rubik cloud risks-jun2012
DESCRIPTION
A discussion of the risks of cloud computing. While the cloud has compelling benefits, we need to evaluate and mitigate the risks - this presentation identifies some risk categories to consider in using the cloud.TRANSCRIPT
![Page 1: Rubik cloud risks-jun2012](https://reader033.vdocument.in/reader033/viewer/2022061300/54d0f1504a795988238b457c/html5/thumbnails/1.jpg)
RiskPresentation
The "Cloud"Risks
And Benefits
![Page 2: Rubik cloud risks-jun2012](https://reader033.vdocument.in/reader033/viewer/2022061300/54d0f1504a795988238b457c/html5/thumbnails/2.jpg)
Cloud - What is it?
• Software as a Service (SaaS)• GoTo meeting / Webex• Sales Force• Gmail & Google Docs• Zoho
•Platform as a Service (PaaS)• Force.com• AppEngine - Google• Apple App store• Rubik Bank-in-a-Box
•Infrastructure as a Service (IaaS)• Amazon S3• MS Azure
Note: all logos owned by respective businesses – illustration only
![Page 3: Rubik cloud risks-jun2012](https://reader033.vdocument.in/reader033/viewer/2022061300/54d0f1504a795988238b457c/html5/thumbnails/3.jpg)
Cloud - What is it?
• Characteristics• On demand• Any device• Self service• Pooled resource• Elastic provisioning• Service measurement
• Deployment• Private Cloud• Public Cloud• Hybrids/shared
![Page 4: Rubik cloud risks-jun2012](https://reader033.vdocument.in/reader033/viewer/2022061300/54d0f1504a795988238b457c/html5/thumbnails/4.jpg)
Why worry...
• Your clients are using it
• Your advisers / suppliers will use it (eg. Data rooms, credit decisioning,...)
• You will be / are using it
• Westpac doing risk modelling using cloud compute power
• CBA signing legal documents using it
• Various ADIs (of all sizes from Deutche Bank to the smallest Credit Unions) using for CRM, eMail, Office, Card processing, Collections, Core banking, Internet banking, treasury and more...
• and more are planning to...
![Page 5: Rubik cloud risks-jun2012](https://reader033.vdocument.in/reader033/viewer/2022061300/54d0f1504a795988238b457c/html5/thumbnails/5.jpg)
Technical Risks
• Security• Service interruption • Disaster recovery• Privacy• Data separation
![Page 6: Rubik cloud risks-jun2012](https://reader033.vdocument.in/reader033/viewer/2022061300/54d0f1504a795988238b457c/html5/thumbnails/6.jpg)
Outsourcing Risks
• Intellectual Property• Data• Ownership• Co-mingling• Sovereignty• Sustainability• Compliance
![Page 7: Rubik cloud risks-jun2012](https://reader033.vdocument.in/reader033/viewer/2022061300/54d0f1504a795988238b457c/html5/thumbnails/7.jpg)
Cloud Specific Risks
• Contract / SLA• Liability• Penalties• Reputation• Metrics
Mediocrity Rules in Cloud SLAsSource: Yankee Group, 2011
![Page 8: Rubik cloud risks-jun2012](https://reader033.vdocument.in/reader033/viewer/2022061300/54d0f1504a795988238b457c/html5/thumbnails/8.jpg)
Credit Specific Risks - Client
• Continuity - What happens to client if service provider fails? Can they transfer data and processes?
• Business Interruption - Do Clients have plans that secure data and ensure recovery - these could be accounting, client, sales or other core business assets - has failure been tested?
• Default - How do you get control/access of key Business assets during workout - consents for entry to property, but to data in a cloud data centre? Rights to passwords or control?
![Page 9: Rubik cloud risks-jun2012](https://reader033.vdocument.in/reader033/viewer/2022061300/54d0f1504a795988238b457c/html5/thumbnails/9.jpg)
Credit Specific Risks - Portfolio
• Concentration risk - what if many customers on same platforms - eg. The LinkedIn password loss, a widespread SalesForce failure?
• Country risk - are systems being delivered from countries with poor IT, Network, or governance structures - eg. The Estonia/Russia hacker wars, Stuxnet, Patriot Act
![Page 10: Rubik cloud risks-jun2012](https://reader033.vdocument.in/reader033/viewer/2022061300/54d0f1504a795988238b457c/html5/thumbnails/10.jpg)
So why use the cloud?
• The benefits are too economically and competitively important to ignore
• All of these risks can be mitigated • Often these are hidden risks in internal
business practices – just not evident• Services have already moved to cloud and
so we need to create standards for evaluating risk and managing
![Page 11: Rubik cloud risks-jun2012](https://reader033.vdocument.in/reader033/viewer/2022061300/54d0f1504a795988238b457c/html5/thumbnails/11.jpg)
Final Slide
Rubik Financial Limited
ABN 51 071 707 232
• 10/17 Castlereagh St, Sydney, NSW
• 1/1 Eden Park Drive, Macquarie Park, NSW
• 4/68 St Georges Terrace, Perth , Western Australia
• 24/22 Clifford Centre, Singapore 308900
• PO Box 213314 Dubai UAE
PO Box 4808
Sydney NSW 2001
Phone: +61 2 9488 4000Fax: +61 2 9449 1116
www.rubik.com.au
![Page 12: Rubik cloud risks-jun2012](https://reader033.vdocument.in/reader033/viewer/2022061300/54d0f1504a795988238b457c/html5/thumbnails/12.jpg)
Challenges - what problem are we solving?
• Data silos and maintaining a secure perimeter with legacy design
• Energy consumption and low system usage
• Increased labour costs and pool of professionals spreading and declining
• User demands - used to many web based free, high quality, reliable services with great User Interfaces (UI)
• Data volume growth
![Page 13: Rubik cloud risks-jun2012](https://reader033.vdocument.in/reader033/viewer/2022061300/54d0f1504a795988238b457c/html5/thumbnails/13.jpg)
Technical Benefits
• Provisioning speed• Storage capacity• Agility / flexibility
• Elasticity• Load balancing – burst
• ‘green’ computing – power and resource saving
• Attracts innovators and rapid prototyping• Specialized services – lesson learned can
be shared across multiple tenants
![Page 14: Rubik cloud risks-jun2012](https://reader033.vdocument.in/reader033/viewer/2022061300/54d0f1504a795988238b457c/html5/thumbnails/14.jpg)
Business
• Ease of adaption• Configuration over customisation• Speed to market• Device independence
• Availability• Resilience• Redundancy• Response
• Cost structure• Units - Pay as you grow• Low Capex
![Page 15: Rubik cloud risks-jun2012](https://reader033.vdocument.in/reader033/viewer/2022061300/54d0f1504a795988238b457c/html5/thumbnails/15.jpg)
Security benefits
• Cloud has to be more secure simply because it is the greatest impediment to adopting cloud solutions!
• Some advantages• Data held centrally• Data access, and backup all controlled and logged• System Snapshots for EOM, forensics, training, …• Virtual systems allow easy recovery• Security tests can be more extensive and frequent
• A serious cloud provider will be in conformance with all required security and compliance requirements by design.
![Page 16: Rubik cloud risks-jun2012](https://reader033.vdocument.in/reader033/viewer/2022061300/54d0f1504a795988238b457c/html5/thumbnails/16.jpg)
Hidden benefits
• Legacy free• “Web” Standards - XML, Services• Common defined interfaces• Focus shift
• Processes• Outcomes• Offers
• Third party contracted management of some key business risks