Risk & Compliance

ADVISORY

Cloud Computing Paradigm shift and considerations

September 2010

drs. Mike Chung RE

© 2010 KPMG ELLP, the member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the Netherlands

Contents

• Paradigm shift: from on-premise technology to on-demand services

• Considerations: how to orchestrate

• Steps forward: how to prepare for the next phase

© 2010 KPMG ELLP, the member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the Netherlands

Paradigm shift: current challenges for corporations

• Cost savings

– Economical low tide

– Ever increasing cost of IT

• More agility

– Fluctuating demand

– Mobile workforce

• Innovation

– Faster time-to-market

– On-demand requirements

© 2010 KPMG ELLP, the member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the Netherlands

Paradigm shift: IT as an hindrance

• Increasing expenditures

– Higher cost for design, development, implementation and maintenance

– Higher energy cost

• Rigid

– Static supply of IT resources

– Based on traditional client-server principle

• Too complex to change

– Spaghetti of interfaces

– Various IT models

© 2010 KPMG ELLP, the member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the Netherlands

Paradigm shift: cloud computing as the model of choice

• Transparent cost structures

– Pay for what you use

– Marginal CapEx and operational cost

• Flexible

– Easy to upscale and to downsize

– Accessible from multiple points on the internet

• On-demand

– Instantly available

– IT as commodity

© 2010 KPMG ELLP, the member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the Netherlands

Considerations: orchestration

• From technological complexity to governance challenges

– Hybrid environment of internal IT, outsourced parts and cloud computing

– Complex ecosystem of the cloud (integrators, aggregators, vendors and third parties)

• Less control

– IT assets outside the internal perimeter

– Vendor lock-in

• Ever changing landscape

– Hard-to-predict pace of changes and dominant standards

– New services and niche players

© 2010 KPMG ELLP, the member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the Netherlands

Considerations: assurance on security as an example

• External data storage

– Logging and monitoring

– Backup and recovery

• Multi-tenancy/resource pooling

– Data - and resource segregation

– Identity & Access Management

• Conflicting controls and legislations

– Vendor’s security controls versus internal requirements

– Global delivery of services versus national/local legislations

© 2010 KPMG ELLP, the member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the Netherlands

Considerations: assurance on security in practice

• Standards for ‘traditional IT’

– Partly obsolete and partly irrelevant

– Static standards versus dynamic reality

• Free format auditing statements

– Many variations on approach and controls

– Wide intervals

• Competent auditors?

– Existing standards and controls as starting points

– Emphasis on IT management processes

© 2010 KPMG ELLP, the member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the Netherlands

Steps forward: devise strategy

• Which parts can be moved to the cloud?

– Define available cloud services versus business needs

– Determine commodity services versus business specific services

• What is the business case?

– Assess options

– Assess depreciation and life cycle of IT assets

• What is the roadmap?

– Define migration/transition

– Define architecture and orchestration

© 2010 KPMG ELLP, the member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the Netherlands

Steps forward: assess and manage risks

• What is the ecosystem?

– Identify parties involved and their roles

– Assess different incident/problem scenarios

• What is the difference?

– Assess current situation versus future state

– Identify which risks and mitigations are applicable

• Which dimensions must be covered?

– Assess risks on various dimensions (compliance, vendor, technology, data, operation, finance)

– Determine responsibilities and accountabilities

© 2010 KPMG ELLP, the member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the Netherlands

Steps forward: keep your eyes open

• What is the impact on the (IT) organization?

– Diminishing role of the internal IT department

– Importance of contract - and vendor management

– New possibilities and responsibilities

• What will the cloud market bring?

– More confusion and diffusion

– Requirement-driven services

– Oligarchisation of IT

© 2010 KPMG ELLP, the member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the Netherlands

Contact

Drs. Mike Chung RE

Manager

KPMG Advisory N.V.

E-mail: chung.mike@kpmg.nl

Mobile: +31 (0)6 1455 9916

© 2010 KPMG ELLP, the member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the Netherlands

About the conductor

• Willem Mengelberg (1871 – 1951) was one of the most famous and celebrated conductors of his generation

• He has been the principal conductor of Amsterdam’s Concertgebouw Orchestra for over 45 years

• He was praised for his orchestral conductings of the works of Gustav Mahler, Richard Strass and Béla Bartók

• Richard Strass dedicated his masterpiece ‘Ein Heldenleben’ to Willem Mengelberg and the Concertgebouw Orchestra

• Mengelberg was banned by the Dutch government after the Second World War

• Although he was never fully rehabilitated, Mengelberg’s recordings are still enjoyed by millions of admirers all over the world