How to avoid storms in the cloud. The Australian experience and global trends

Similar documents
The GDPR Are you ready?

Testers vs Writers: Pen tests Quality in Assurance Projects. 10 November Defcamp7

Cyber Security. It s not just about technology. May 2017

Survey - Governance, Risk and Compliance

Cyber security and awareness for non-financial services. 24/25 May 2017

Better together. KPMG LLP s GRC Advisory Services for IBM OpenPages implementations. kpmg.com

IT Audit Auditing IT General Controls

Leveraging ediscovery Technology for Internal Audit 2016 Houston IIA 7th Annual Conference

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016

GDPR: A QUICK OVERVIEW

January 25, Digital Governments. From KPMG s Harvey Nash survey to a future of opportunities

Security Hygiene. Be in a defensible position. Be cyber resilient. November 8 th, 2017

Gain Control Over Your Cloud Use with Cisco Cloud Consumption Professional Services

IT Attestation in the Cloud Era

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Cloud Computing Overview. The Business and Technology Impact. October 2013

CYBER CAMPUS KPMG BUSINESS SCHOOL THE CYBER SCHOOL FOR THE REAL WORLD. The Business School for the Real World

Best Practices in Securing a Multicloud World

HIPAA Privacy, Security and Breach Notification

Business Technology Briefing: Fear of Flying, And How You Can Overcome It

ISACA Cincinnati Chapter March Meeting

Auditing IT General Controls

Turning Risk into Advantage

Cloud Computing in the enterprise: Not if, but when and how?

Trough a cyber security lens

Future Shifts in Enterprise Architecture Evolution. IPMA Marlyn Zelkowitz, SAP Industry Business Solutions May 22 nd, 2013

Privacy hacking & Data Theft

EY Norwegian Cloud Maturity Survey 2018

Clarity on Cyber Security. Media conference 29 May 2018

Cloud First Policy General Directorate of Governance and Operations Version April 2017

Agenda. Security essentials. Year in review. College/university challenges. Recommendations. Agenda RSM US LLP. All Rights Reserved.

EU data security and privacy trends

How Secure is Blockchain? June 6 th, 2017

Security Models for Cloud

Accelerate Your Enterprise Private Cloud Initiative

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

Building a Secure and Compliant Cloud Infrastructure. Ben Goodman Principal Strategist, Identity, Compliance and Security Novell, Inc.

Modernising the public sector through the cloud

Mitigating Risks with Cloud Computing Dan Reis

The NIS Directive and Cybersecurity in

Enabling Hybrid Cloud Transformation

Cloud Computing An IT Paradigm Changer

SOC 2 examinations and SOC for Cybersecurity examinations: Understanding the key distinctions

Achieving effective risk management and continuous compliance with Deloitte and SAP

Danish Cloud Maturity Survey 2018

EY s data privacy service offering

1. Muscat & Co Mortgage Solutions Ltd - Privacy Notice

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

in Action Delivering the digital enterprise Human Centric Innovation Ralf Salzmann Manager OEM

A new approach to Cyber Security

Deploying to the Cloud: A Case study on the Development of EHNAC s Cloud Enabled Accreditation Program (CEAP)

Why Converged Infrastructure?

10 Cloud Myths Demystified

DHS Cloud Strategy and Trade Nexus. May 2011

SOC for cybersecurity

Emerging Technologies The risks they pose to your organisations

Cloud Computing, SaaS and Outsourcing

Webtrends Inc. Service Organization Controls (SOC) 3 SM Report on the SaaS Solutions Services System Relevant to Security

Physical security advisory services Securing your organisation s future

Public vs private cloud for regulated entities

Solution Brief: VMware vcloud Director and Cisco Nexus 1000V

Cloud Computing: A European Perspective. Rolf von Roessing CISA, CGEIT, CISM International Vice President, ISACA

Ian Speller CISM PCIP MBCS. Head of Corporate Security at Sopra Steria

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

Cybersecurity Protecting your crown jewels

Data Management and Security in the GDPR Era

EY Norwegian Cloud Maturity Survey Current and planned adoption of cloud services

A sharper focus on internal controls

How to ensure control and security when moving to SaaS/cloud applications

Data Protection. Plugging the gap. Gary Comiskey 26 February 2010

Cybersecurity and Data Protection Developments

SOC Lessons Learned and Reporting Changes

Demystifying Governance, Risk, and Compliance (GRC) with 4 Simple Use Cases. Gen Fields Senior Solution Consultant, Federal Government ServiceNow

ACCENTURE & COMMVAULT ACCENTURE CLOUD INNOVATION CENTER

GDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd

Vulnerability Management. June Risk Advisory

Cloud Computing Introduction & Offerings from IBM

Data Security: Public Contracts and the Cloud

Never a dull moment. Media Conference «Clarity on Cyber Security» 24 May 2016

Cyber Diligence. EY Deals Forum Ian McCaw EY Transaction Advisory Services

Aon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary

The HIPAA Security & Privacy Rule How Municipalities Can Prepare for Compliance

CompTIA Cloud Essentials Certification Exam Objectives EXAM NUMBER: CLO-001

Cloud Computing Private Cloud

Common approaches to management. Presented at the annual conference of the Archives Association of British Columbia, Victoria, B.C.

COMPTIA CLO-001 EXAM QUESTIONS & ANSWERS

Martijn Loderus. Merritt Maxim. Principal Analyst Forrester. Director & Global Practice Partner for Advisory Consulting Janrain

PREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.

