforce development, creating a talent acquisition and management strategy, and developing a communication plan. 3 Deloitte Development LLC: Cloud Computing Service Provider CloudPrint Capability Map 6
7 What are potential SaaS deal breakers? As CFOs and CIOs consider which data or applications should be placed into the cloud, they should determine if there are any Deal Breakers? It is likely that these deal breakers result from data characteristics, application characteristics, and contract terms. Are there any sensitive data that should not be placed into the cloud (at this time)? For example, should social security, bank account information, PCI data, HIPPA data, etc. be placed in the cloud? What legal restrictions exist across different countries in which you engage in commerce? Do any countries (or states) have restrictions upon the location in which cloud data are stored? Any of these items could be deal breakers that prevent the use of cloud resources. Are there any applications that provide competitive advantage (which would be lost) if a generic version of that application was provided in the cloud? While there is certainly the allure of using cloud applications for many tasks, e.g., customer relationship management, consideration should be given to how those cloud applications would interface with on-premise applications that are a source of competitive advantage. Are the terms of service associated with the cloud provider unacceptable? Click-through contracts are generally not acceptable to business organizations. Regardless, the contract should be carefully reviewed. A recent article has quoted terms from vendors that include The SaaS vendor can suspend your right and license to use services, or terminate the agreement in its entirety for any reason or no reason, at its discretion at any time, with, at most, 60 days notice. Or, with respect to indemnification Your company must indemnify the SaaS provider from all claims relating to your use of the vendor s services, with no limits on liability. (Computerworld February , Big SaaS Done Right, Robert L. Mitchell). In addition to the above risks (your organization might have different deal breakers ); the chart below provides additional risk factors that should be considered when evaluating SaaS alternatives. What are risk considerations while managing acquisition of Software as a Service (SaaS) 4? Privacy / Security On-premise computing Are my access policies adequate? Do I have a granular enough procedure to grant access where it is needed and keep non-authorized users from gaining access? Do I have appropriate firewalls? Are my applications updated with vendor service packs in a timely manner? What is the risk of accidental disclosure? Are critical data encrypted? What is the risk of disclosure if hacked? What policies are established to mitigate any data disclosure? What are my backup and restoration policies and procedures? Cloud computing All of the risks associated with On-Premise Computing plus the following: Am I sure that the multi-tenancy environment is secure so that other tenants cannot access my content? Does the provider have SOC/SSAE-16 types of assurance? What types of guarantees exist regarding data confidentiality? Data sharing with other service providers? If the data is marked for deletion, will it actually be deleted, including deletion from backup devices? If the cloud provider uses a third party cloud provider, what assurances do I have (e.g., a cloud application provider contracts with a cloud infrastructure provider for content hosting)? Can critical data be encrypted in transmission and for storage? Can the vendor logs be compared to my data logs? How does the cloud service interface with my on-premises security environment? Will the vendor comply with my backup and restoration policies and procedures? 4 Risk considerations are based on research conducted as part of Deloitte s CFO Program Fellows & Scholars initiative, which connects Deloitte practitioners ( Fellows ) and professors from universities ( Scholars ) to develop CFO relevant insights and research. CFOs and CIOs How can you mitigate concerns when moving to the cloud? 7
8 Legal issues / Location of data Exiting contract with cloud vendor Support On-premise computing Generally not an issue; have complete control and ownership of the data and can control the location of the data. Not an issue, however, have some similar issues with exiting contracts with on-premise computing providers. What type of support? Who handles initial user support questions? When to escalate to vendor support? Cloud computing Does the negotiated contract take precedence over click-through agreements? If the cloud provider uses a third party cloud provider, what contractual rights/remedies do I have against the third party? Can I specify that the data must remain in a certain domicile? Does the contract cost include number of users (how are they counted)? Amount of data stored (how is this counted peak amount? Average? Amount at end of month?)? Volume of data transmitted (data entered into system? Data output from system?)? How is elasticity measured? What types of incident reports are provided? How will the data get migrated to a new application? How much lead-time is required to let the vendor know that you are exiting? For the vendor to let you know the service is ending? Similar to On-Premise. What does the contract specify for the support received from the vendor? How is change management addressed? How much warning do users get before upgrades are applied? Can upgrades/maintenance be scheduled at my convenience? How does the cloud service interface with my on-premises computing environment? Control Data and computer systems under own control. Computer systems under control of cloud provider. Data is likely physically controlled by the cloud provider. To what extent does the cloud provider have access to the data? Are the data formats and systems that need to interface with my systems compatible (i.e., are they interoperable)? Governance Traditional IT Control Framework Who can contract for Cloud Services? How are Cloud services evaluated? Can (sub) units contract for Cloud Services without the involvement of central IT? How does the cloud service interface with existing IT infrastructure? Type of expense / Usage monitoring Contingency System failure Vendor acquired Vendor ceases Generally need to know either number of users/ seats but few, if any, other costs Are responsible for recovery in case of system failure. Might have lost data if appropriate backup and restore policies were not followed. Might need to call application or hardware vendor for service. If the application or hardware vendor is acquired, can generally continue to use the software/ hardware. Most vendors allow continuation of prior negotiated contracts. No loss of data. If the application or hardware vendor ceases to exist, must provide own maintenance on the product. Can continue to use application/hardware until new application/hardware is acquired. Generally no loss of data. Need to verify costs relative to contract terms, e.g., number of users (how are they counted)? Amount of data stored (how is this counted peak amount? Average? Amount at end of month?) volume of data transmitted (data entered into system? Data output from system?) What has been negotiated in the service level agreement (SLA)? How is uptime computed? Are the data verified/audited? What are the penalties for SLA failures? How can I get my data back after a system failure? How can I run my business if there is a SaaS system failure? What are my rights to terminate if the vendor is acquired? Can I access my data? How can I retrieve my data and transfer back to on-premises or to a different cloud provider? If I am on a month-tomonth contract, what is the new fee structure? How do I get my data back if the vendor ceases to exist? The risk considerations while acquiring and managing the transition to cloud computing have operator implications to manage the availability and use of data. 8
9 What cloud service contract attributes deserve extra attention Much like entering any service provider contract, cloud service purchasers should consider the provider s incentives and governance in place for their cloud service provider. Among many contract considerations, there are three contract areas for cloud service purchasers to consider when evaluating cloud service providers. Evaluation Period: Does the cloud service provider offer an evaluation period to try out and test the service? What evidence can the cloud service provider provide to validate services? Catalyst Leading edge Threshold performance Execution Efficiency Control Finance function Strategist Monitoring Usage/Dynamic Provisioning: What mechanisms does the cloud purchaser have to govern usage and potentially change the number of billable users or seats based on usage? How will expense management work and who will be accountable for the use of technology resources (i.e., will it be functional business leads, IT functional leads)? Contingencies: In a potential system failure, what back-up plans exist, and who manages the back-up plans? If the cloud service vendor ceases operations, what will be the process for operationalizing information hosted by the cloud service provider? If you have decided that there is sufficient benefit to use the cloud services that outweigh the risks, how do you select a provider? How can you mitigate additional risks inherent in using an outsourcer? How does a cloud provider differ from a traditional outsourced service provider? For example, how does a cloud provider differ or is similar to an outsourced payroll service provider? Steward Operator Contract, governance, and contingency considerations have steward implications to help protect and preserve the assets of the organization. CFOs and CIOs How can you mitigate concerns when moving to the cloud? 9
10 Navigating the clouds with altimeters and instruments The decisions that CFOs and CIOs make on the company computing environment is as much an operating decision as it is strategic decision. With the acceptance of cloud computing becoming more prevalent, and in many industries becoming the defacto computing environment, decision makers should consider how cloud computing can transform their organization and redefine the strategic use of information technology. Fundamentally, with cloud technology capabilities and controls strengthening and the availability of such technology, there is a risk of not moving to cloud from a competitive perspective and from an employee support perspective. Technology enables the movement of data, decision making, and is the foundation of information and operations; not having what may be the most effective technology for getting the job done could leave some organizations behind. There are tools and resources to help organizations navigate the decision and path to the cloud, and in the cloud. The Deloitte Cloud Computing Offering provides additional insights and tools including cloud business cases and a cloud risk intelligence map; navigation need not be opaque but can be guided with instruments to manage at different altitude levels and to help anticipate potential turbulence. As used in this document, Deloitte means Deloitte Consulting LLP, a subsidiary of Deloitte LLP. Please see for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting. 10
11 For further information on the Deloitte Cloud Computing Offering, please visit and type CloudPrint into the search function. Authors Ajit Kambil Global Research Director, CFO Program Deloitte LLP Severin Grabski Associate Professor and Senior Faculty Advisor for Instructional Technology Michigan State University Daniel Root Manager Deloitte Consulting LLP
12 Deloitte s U.S. CFO Program supports the organization s vision to be recognized as the pre-eminent advisor to the CFO. It harnesses the breadth of our capabilities to deliver forward thinking perspectives and fresh insights to help CFOs manage the complexities of their role, drive more value in their organization, and adapt to the changing strategic shifts in the market. For more information about Deloitte s CFO Program, visit our website at This article contains general information only and Deloitte is not, by means of this article, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This article is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte, its affiliates, and related entities shall not be responsible for any loss sustained by any person who relies on this article. Copyright 2012 Deloitte Development LLC. All rights reserved. Member of Deloitte Touche Tohmatsu Limited
CFOs and CIOs: How do you know when to reach for the clouds?
CFOs and CIOs: How do you know when to reach for the clouds? I would like to have a way to allow many different users to have access to data and to have better analytic capabilities should we just move
More informationHow To Decide If You Should Move To The Cloud
Can security conscious businesses really adopt the Cloud safely? January 2014 1 Phone: 01304 814800 Fax: 01304 814899 info@ Contents Executive overview The varied Cloud security landscape How risk assessment
More informationU.S. CFO Program The Four Faces of the CFO. 2010 Deloitte Touche Tohmatsu
U.S. CFO Program The Four Faces of the CFO 2010 Deloitte Touche Tohmatsu CFOs Play Four Critical Roles in Companies Catalyze behaviors across the organization to execute strategic and financial objectives
More informationConcurrent Technologies Corporation (CTC) is an independent, nonprofit, applied scientific research and development professional services
Concurrent Technologies Corporation (CTC) is an independent, nonprofit, applied scientific research and development professional services organization providing innovative management and technology-based
More informationWhat s the Path? Information Life-cycle part of Vendor Management
Disclaimer The materials provided in this presentation and any comments or information provided by the presenter are for educational purposes only and nothing conveyed or provided should be considered
More informationSmooth Flying Ahead: Safe Passage to Oracle ERP in the Cloud
Smooth Flying Ahead: Safe Passage to Oracle ERP in the Cloud 2 Smooth Flying Ahead: Safe Passage to Oracle ERP in the Cloud For a potential means of growing their businesses while keeping operating expenses
More informationClarity in the Cloud. Defining cloud services and the strategic impact on businesses.
Clarity in the Cloud Defining cloud services and the strategic impact on businesses. Table of Contents Executive Summary... 3 Cloud Services... 4 Clarity within the Cloud... 4 Public Cloud Solution...
More informationCLOUD ERP AND ACCOUNTING: SELECTION AND PLANNING GUIDE
CLOUD ERP AND ACCOUNTING: SELECTION AND PLANNING GUIDE Over the last three years, well over half of U.S. companies have elected to take advantage of one or more cloud-based solutions or services, but critical
More informationPublic Cloud Service Agreements: What to Expect & What to Negotiate. April 2013
Public Cloud Service Agreements: What to Expect & What to Negotiate April 2013 The Cloud Standards Customer Council THE Customer s Voice for Cloud Standards! Provide customer-led guidance to the multiple
More informationBlind spot Banks are increasingly outsourcing more activities to third parties. But they can t outsource the risks.
Blind spot Banks are increasingly outsourcing more activities to third parties. But they can t outsource the risks. For anyone familiar with the banking industry, it comes as no surprise that banks are
More informationCloud Computing Security Considerations
Cloud Computing Security Considerations Roger Halbheer, Chief Security Advisor, Public Sector, EMEA Doug Cavit, Principal Security Strategist Lead, Trustworthy Computing, USA January 2010 1 Introduction
More informationDomain 1 The Process of Auditing Information Systems
Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge
More informationThe Business Case for Cloud: Critical Legal, Business & Diligence Considerations
The Business Case for Cloud: Critical Legal, Business & Diligence Considerations Presented by Janine Anthony Bowen, Esq., CIPP/US jbowen@jack-law.com (678) 823-6611 Janine Anthony Bowen, Esq., CIPP/US
More informationChecklist for a Watertight Cloud Computing Contract
Checklist for a Watertight Cloud Computing Contract Companies of all industries are recognizing the need and benefit of moving some if not all of their IT infrastructure to a Cloud whether public or private.
More informationEvergreen Solutions Lowering the cost of EHR ownership
Evergreen Solutions Lowering the cost of EHR ownership As used in this document, Deloitte means Deloitte LLP and its subsidiaries. Please see www.deloitte.com/us/about for a detailed description of the
More informationHIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT
HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.
More informationGET CLOUD EMPOWERED. SEE HOW THE CLOUD CAN TRANSFORM YOUR BUSINESS.
GET CLOUD EMPOWERED. SEE HOW THE CLOUD CAN TRANSFORM YOUR BUSINESS. Cloud computing is as much a paradigm shift in data center and IT management as it is a culmination of IT s capacity to drive business
More informationPractical and ethical considerations on the use of cloud computing in accounting
Practical and ethical considerations on the use of cloud computing in accounting ABSTRACT Katherine Kinkela Iona College Cloud Computing promises cost cutting efficiencies to businesses and specifically
More informationTop 10 Risks in the Cloud
A COALFIRE PERSPECTIVE Top 10 Risks in the Cloud by Balaji Palanisamy, VCP, QSA, Coalfire March 2012 DALLAS DENVER LOS ANGELES NEW YORK SEATTLE Introduction Business leaders today face a complex risk question
More informationDeloitte and SuccessFactors Workforce Analytics & Planning for Federal Government
Deloitte and SuccessFactors Workforce Analytics & Planning for Federal Government Introduction Introduction In today s Federal market, the effectiveness of human capital management directly impacts agencies
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationOrchestrating the New Paradigm Cloud Assurance
Orchestrating the New Paradigm Cloud Assurance Amsterdam 17 January 2012 John Hermans - Partner Current business challenges versus traditional IT Organizations are challenged with: Traditional IT seems
More informationBuilding an Excellent Relationship with your Cloud-Based Contact Center Infrastructure Vendor. April 2014
Building an Excellent Relationship with your Cloud-Based Contact Center Infrastructure Vendor April 2014 Sponsored by: - 1 - DMG Consulting LLC Table of Contents Introduction... 1 Cloud-Based Contact Center
More informationThings You Need to Know About Cloud Backup
Things You Need to Know About Cloud Backup Over the last decade, cloud backup, recovery and restore (BURR) options have emerged as a secure, cost-effective and reliable method of safeguarding the increasing
More informationMaximize potential with services Efficient managed reconciliation service
RECONCILIATION IntelliMatch Operational Control services Optimize. PRODUCT SHEET Maximize potential with services Efficient managed reconciliation service Overview At its best, technology provides financial
More informationManaging Cloud Computing Risk
Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify
More informationTO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel
AL 2000 12 O OCC ADVISORY LETTER Comptroller of the Currency Administrator of National Banks Subject: Risk Management of Outsourcing Technology Services TO: Chief Executive Officers of National Banks,
More informationLEGAL ISSUES IN CLOUD COMPUTING
LEGAL ISSUES IN CLOUD COMPUTING RITAMBHARA AGRAWAL INTELLIGERE 1 CLOUD COMPUTING Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing
More informationHow To Understand Cloud Computing
TOP 10 CLOUD MYTHS DEBUNKED Navigating to the Cloud - Maximize Operational Efficiencies and Minimize by Avoiding Common Cloud Myths WHITE PAPER Contents 1. EXECUTIVE SUMMARY 2. INTRODUCTION Top Market
More informationJourney to Cloud 10 Questions
Journey to Cloud 10 Questions Introduction Implementing cloud solutions into your portfolio can provide opportunities to increase agility and improve process efficiency by supporting a faster time to deploy
More informationWhat you need to know about cloud backup: your guide to cost, security and flexibility.
What you need to know about cloud backup: your guide to cost, security and flexibility. Over the last decade, cloud backup, recovery and restore (BURR) options have emerged as a secure, cost-effective
More informationWhat you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered
What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered Over the last decade, cloud backup, recovery and restore (BURR) options have emerged
More informationThird Party Security: Are your vendors compromising the security of your Agency?
Third Party Security: Are your vendors compromising the security of your Agency? Wendy Nather, Texas Education Agency Michael Wyatt, Deloitte & Touche LLP TASSCC Annual Conference 3 August 2010 Agenda
More informationHIPAA Security Alert
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
More informationMoving the Contact Center to the Cloud? Consider the Options
Moving the Contact Center to the Cloud? Consider the Options DMG Consulting LLC, a leading provider of contact center, back-office and real-time analytics - market research and consulting services, predicts
More informationATS. The. The Staffing Agency s Guide to Buying an Applicant Tracking System
ATS The Advantage: The Staffing Agency s Guide to Buying an Applicant Tracking System 87 % of North American recruiting professionals agree that using ATS/CRM technology is important to the success of
More informationHow To Choose A Cloud Computing Solution
WHITE PAPER How to choose and implement your cloud strategy INTRODUCTION Cloud computing has the potential to tip strategic advantage away from large established enterprises toward SMBs or startup companies.
More informationData Processing Agreement for Oracle Cloud Services
Data Processing Agreement for Oracle Cloud Services Version December 1, 2013 1. Scope and order of precedence This is an agreement concerning the Processing of Personal Data as part of Oracle s Cloud Services
More informationRisk Management of Outsourced Technology Services. November 28, 2000
Risk Management of Outsourced Technology Services November 28, 2000 Purpose and Background This statement focuses on the risk management process of identifying, measuring, monitoring, and controlling the
More information1. Executive summary 2. 2. Survey methodology 3. 3. Functional considerations 5. 4. Financial considerations 10. 5. Operational risk considerations 13
February 20, 2012 Contents 1. Executive summary 2 2. Survey methodology 3 3. Functional considerations 5 4. Financial considerations 10 5. Operational risk considerations 13 6. Summary 17 Appendix A: TCO
More informationThe Case for Cloud Computing: Business Advantages and Costs
Considering the Cloud: A Strategic Guide for Business and Technology Leaders Whitepaper Compliments of Executive Summary It's nearly impossible to turn a page in a business journal these days without seeing
More informationShaping the Cloud for the Healthcare Industry
Shaping the Cloud for the Healthcare Industry Louis Caschera Chief Information Officer CareTech Solutions www.caretech.com > 877.700.8324 Information technology (IT) is used by healthcare providers as
More informationInformation Security Program
Stephen F. Austin State University Information Security Program Revised: September 2014 2014 Table of Contents Overview... 1 Introduction... 1 Purpose... 1 Authority... 2 Scope... 2 Information Security
More informationCloud Computing: Legal Risks and Best Practices
Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent
More informationCloud Infrastructure Services for Service Providers VERYX TECHNOLOGIES
Cloud Infrastructure Services for Service Providers VERYX TECHNOLOGIES Meeting the 7 Challenges in Testing and Performance Management Introduction With advent of the cloud paradigm, organizations are transitioning
More informationBusiness white paper Top 10 reasons to choose Cloud-based Archiving
Business white paper Top 10 reasons to choose Cloud-based Archiving Table of contents 3 Reason 1: Equal or better security 4 Reason 2: Lower risk 4 Reason 3: Cost savings 5 Reason 4: Greater data access
More informationNCOE whitepaper Master Data Deployment and Management in a Global ERP Implementation
NCOE whitepaper Master Data Deployment and Management in a Global ERP Implementation Market Offering: Package(s): Oracle Authors: Rick Olson, Luke Tay Date: January 13, 2012 Contents Executive summary
More informationWHITEPAPER. Why Businesses are Embracing Cloud IaaS
WHITEPAPER Why Businesses are Embracing Cloud IaaS Why Businesses Are Embracing Cloud IaaS The rise in virtualization means that businesses of all sizes must be positioned to take advantage of the flexibility,
More informationIBM Cognos TM1 on Cloud Solution scalability with rapid time to value
IBM Solution scalability with rapid time to value Cloud-based deployment for full performance management functionality Highlights Reduced IT overhead and increased utilization rates with less hardware.
More informationGET CLOUD EMPOWERED. SEE HOW THE CLOUD CAN TRANSFORM YOUR BUSINESS.
GET CLOUD EMPOWERED. SEE HOW THE CLOUD CAN TRANSFORM YOUR BUSINESS. Cloud computing is as much a paradigm shift in data center and IT management as it is a culmination of IT s capacity to drive business
More informationDeloitte and Salesforce.com Bringing cloud computing to the banking industry. Cover head Cover head insightful
Deloitte and Salesforce.com Bringing cloud computing to the banking industry Cover head Cover head insightful Retail banking operations are recovering from one of the biggest shocks in industry history.
More informationSaaS A Product Perspective
SaaS A Product Perspective Software-as-a-Service (SaaS) is quickly gaining credibility and market share against traditional packaged software. This presents new opportunities for product groups and also
More informationWhat You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility
Your Guide to Cost, Security, and Flexibility What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility 10 common questions answered Over the last decade, cloud backup, recovery
More informationHow To Design A Cloud Based Infrastructure For Spera
SAP Cloud Infrastructure Services Guiding you through your cloud journey Leveraging the cloud for your SAP environment offers an opportunity to fundamentally transform how your organization operates. If
More informationNAREIM Session: Dangers and challenges of The Cloud. President, NiceNets Consulting, LLC
Main Types of Cloud Environments: - Public Cloud: A service built on an external platform run by a cloud service provider such as IBM, Amazon Web Services or Microsoft Azure. Subscribers can get access
More informationIntegrating GRC with Performance Management Demands Enterprise Solutions
As published in the April n May n June 2008 issue of Integrating GRC with Performance Demands Enterprise Solutions by Lee Dittmar, Principal, Deloitte Consulting LLP and Peter Vogel, Senior Manager, Deloitte
More informationCLOUD MIGRATION STRATEGIES
CLOUD MIGRATION STRATEGIES Faculty Contributor: Dr. Rahul De Student Contributors: Mayur Agrawal, Sudheender S Abstract This article identifies the common challenges that typical IT managers face while
More informationWHITE PAPER: STRATEGIC IMPACT PILLARS FOR EFFICIENT MIGRATION TO CLOUD COMPUTING IN GOVERNMENT
WHITE PAPER: STRATEGIC IMPACT PILLARS FOR EFFICIENT MIGRATION TO CLOUD COMPUTING IN GOVERNMENT IntelliDyne, LLC MARCH 2012 STRATEGIC IMPACT PILLARS FOR EFFICIENT MIGRATION TO CLOUD COMPUTING IN GOVERNMENT
More informationSage ERP I White Paper. ERP and the Cloud: What You Need to Know
I White Paper ERP and the Cloud: What You Need to Know Table of Contents Executive Summary... 3 Increased Interest in Cloud-Based ERP and SaaS Implementations... 3 What is Cloud/SaaS ERP?... 3 Why Interest
More informationKey Considerations of Regulatory Compliance in the Public Cloud
Key Considerations of Regulatory Compliance in the Public Cloud W. Noel Haskins-Hafer CRMA, CISA, CISM, CFE, CGEIT, CRISC 10 April, 2013 w_haskins-hafer@intuit.com Disclaimer Unless otherwise specified,
More informationCFO Insights How CFOs Can Own Analytics
CFO Insights How CFOs Can Own Analytics Much has been made about the unprecedented quantities of data companies collect these days, from their own operations, supply chains, production processes, and customer
More informationData Protection Act 1998. Guidance on the use of cloud computing
Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered
More informationINFORMATION SECURITY SPECIFIC VENDOR COMPLIANCE PROGRAM (VCP) ACME Consulting Services, Inc.
INFORMATION SECURITY SPECIFIC VENDOR COMPLIANCE PROGRAM (VCP) ACME Consulting Services, Inc. Copyright 2016 Table of Contents INSTRUCTIONS TO VENDORS 3 VENDOR COMPLIANCE PROGRAM OVERVIEW 4 VENDOR COMPLIANCE
More informationThe Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing
Your Platform of Choice The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing Mark Cravotta EVP Sales and Service SingleHop LLC Talk About Confusing? Where do I start?
More informationA CIO s Cloud Decision and 7 Lessons Learned From Peers
A CIO s Cloud Decision and 7 Lessons Learned From Peers Find out what advice Wisegate members gave their fellow CIO about moving core applications to the cloud WISEGATE COMMUNITY VIEWPOINTS Introduction
More information3 rd Party Vendor Risk Management
3 rd Party Vendor Risk Management Session 402 Tuesday, June 9, 2015 (11 to 12pm) Session Objectives The need for enhanced reporting on vendor risk management Current outsourcing environment Key risks faced
More informationEmbracing SaaS: A Blueprint for IT Success
Embracing SaaS: A Blueprint for IT Success 2 Embracing SaaS: A Blueprint for IT Success Introduction THIS EBOOK OUTLINES COMPELLING APPROACHES for CIOs to establish and lead a defined software-as-a-service
More informationCFO Insights: Gaining fi nancial visibility into your project portfolio
CFO Insights: Gaining fi nancial visibility into your project portfolio From simple research analyzing competitor data to complex ERP implementations, most work in modern corporations is done in projects.
