RiskPresentation
The "Cloud"Risks
And Benefits
Cloud - What is it?
• Software as a Service (SaaS)• GoTo meeting / Webex• Sales Force• Gmail & Google Docs• Zoho
•Platform as a Service (PaaS)• Force.com• AppEngine - Google• Apple App store• Rubik Bank-in-a-Box
•Infrastructure as a Service (IaaS)• Amazon S3• MS Azure
Note: all logos owned by respective businesses – illustration only
Cloud - What is it?
• Characteristics• On demand• Any device• Self service• Pooled resource• Elastic provisioning• Service measurement
• Deployment• Private Cloud• Public Cloud• Hybrids/shared
Why worry...
• Your clients are using it
• Your advisers / suppliers will use it (eg. Data rooms, credit decisioning,...)
• You will be / are using it
• Westpac doing risk modelling using cloud compute power
• CBA signing legal documents using it
• Various ADIs (of all sizes from Deutche Bank to the smallest Credit Unions) using for CRM, eMail, Office, Card processing, Collections, Core banking, Internet banking, treasury and more...
• and more are planning to...
Technical Risks
• Security• Service interruption • Disaster recovery• Privacy• Data separation
Outsourcing Risks
• Intellectual Property• Data• Ownership• Co-mingling• Sovereignty• Sustainability• Compliance
Cloud Specific Risks
• Contract / SLA• Liability• Penalties• Reputation• Metrics
Mediocrity Rules in Cloud SLAsSource: Yankee Group, 2011
Credit Specific Risks - Client
• Continuity - What happens to client if service provider fails? Can they transfer data and processes?
• Business Interruption - Do Clients have plans that secure data and ensure recovery - these could be accounting, client, sales or other core business assets - has failure been tested?
• Default - How do you get control/access of key Business assets during workout - consents for entry to property, but to data in a cloud data centre? Rights to passwords or control?
Credit Specific Risks - Portfolio
• Concentration risk - what if many customers on same platforms - eg. The LinkedIn password loss, a widespread SalesForce failure?
• Country risk - are systems being delivered from countries with poor IT, Network, or governance structures - eg. The Estonia/Russia hacker wars, Stuxnet, Patriot Act
So why use the cloud?
• The benefits are too economically and competitively important to ignore
• All of these risks can be mitigated • Often these are hidden risks in internal
business practices – just not evident• Services have already moved to cloud and
so we need to create standards for evaluating risk and managing
Final Slide
Rubik Financial Limited
ABN 51 071 707 232
• 10/17 Castlereagh St, Sydney, NSW
• 1/1 Eden Park Drive, Macquarie Park, NSW
• 4/68 St Georges Terrace, Perth , Western Australia
• 24/22 Clifford Centre, Singapore 308900
• PO Box 213314 Dubai UAE
PO Box 4808
Sydney NSW 2001
Phone: +61 2 9488 4000Fax: +61 2 9449 1116
www.rubik.com.au
Challenges - what problem are we solving?
• Data silos and maintaining a secure perimeter with legacy design
• Energy consumption and low system usage
• Increased labour costs and pool of professionals spreading and declining
• User demands - used to many web based free, high quality, reliable services with great User Interfaces (UI)
• Data volume growth
Technical Benefits
• Provisioning speed• Storage capacity• Agility / flexibility
• Elasticity• Load balancing – burst
• ‘green’ computing – power and resource saving
• Attracts innovators and rapid prototyping• Specialized services – lesson learned can
be shared across multiple tenants
Business
• Ease of adaption• Configuration over customisation• Speed to market• Device independence
• Availability• Resilience• Redundancy• Response
• Cost structure• Units - Pay as you grow• Low Capex
Security benefits
• Cloud has to be more secure simply because it is the greatest impediment to adopting cloud solutions!
• Some advantages• Data held centrally• Data access, and backup all controlled and logged• System Snapshots for EOM, forensics, training, …• Virtual systems allow easy recovery• Security tests can be more extensive and frequent
• A serious cloud provider will be in conformance with all required security and compliance requirements by design.
Hidden benefits
• Legacy free• “Web” Standards - XML, Services• Common defined interfaces• Focus shift
• Processes• Outcomes• Offers
• Third party contracted management of some key business risks