Choosing a Secure Cloud Service Provider

CIPP/E CIPT. Data Protection Technologist (DPT) Training Bundle Official IAPP Training and Certification

Maintaining Security Parity in the Shift to Cloud and Mobile Applications. Jamie Yu, Clark Sessions Cisco Systems October 2016

Introduction to AWS GoldBase

10 Considerations for a Cloud Procurement. March 2017

Three Key Challenges Facing ISPs and Their Enterprise Clients

Data Security and Privacy Principles IBM Cloud Services

Cloud Computing. January 2012 CONTENT COMMUNITY CONVERSATION CONVERSION

ACCENTURE & HITACHI VANTARA ACCENTURE CLOUD INNOVATION CENTER

Practical Guide to Cloud Computing Version 2. Read whitepaper at

Managing SaaS risks for cloud customers

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

Transcription:

How to avoid storms in the cloud The Australian experience and global trends

Discussion Topics 1. Understanding Cloud and Benefits 2. KPMG research The Australian Experience and Global Trends 3. Considerations for Operating in Cloud 4. Regulation and Compliance 5. Security and Privacy 6. Data and Technology

Understanding the Cloud Environment Software as a Service Cloud Service Models Platform as a Service Infrastructure as a Service SaaS PaaS IaaS Private Cloud Deployment Models Operated for a single organisation typically controlled,managed and hosted in a private data centre Business operations over a network Deploy customercreated applications to a cloud Rentstorage, processing, network and other computing resources Public Available to multiple organisationsona shared basis and hosted/managed by a third party Community Shared by several related organisations Cloud Environment Characteristics: On-Demand Self-Service Internet Accessibility Pooled Resources Elastic Capacity Usage- Based Billing 3

4

Cloud Adoption Australian Information Industry Association 5

Cloud Adoption Australian Information Industry Association Australian Cloud Market at early stages Private over Public KPMG s analysis shows cost benefits: lower operating costs by 25% lower capital costs by 50% Productivity improvements (increased output per unit of cost) Innovation (Ability to deliver new and evolving products) Frost and Sullivan Survey 43% in Aus using Cloud up from 35% in 2010. In ASPAC22% will budget more than 20% of annual IT expenditure on Cloud 6

Cloud Adoption KPMG Global Study 7

Impact of Cloud on Business Operations Adopting cloud has a big impact on IT, but it doesn t stop there. Critical business operations are also affected. Organisationsneed an enterprise-wide approach that takes in the crossfunctional effects of cloud Your approach may vary, depending on your cloud service model, your deployment model, and the maturity of existing business and IT processes Lessons learned from outsourcing apply in the cloud Business Operations Financial Management and Tax Security and Privacy Operational Data & Technology Regulatory and Compliance Vendor Management 8

Regulatory and Compliance (Australian Focus) APRA Outsourcing Policy Off Shoring arrangements Risk Based approach Audit Arrangements BCM Considerations Information security accountability and audit trails Australian Government Public Service Act 1999 Freedom of Information Act 1982 Privacy Act 1988 Archives Act 1983 Evidence Act 1995 Copy Right Act 1968 Electronic Transactions Act 1999 Information Privacy Principles Disclosure Storage and security Data segregation Data destruction Transborder data flow agencies may choose to use cloud computing services where they provide value for money and adequate security 9

Considerations for Operating in Cloud Regulatory & Compliance Regulatory and Compliance Breach and Disclosure Challenges/Implications Lack of visibility into the CSP s operations inhibits analysis of its compliance with pertinent laws and regulations Complexity of records management/records retention creates challenges Lack of industry standards and certifications for cloud providers creates risks Data Location Assurance Collaborative Risk Assessment E-Discovery 10

Considerations for Operating in Cloud Security & Privacy Security and Privacy Data Access Challenges/Implications Data may be stored in cloud (1) without customer segregation, allowing accidental or malicious disclosure to third parties and/or (2) in a legal jurisdiction where the data subject is not protected Loss of governance of critical security areas Weak logical access controls due to cloud vendor s IAM immaturity Security Risk Assessment Data Governance Privacy Security Requirements 11

Considerations for Operating in Cloud Data & Technology Data & Technology IT Solution Delivery Challenges/Implications There is a risk of creating independent silos of information and creating issues with data integrity, quality, and insight Business can bypass the IT function to implement cloud solutions, making IT governance challenging Cloud dramatically changes how IT delivers services Cloud adoption opens the four Data Center walls, creating new risks IT Service Management Service Catalog Data Governance Technology Strategy & Architecture 12

Key Take-Aways IT Professionals Work closely with the business Evaluate interoperability Refine the role of the CIO Risk and Internal Audit Professionals Risk and controls in cloud selection Traditional IT controls may not support assurance programs Determine how cloud impacts regulatory and compliance requirements

Key Take-Aways (cont) Considerations for moving to the cloud vary by organisation. Make an informed decision. Cloud is not about technology and affects all aspects of business Implement lessons learned from the IT Outsourcing experience Constantly monitor the marketplace

Thank you! Angela Pak Associate Director, IT Advisory Tel: 9263 7202 Mob: 0403 326 790 apak@kpmg.com.au

All information provided is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation. 2012 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. The KPMG name, logo and "cutting through complexity" are registered trademarks or trademarks of KPMG International Cooperative ("KPMG International").

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback