2nd Annual Future of Cloud Computing in Financial Services<br />Cloud computing:  What you need to know as an Australian F...
A Perspective on Cloud<br />MauritsCornelis Escher (1898-1972) - most famous for his artworks of so-called impossible stru...
A Perspective on Cloud<br />MauritsCornelis Escher (1898-1972) - most famous for his artworks of so-called impossible stru...
A Perspective on Cloud<br />It all depends on your perspective…<br /><ul><li>No absolutely precise definition
No defined standards
It can mean different things to different people under different circumstances  </li></li></ul><li>A Perspective on Cloud<...
Why did I write a book on Cloud<br />I wrote a book I could not buy:<br /><ul><li>Specifically for business leaders
Plain English, with a commercial, not IT focus
Providing an independent decision making framework, hence the title ‘Navigating through the Cloud’.  </li></ul>Hard to fin...
By vendors and PR feeding media
By vendor affiliates
By system integrators (mostly certified in specific technologies)
Analysts at too high a level to be practical in the specifics</li></ul>Stressed Cloud implementations not visible, resulti...
What I’ll be covering:<br />The next few years – a transition from confusion to calm<br />Migrating to public Cloud …. ‘a ...
1. Cloud: A definition and some key attributes<br />A definition<br /><ul><li>[Public] Cloud is a very broad term for ‘IT ...
The various components are all run by an external party, and you do not own anything, other than the data that you load in...
Next few years – from confusion to calm<br />“There are known knowns. These are things we know that we know. There are kno...
 Next few years – from confusion to calm<br />Gartner Hype Cycle 2006 – Cloud not even mentioned<br />
 Next few years – from confusion to calm<br />Gartner Hype Cycle 2011 – Cloud has very it’s own cycle<br />
2. Migrating to public Cloud: A ‘ready-reckoner’.<br />If the answer to these questions are YES, then you should be able t...
2. Migrating to public Cloud: A ‘ready-reckoner’.<br />If the answer to these questions are YES, then you should be able t...
3. The consumerisation of IT<br />… also known as the ‘democratisation’ of IT<br />Fuelled by Cloud and pervasively access...
3. The consumerisation of IT<br />Individuals have unprecedented access to all type of IT systems, from email, file storag...
Personal choice and immediacy reigns supreme
Buy it / use it without necessarily a long term in mind
‘Apps’ – for iPhone™, Android™, etc</li></ul>For enterprises, however, this presents a number of challenges for the unwary...
4. The intrinsic appeal of Cloud to organisations<br />Common influences include…….<br />It is available immediately <br /...
5. Key considerations for the adoption by organisations<br /><ul><li>Privacy
Records management
Security
Risk
Cost
Commercial, legal and contractual
Upcoming SlideShare
Loading in …5
×

Cloud computing: What you need to know as an Australian Finance Director

687 views
631 views

Published on

Cloud computing: What you need to know as an Australian Finance Director.
Presentation made to 2nd Annual Future of Cloud Computing in Financial Services Conference in Sydney and Melbourne - September 2011
All rights reserved: FST Media and Rob Livingstone Advisory

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
687
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Cloud computing: What you need to know as an Australian Finance Director

  1. 1. 2nd Annual Future of Cloud Computing in Financial Services<br />Cloud computing: What you need to know as an Australian Finance Director<br />ROB LIVINGSTONE,<br />Fellow, Faculty of Engineering and Information Technology<br />Sydney 16th September 2011<br />
  2. 2. A Perspective on Cloud<br />MauritsCornelis Escher (1898-1972) - most famous for his artworks of so-called impossible structures, such as Ascending and Descending, Relativity, his Transformation Prints and more<br />Relativity by M. Escher<br />
  3. 3. A Perspective on Cloud<br />MauritsCornelis Escher (1898-1972) - most famous for his artworks of so-called impossible structures, such as Ascending and Descending, Relativity, his Transformation Prints and more<br />Relativity by M. Escher<br />
  4. 4. A Perspective on Cloud<br />It all depends on your perspective…<br /><ul><li>No absolutely precise definition
  5. 5. No defined standards
  6. 6. It can mean different things to different people under different circumstances </li></li></ul><li>A Perspective on Cloud<br />Cloud is about getting from one place to a better place,<br />…. however ….<br />The challenge is to know the risks and the endpoint with certainty<br />To that end……<br />
  7. 7. Why did I write a book on Cloud<br />I wrote a book I could not buy:<br /><ul><li>Specifically for business leaders
  8. 8. Plain English, with a commercial, not IT focus
  9. 9. Providing an independent decision making framework, hence the title ‘Navigating through the Cloud’. </li></ul>Hard to find technology agnostic, vendor independent and experienced practitioners who can see the whole picture from a business perspective<br />Most public information generated<br /><ul><li>By bloggers (variable quality) and discussion groups
  10. 10. By vendors and PR feeding media
  11. 11. By vendor affiliates
  12. 12. By system integrators (mostly certified in specific technologies)
  13. 13. Analysts at too high a level to be practical in the specifics</li></ul>Stressed Cloud implementations not visible, resulting in a biased view that Cloud is quick, easy and lowers cost.<br />There’s so much confusion and ‘Hype’ at the moment<br />
  14. 14. What I’ll be covering:<br />The next few years – a transition from confusion to calm<br />Migrating to public Cloud …. ‘a ready-reckoner’.<br />The consumerisation of IT<br />The intrinsic appeal of Cloud to organisations<br />Some Key considerations<br />The future is now<br />Questions and discussion<br />
  15. 15. 1. Cloud: A definition and some key attributes<br />A definition<br /><ul><li>[Public] Cloud is a very broad term for ‘IT systems accessed via the Internet’. …. and
  16. 16. The various components are all run by an external party, and you do not own anything, other than the data that you load into the system.</li></ul>The primary attributes of Cloud systems are:<br />You subscribe to the service<br />The system is accessed via the Internet<br />You neither have control nor title over the Cloud system<br />You have limited to full title over the data that you upload<br />The system is scalable (within limits)<br />
  17. 17. Next few years – from confusion to calm<br />“There are known knowns. These are things we know that we know. There are known unknowns. That is to say, there are things that we know we don't know. But there are also unknown unknowns. There are things we don't know we don't know” <br />- Former US Defense secretary Donald Rumsfeld , 2002<br />Let’s start our Cloud journey to turn the unknowns into knowns!<br />
  18. 18. Next few years – from confusion to calm<br />Gartner Hype Cycle 2006 – Cloud not even mentioned<br />
  19. 19. Next few years – from confusion to calm<br />Gartner Hype Cycle 2011 – Cloud has very it’s own cycle<br />
  20. 20. 2. Migrating to public Cloud: A ‘ready-reckoner’.<br />If the answer to these questions are YES, then you should be able to progress relatively swiftly through your journey to Cloud computing :<br />Is this a completely new system?... AND……<br />Will the system always be standalone? (i.e. you do not need to build any system interfaces)<br />Are your business requirements likely to remain relatively static?<br />If the vendor goes out of business do you have a workaround?<br />Is the migration cost (Incl. write-off) for outgoing systems minimal?<br />Are the Cloud system boundaries clearly defined?<br />Are managerial accountabilities clearly defined and assigned?<br />Is there an immediate ‘crisis’ on your hands and Cloud is the only realistic alternative given its immediate availability?<br />Are you comfortable in having your data (possibly) resident in a foreign legal jurisdiction?<br />
  21. 21. 2. Migrating to public Cloud: A ‘ready-reckoner’.<br />If the answer to these questions are YES, then you should be able to progress relatively swiftly through your journey to Cloud computing :<br />Is your data in the Cloud free from any state or federal record retention laws?<br />Can you manage, maintain and configure the system without the need for IT programmers or other IT specialists?<br />Can you implement the system without a major re-design of your business processes?<br />Is your data free from specific legislation (Eg Privacy Act) or is not subject to contractual obligations (eg major customer contract)? <br />Are you happy placing your most sensitive / critical and important intellectual property in the Cloud?<br />Are you looking to use the Cloud system for a short period of time only? (ie: Serving a short term need such as a major project)<br />
  22. 22. 3. The consumerisation of IT<br />… also known as the ‘democratisation’ of IT<br />Fuelled by Cloud and pervasively accessible web based applications as an individual ….<br />I see it, I like it, I want it, I buy it (or it’s free!), I use it – Now!<br />
  23. 23. 3. The consumerisation of IT<br />Individuals have unprecedented access to all type of IT systems, from email, file storage, banking, shipping, social networking (eg Facebook™ ).. The list is almost endless.<br />What is meant by ‘consumerisation’ of IT?<br /><ul><li>Individuals can use / buy systems as they see fit.
  24. 24. Personal choice and immediacy reigns supreme
  25. 25. Buy it / use it without necessarily a long term in mind
  26. 26. ‘Apps’ – for iPhone™, Android™, etc</li></ul>For enterprises, however, this presents a number of challenges for the unwary<br />
  27. 27. 4. The intrinsic appeal of Cloud to organisations<br />Common influences include…….<br />It is available immediately <br /><ul><li>Potentially, the system can be operational with hours, days or weeks.</li></ul>It allows you to ‘Buy before you try’……<br /><ul><li>Buy a few user subscriptions and try the system. If it does not meet your needs, the walk-away costs are negligible</li></ul>Avoids dealing with the IT Department<br /><ul><li>Avoids having to possibly deal with an internal IT department that may appear to be slow, inflexible or indifferent to Cloud.</li></ul>Avoids the need for up-front capital / financing<br /><ul><li>‘Pay as you go’</li></ul>Appears to be low cost<br /><ul><li>$100/user/month is a lot cheaper than $2Million upfront </li></ul>… or is it?<br />
  28. 28. 5. Key considerations for the adoption by organisations<br /><ul><li>Privacy
  29. 29. Records management
  30. 30. Security
  31. 31. Risk
  32. 32. Cost
  33. 33. Commercial, legal and contractual
  34. 34. Vendor contracts
  35. 35. Regulatory
  36. 36. Governance</li></li></ul><li>5. The key considerations for organisations: <br />Privacy<br />Privacy:<br /><ul><li>What National Privacy Principles apply [eg: under The Privacy Act 1988] to your instance of the Cloud system?
  37. 37. If your vendor is an overseas entity, how can you assure that Australian Privacy legislation mandates are met, not only now, but should they change in the future.</li></ul>International jurisdictions<br /><ul><li>On some foreign legal jurisdictions, Government agencies are able to demand access to your system. Examples of this are USA Patriot Act (2001)
  38. 38. Singapore, Russia and others have similar legislation
  39. 39. Data crossing multiple jurisdictions</li></li></ul><li>5. The key considerations for organisations: <br />Records management<br />Archival:<br /><ul><li>What Records management standards apply to which specific category of HR records?
  40. 40. Payroll, Tax, OH&S, etc
  41. 41. How do you guarantee the authenticity of records that are ‘born digital’ (that never end up on paper) if you change cloud providers?.</li></ul>Discovery <br /><ul><li>Should you be subject to legal discovery, will you be able to reproduce documents in their original form?</li></ul>Records Destruction<br /><ul><li>Will your Cloud provider be able to guarantee specific record destruction across all mirror sites, cyclic backups, system archives etc ?</li></li></ul><li>5. The key considerations for organisations: <br />Security<br />Cloud concentrates the risk of security breach.<br /><ul><li>One provider can service thousands of customers (eg Distribute.IT lost 4,800 websites)</li></ul>Unauthorised or accidental access<br />Denial of service attack <br />What data transmission standards and protocols are guaranteed?<br />Which security standards apply, and to which components of the vendor’s infrastructure?<br /><ul><li>Review the statement of applicability (SOA) of the appropriate Certification
  42. 42. Is your Cloud solution in-scope of the SOA?</li></li></ul><li>5. The key considerations for organisations: <br />Security<br />http://trust.cased.de/AMID<br />
  43. 43. 5. The key considerations for organisations: <br />Risk<br />Risk transfer<br /><ul><li>Can I buy insurance in the event of a problem with the Cloud?</li></ul>Can you implement a Cloud Escrow arrangement in case the provider folds?<br /><ul><li>Some Cloud providers cannot offer Escrow due to the technical design of their infrastructure</li></ul>Does the provider have a disaster recovery plan?<br /><ul><li>What form does it take, and what scenarios does it cover?</li></ul>Are you concerned about the unauthorised deployment of Cloud applications?<br /><ul><li>The risk of a ‘viral’ cloud is real, and may be hard to detect
  44. 44. Do you have a Cloud computing policy?</li></li></ul><li>5. The key considerations for organisations: <br />Cost<br />Know the TCO over the expected life-span of the system<br />Do not exclude on-premises (Private Cloud, or traditional hosted) if these options exist<br />Compare on like-for-like basis<br />Illustrative example only<br />
  45. 45. 5. The key considerations for organisations:<br />Commercial, legal and contractual<br />
  46. 46. 5. The key considerations for organisations:<br />Commercial, legal and contractual<br />What are your key drivers behind the adoption of Cloud?<br /><ul><li>Drive innovation?
  47. 47. Lower cost?
  48. 48. Increase flexibility?</li></ul>Level of protection under the contract<br /><ul><li>Do the remedies for service outages make commercial sense?</li></ul>What is the cost of seeking legal recourse?<br /><ul><li>If you provider’s contract is in an overseas legal jurisdiction, how practical will it be to seek damages?</li></li></ul><li>5. The key considerations for organisations: <br />Vendor contracts<br />What’s your Cloud contract duration?<br /><ul><li>If this is truly utility Cloud, why commit to a contract for a long period of time? </li></ul>If marketed on ‘per user per month’ pay on that basis. <br /><ul><li>Some request annual pre-payment. You are then the vendor’s banker.</li></ul>Request a copy of the draft contract early<br /><ul><li>The procurement cycle can be time consuming for large projects.
  49. 49. All that effort could be wasted if there is a major sticking point in the contract.</li></ul>Global Cloud providers are reluctant to change standard contracts <br /><ul><li>Standardisation is the cornerstone of Cloud
  50. 50. Some vendors will amend terms if you have large buying influence</li></li></ul><li>5. The key considerations for organisations: <br />Vendor contracts<br />Contract refers to website terms & conditions<br /><ul><li>May extinguish or override your written contract at any time? 
  51. 51. Seek perpetual, fully encapsulated contract that extinguishes any online terms and conditions including the ‘I Accept’ checkbox at logon</li></li></ul><li>5. The key considerations for organisations: <br />Vendor contracts<br />Contract refers to website terms & conditions<br /><ul><li>May extinguish or override your written contract at any time? 
  52. 52. Seek perpetual, fully encapsulated contract that extinguishes any online terms and conditions including the ‘I Accept’ checkbox at logon</li></li></ul><li>5. The key considerations for organisations: <br />Vendor contracts<br />Contract refers to website terms & conditions<br /><ul><li>May extinguish or override your written contract at any time? 
  53. 53. Seek perpetual, fully encapsulated contract that extinguishes any online terms and conditions including the ‘I Accept’ checkbox at logon</li></ul>Purchasing additional subscriptions.<br /><ul><li>Subject to the existing contract or an online contract at the time of purchase? </li></ul>Recourse for non-performance. <br /><ul><li>Is the compensation adequate in the event of non-performance?</li></ul>What warranty exclusions or limitations apply to all services offered. <br /><ul><li>Are these important to your organisation</li></ul>Data transmission encryption standards and methods used<br /><ul><li>Specifically stated? If so, are these standards adequate for your purposes?</li></ul>Right to Audit <br /><ul><li>Do you have the right to request an independent audit of the provider? </li></ul>Jurisdictions <br /><ul><li>Which international jurisdictions apply? </li></li></ul><li>5. The key considerations for organisations: <br />Regulatory<br />The International Accounting Standards Board (IASB) and the US Financial Accounting Standards Board (FASB) Planned changes in reporting off-balance sheet leasing (2012-2013)<br /><ul><li>All leases, regardless of their terms, should be accounted for in a manner similar to how finance leases are treated today.
  54. 54. Definition of annual software subscription as a lease?</li></ul>A spectrum of regulations and standards may apply to your organisations:<br /><ul><li>The Privacy Act 1988
  55. 55. Corporations Act 2001
  56. 56. Australian Standard AS ISO 15489 - Records Management
  57. 57. Australian Prudential Regulation Authority
  58. 58. … and more ….</li></li></ul><li>5. The key considerations for organisations: <br />Governance: The ‘Viral’ Cloud<br />A viral Cloud is characterised by a localised initial installation of a Cloud system (approved or otherwise!). <br /><ul><li>Additional subscriptions gradually purchased for others outside of the initial user pool to approve workflows, access documents, process information etc.</li></ul>The low barrier to entry could mask the potential for additional cost, unmitigated risk and breach of minimum governance standards.<br />A leading Australian University experienced an unauthorised deployment of a Cloud system that was funded from one Faculty’s discretionary budget, as it fell within their prevailing local discretionary expenditure approval limits. This was only noticed when data integrity issues within their core student enrolments databases started occurring.<br />
  59. 59. 5. The key considerations for organisations: <br />Governance: Change and version Control<br />You get to take what is given …..<br />
  60. 60. 6. Cloud – The future is now<br />Cloud technology, as with any other innovation, has the potential to do things cheaper, faster and better.<br />Cloud has the potential to be a real game changer for the astute<br />Deliberately define your strategy now:<br /><ul><li>Be an early adopter, or
  61. 61. A fast follower, and leap-frog the early adopters be capitalising on their experiences</li></ul>To achieve the real benefits of Cloud technologies, understand:<br /><ul><li>the true cost
  62. 62. the value
  63. 63. the risk
  64. 64. when to buy
  65. 65. what to buy, and
  66. 66. when to exit the technology and/or switch horses.</li></li></ul><li>E:rob@rob-livingstone.com<br />P: +61 2 8005 1972<br />M : +61 419 632 673 <br />F: +61 2 9879 5004<br />© All rights reserved. Unauthorised redistribution not without prior approval<br />7. Discussions and questions<br />

×