rubik cloud risks-jun2012

16
Risk Presentation The "Cloud" Risks And Benefits

Upload: shelf-companies-aust

Post on 03-Feb-2015

398 views

Category:

Technology


1 download

DESCRIPTION

A discussion of the risks of cloud computing. While the cloud has compelling benefits, we need to evaluate and mitigate the risks - this presentation identifies some risk categories to consider in using the cloud.

TRANSCRIPT

Page 1: Rubik cloud risks-jun2012

RiskPresentation

The "Cloud"Risks

And Benefits

Page 2: Rubik cloud risks-jun2012

Cloud - What is it?

• Software as a Service (SaaS)• GoTo meeting / Webex• Sales Force• Gmail & Google Docs• Zoho

•Platform as a Service (PaaS)• Force.com• AppEngine - Google• Apple App store• Rubik Bank-in-a-Box

•Infrastructure as a Service (IaaS)• Amazon S3• MS Azure

Note: all logos owned by respective businesses – illustration only

Page 3: Rubik cloud risks-jun2012

Cloud - What is it?

• Characteristics• On demand• Any device• Self service• Pooled resource• Elastic provisioning• Service measurement

• Deployment• Private Cloud• Public Cloud• Hybrids/shared

Page 4: Rubik cloud risks-jun2012

Why worry...

• Your clients are using it

• Your advisers / suppliers will use it (eg. Data rooms, credit decisioning,...)

• You will be / are using it

• Westpac doing risk modelling using cloud compute power

• CBA signing legal documents using it

• Various ADIs (of all sizes from Deutche Bank to the smallest Credit Unions) using for CRM, eMail, Office, Card processing, Collections, Core banking, Internet banking, treasury and more...

• and more are planning to...

Page 5: Rubik cloud risks-jun2012

Technical Risks

• Security• Service interruption • Disaster recovery• Privacy• Data separation

Page 6: Rubik cloud risks-jun2012

Outsourcing Risks

• Intellectual Property• Data• Ownership• Co-mingling• Sovereignty• Sustainability• Compliance

Page 7: Rubik cloud risks-jun2012

Cloud Specific Risks

• Contract / SLA• Liability• Penalties• Reputation• Metrics

Mediocrity Rules in Cloud SLAsSource: Yankee Group, 2011

Page 8: Rubik cloud risks-jun2012

Credit Specific Risks - Client

• Continuity - What happens to client if service provider fails? Can they transfer data and processes?

• Business Interruption - Do Clients have plans that secure data and ensure recovery - these could be accounting, client, sales or other core business assets - has failure been tested?

• Default - How do you get control/access of key Business assets during workout - consents for entry to property, but to data in a cloud data centre? Rights to passwords or control?

Page 9: Rubik cloud risks-jun2012

Credit Specific Risks - Portfolio

• Concentration risk - what if many customers on same platforms - eg. The LinkedIn password loss, a widespread SalesForce failure?

• Country risk - are systems being delivered from countries with poor IT, Network, or governance structures - eg. The Estonia/Russia hacker wars, Stuxnet, Patriot Act

Page 10: Rubik cloud risks-jun2012

So why use the cloud?

• The benefits are too economically and competitively important to ignore

• All of these risks can be mitigated • Often these are hidden risks in internal

business practices – just not evident• Services have already moved to cloud and

so we need to create standards for evaluating risk and managing

Page 11: Rubik cloud risks-jun2012

Final Slide

Rubik Financial Limited

ABN 51 071 707 232

• 10/17 Castlereagh St, Sydney, NSW

• 1/1 Eden Park Drive, Macquarie Park, NSW

• 4/68 St Georges Terrace, Perth , Western Australia

• 24/22 Clifford Centre, Singapore 308900

• PO Box 213314 Dubai UAE

PO Box 4808

Sydney NSW 2001

Phone: +61 2 9488 4000Fax: +61 2 9449 1116

www.rubik.com.au

Page 12: Rubik cloud risks-jun2012

Challenges - what problem are we solving?

• Data silos and maintaining a secure perimeter with legacy design

• Energy consumption and low system usage

• Increased labour costs and pool of professionals spreading and declining

• User demands - used to many web based free, high quality, reliable services with great User Interfaces (UI)

• Data volume growth

Page 13: Rubik cloud risks-jun2012

Technical Benefits

• Provisioning speed• Storage capacity• Agility / flexibility

• Elasticity• Load balancing – burst

• ‘green’ computing – power and resource saving

• Attracts innovators and rapid prototyping• Specialized services – lesson learned can

be shared across multiple tenants

Page 14: Rubik cloud risks-jun2012

Business

• Ease of adaption• Configuration over customisation• Speed to market• Device independence

• Availability• Resilience• Redundancy• Response

• Cost structure• Units - Pay as you grow• Low Capex

Page 15: Rubik cloud risks-jun2012

Security benefits

• Cloud has to be more secure simply because it is the greatest impediment to adopting cloud solutions!

• Some advantages• Data held centrally• Data access, and backup all controlled and logged• System Snapshots for EOM, forensics, training, …• Virtual systems allow easy recovery• Security tests can be more extensive and frequent

• A serious cloud provider will be in conformance with all required security and compliance requirements by design.

Page 16: Rubik cloud risks-jun2012

Hidden benefits

• Legacy free• “Web” Standards - XML, Services• Common defined interfaces• Focus shift

• Processes• Outcomes• Offers

• Third party contracted management of some key business risks