The Cloud IIA Seminar, York April 30 th 2015 www.bakertilly.co.uk
Introduction David Morris Technology Services Director with Baker Tilly Qualified Internal Auditor Based in Manchester Baker Tilly is an independent firm of chartered accountants and business advisers We have almost 3,500 partners and staff generating a fee income of over 300 million.
Introduction 1. Context 2. What is the Cloud? 3. Brief history of the Cloud 4. Cloud providers 5. How big is the Cloud? 6. Uses of the Cloud 7. Why the growth? 8. What holds people back? 9. Outsourcing model 10.Benefits 11.Risks 12.What to look for in a cloud vendor 13.Audit basics 14.Conclusion
Context The big 5 Big Data & Business Intelligence Mobile Computing How can I use technology to... Improve service? manage costs? control operations? mobile-enable staff? The Cloud & Hosting Approach Social Media Internet of things Source: Gartner
Context - Alignment
What is the Cloud...? It's a physical infrastructure consisting of many servers housed in massive warehouses all over the world Servers can be used for running applications online or storing and accessing data Three basic models: Infrastructure-as-a-Service (IaaS) - replace equipment and hardware with a hosted service Platform-as-a-Service (PaaS) - operates for computing platforms and is popular for development and testing of new applications Software-as-a-Service (SaaS) - software runs on the service provider s platform
Brief history of the Cloud The Cloud dates back as far as the 1960 s in its origins idea was for a national grid of computers In 1961, Stanford professor John McCarthy became one of the first people to envision a time-share, service bureau-computing model. This information was posted on Vorsite s website Developments through the 1970 s onwards but the Cloud became more available to the masses in the 1990 s Salesforce.com first to use the Cloud on a large scale in 1999. Amazon launched its own cloud computing platform in 2006 - AWS
Cloud providers Major cloud operators: Google (Drive) Amazon (Cloud Drive) Microsoft (OneDrive) Apple (icloud) Serco Accenture Capita UK Fast Rackspace Outsourcery Foreign & Commonwealth Office The amount of space available through cloud-based service providers like these is confidential nobody wants to give the competition an advantage
How big is the Cloud? we can reach a rough estimate
How big is the Cloud? or to put it another way
How big is the Cloud? The US Federal Government saved $5.5 Billion per year by shifting to Cloud Services. Software as a service applications will be the largest cloud service category by 2015 reaching 67.4 billion. By 2016 36% of all data is expected to be stored in the cloud. Up from 7% in 2013 By 2020 cloud computing will cross the $270 billion mark. 90% of Microsoft's R&D budget is being used to improve cloud technology and security services. Cloud computing will generate some 14 million new jobs worldwide by 2015 icorp / Ramco 2015
Uses of the Cloud Storage Archiving Collaboration Procurement Development and Testing Disaster Recovery Big Data Analytics Office Applications Research Business Applications Web, Mobile & Social Marketing Campaigns
Why the growth? Growth in bandwidth and supporting infrastructure Increasing maturity of Cloud offerings Ever increasing capital investment cost Removal of technology barriers for SMEs Demand for remote access Demand for 24 hour global access Ease of expansion e.g. overseas Document control Environmental issues
What holds people back? Lack of knowledge about the market Cyber security concerns Concerns about loss of control It s an intangible model Concerns about coming in house again Regulated industries Regulatory concerns
Outsourcing model
Benefits Pay as you go cost model - scaleable No IT equipment to worry about or upgrade revenue V capital Implement quicker Focus on what you re good at (management time) Work from anywhere More flexible to demand Reduced reliance on key individuals Staff savings Resilience Automatic software up-dates Environment 16
Risks Perception of data security Rogue implementation of Cloud based software Data location (sometimes offshore) EU rules Software vendors can be relatively new/ or small organisations Getting your data back if the provider goes under Dependency on internet connections Access of staff to free services Choosing the wrong partner Compliance e.g. DPA Client concerns 17
What to look for in a cloud vendor Current client base do they serve similar clients to you? Are they financially stable? How do they provide support? (location, hours, service levels) Security, resilience and DR arrangements? (copies of backup results) Technical validation of internet connection Discounts for bundling more services e.g. telephony, mobile, desktop? What is the migration process? Default data storage/usage volume Don t forget cultural fit can you work with these people? IT certifications
What to look for in a cloud vendor Google recently announced it would automatically encrypt data for paid cloud storage service users. Microsoft are promoting the fact that their cloud services are run from Dublin DropBox have recently introduced DropBox for Business - a secure model designed to allay current security concerns Firms are commissioning third party assurance reports ICO provided guidance on DPA compliance in a cloud environment in 2013 New DPA requirements that are forthcoming in 2016 may have an impact
Audit basics Check policies and procedures Review risk training for staff Check access of staff to free data storage services Check Cloud software purchasing controls Get involved as early as possible in any major changes Do due diligence on proposed partners Look at the contract Ensure right to audit (beware long lead times for access to data centres) Access third party assurance reports ISAE 3402, AAF 0106 etc. Look at the KPIs Relationship management is key Consider contingency arrangements
Conclusion As an organisation, you are probably using the Cloud already Needs to ensure that cloud strategy supports business strategy Ensure that internal audit is not by-passed when such major changes are planned and made Outsource the chores, focus on the core Treat any move to outsourcing as a project business case, project plan etc. Cost savings can be between 10 35% across back office functions Key audit requirements security, integrity, availability- don t change Basic internal audit principles and concerns haven t changed Internal audit have a lot to add
Questions?
Thank you Baker Tilly Technology Services Email: david.morris@bakertilly.co.uk www.bakertilly.co.uk Whilst every care has been taken to ensure that the information provided in this presentation is as accurate as possible, no complete guarantee or warranty can be given with regard to the advice and information contained herein