More informationD-G4-L4-126 Police contact management and demand reduction review Deloitte LLP Service for G-Cloud IV
D-G4-L4-126 Police contact management and demand reduction review Deloitte LLP Service for G-Cloud IV September 2013 Contents 1 Service Overview 1 2 Detailed Service Description 2 3 Commercials 6 4 Our
More informationPrivate vs. Public Cloud Solutions
Private vs. Public Cloud Solutions Selecting the right cloud technology to fit your organization Introduction As cloud storage evolves, different cloud solutions have emerged. Our first cloud whitepaper
More informationNational Market System (NMS) plan
SEC Rule 613: Consolidated Audit Trail National Market System (NMS) plan Considerations for broker-dealers Contents What is SEC Rule 613? 3 Why was Rule 613 proposed? 3 What does CAT mean to broker-dealers?
More informationThe Cloud in Regulatory Affairs - Validation, Risk Management and Chances -
45 min Webinar: November 14th, 2014 The Cloud in Regulatory Affairs - Validation, Risk Management and Chances - www.cunesoft.com Rainer Schwarz Cunesoft Holger Spalt ivigilance 2014 Cunesoft GmbH PART
More informationValidating Enterprise Systems: A Practical Guide
Table of Contents Validating Enterprise Systems: A Practical Guide Foreword 1 Introduction The Need for Guidance on Compliant Enterprise Systems What is an Enterprise System The Need to Validate Enterprise
More informationManaging the Shadow Cloud
Managing the Shadow Cloud Integrating cloud governance into your existing compliance program August 2014 Shadow IT is not a new concept and organizations are well aware of the risks associated with unauthorized
More informationBusiness Transformation with Cloud ERP
Photo copyright 2012 Michael Krigsman. Business Transformation with Cloud ERP Prepared by Michael Krigsman February 2012 NetSuite sponsored this independent white paper; Asuret does not endorse any vendor
More information8 Best Practices to Make Time and Attendance Easy
8 Best Practices to Make Time and Attendance Easy 8 BEST PRACTICES TO MAKE TIME AND ATTENDANCE EASY 2 Accurate time and attendance management is a vital enterprise function, and timely data is critical
More informationSecure Enterprise Mobility Management. Cloud-Based Enterprise Mobility Management. White Paper: soti.net
Secure Enterprise Mobility Management White Paper: Cloud-Based Enterprise Mobility Management soti.net Background Facing a business environment of constant change and increasing complexity, enterprises
More informationService Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard
Information Systems Audit and Controls Association Service Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard February 4, 2014 Tom Haberman, Principal, Deloitte & Touche LLP Reema Singh,
More information7 must-answer questions
7 must-answer questions The SAP Center of Excellence A practical guide for leaders setting a strategy for an SAP COE 1 Good question(s) For organizations with large SAP investments already in place, or
More informationSpecialist Cloud Services Lot 4 Cloud EDRM Consultancy Services
Specialist Cloud Services Lot 4 Cloud EDRM Consultancy Services Page 1 1 Contents 1 Contents... 2 2 Transcend360 Introduction... 3 3 Service overview... 4 3.1 Service introduction... 4 3.2 Service description...
More informationSATURDAY, FEBRUARY 28, 2015 CLE 10 (Ethics) 9:30 a.m. 10:30 a.m. Moving to the Cloud - Identifying & Managing Legal, Ethical and Compliance Risks
SATURDAY, FEBRUARY 28, 2015 CLE 10 (Ethics) 9:30 a.m. 10:30 a.m. Moving to the Cloud - Identifying & Managing Legal, Ethical and Compliance Risks Moving to the Cloud - Identifying & Managing Legal, Ethical
More informationImprove Citizen Experiences: 4 Key Questions For Government Agencies Evaluating CRM Solutions
Vlocity Public Sector White Paper 4 Key Questions For Government Agencies Evaluating CRM Solutions 1 Technology is transforming almost every aspect of our lives, including our interactions with government.
More informationThree Strategies for Implementing HR in the Cloud
Three Strategies for Implementing HR in the Cloud Adoption of cloud-based, software-as-a-service (SaaS) human resource management systems (HRMS) has become one of the hottest trends in HR. According to
More informationCloud Computing Risks in Financial Services Companies: How Attorneys Can Best Help In An Increasingly SaaS-ified World
Cloud Computing Risks in Financial Services Companies: How Attorneys Can Best Help In An Increasingly SaaS-ified World July 30, 2015 Sutherland Webinar Michael Steinig 202.383.0804 Michael.Steinig@sutherland.com
More informationTips For Buying Cloud Infrastructure
27 Tips For Buying Cloud Infrastructure A Comprehensive list of questions to ask yourself when reviewing potential cloud providers By Christopher Wilson @chrisleewilson Table of Contents Intro: Evaluating
More informationOracle Utilities Integration for Device Operations
Oracle Utilities Integration for Device Operations Release Notes Oracle Utilities Meter Data Management v2.0.1.8 Oracle Utilities Operational Device Management v2.0.1 E36211-01 October 2012 Oracle Utilities
More informationThe Changing IT Risk Landscape Understanding and managing existing and emerging risks
The Changing IT Risk Landscape Understanding and managing existing and emerging risks IIA @ Noon Kareem Sadek Senior Manager, Deloitte Canada Chris Close Senior Manager, Deloitte Canada December 2, 2015
More informationHow to ensure control and security when moving to SaaS/cloud applications
How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk
More informationRisk Considerations for Internal Audit
Risk Considerations for Internal Audit Cecile Galvez, Deloitte & Touche LLP Enterprise Risk Services Director Traci Mizoguchi, Deloitte & Touche LLP Enterprise Risk Services Senior Manager February 2013
More informationAgile Cloud-Enabled Services (ACES)
Experience the commitment WHITE PAPER The future of public sector ERP: Agile Cloud-Enabled Services (ACES) The landscape for public sector enterprise resource planning (ERP) system deployments is changing
More informationAdding Cloud Solutions to Customer Contracts Robert J. Scott
Adding Cloud Solutions to Customer Contracts Robert J. Scott MSP vs. Cloud Who owns the hardware? Where does the data reside? Dedicated vs. Multi tenant? Who contracts with 3 rd parties? How are services
More informationCLOUD COMPUTING. 11 December 2013 TOWNSHIP OF KING TATTA 1
CLOUD COMPUTING (outsourcing records storage) TATTA SRINIVASA RECORDS MANAGER 11 December 2013 TOWNSHIP OF KING TATTA 1 Cloud computing A style of computing where scalable and elasticity ITenabled capabilities
More informationCan SaaS be your strategic advantage in building software? Presented by: Paul Gatty, Director of World Wide Operations
Can SaaS be your strategic advantage in building software? Presented by: Paul Gatty, Director of World Wide Operations Topics What is SaaS? How does SaaS differ from managed hosting? Advantages of SaaS
More informationSaaS Adoption Lifecycle in Life-Sciences Companies
www.arisglobal.com A White Paper Presented By ArisGlobal SaaS Adoption Lifecycle in Life-Sciences Companies by Achal Verma, Associate Director - Program Delivery, Cloud Services Abstract With increasing
More informationSoftware-as-a-Service: Managing Key Concerns and Considerations
Software-as-a-Service: Managing Key Concerns and Considerations A research report Publication sponsored by: TABLE OF CONTENTS Introduction: Cloud IT, including SaaS, is Real IT Managing The Key Concerns
More informationSoftware as a Service: Guiding Principles
Software as a Service: Guiding Principles As the Office of Information Technology (OIT) works in partnership with colleges and business units across the University, its common goals are to: substantially
More informationA COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012
A COALFIRE PERSPECTIVE Moving to the Cloud A Summary of Considerations for Implementing Cloud Migration Plans into New Business Platforms NCHELP Spring Convention Panel May 2012 DALLAS DENVER LOS ANGELES
More informationContracting for Cloud Computing
Contracting for Cloud Computing Geofrey L Master Mayer Brown JSM Partner +852 2843 4320 geofrey.master@mayerbrownjsm.com April 5th 2011 Mayer Brown is a global legal services organization comprising legal
More informationCloud Services and Business Process Outsourcing
Cloud Services and Business Process Outsourcing What security concerns surround Cloud Services and Outsourcing? Prepared for the Western NY ISACA Conference April 28 2015 Presenter Kevin Wilkins, CISSP
More information