Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cloud Security: Bringing CLARITY to Common Myths and Misconceptions


Published on

Want to get some CLARITY on common myths and misconceptions about Cloud ERP system?

Read this whitepaper to find out what really is and isn’t a security issue in the Cloud.

Who should read this–CEOs, CFOs, CIOs and Finance & Accounting and Info Tech executives and managers considering a new ERP system, especially one in the Cloud

Top 3 things you’ll learn:
1. What the top myths and misconceptions are of Cloud security
2. The top 10 questions you should ask your potential Cloud ERP provider
3. What the value proposition is of combining a Cloud-based ERP with finance & accounting outsourcing services

  • Be the first to comment

  • Be the first to like this

Cloud Security: Bringing CLARITY to Common Myths and Misconceptions

  1. 1.    Finance  and  Accounting  Services     Cloud  Security:   Bringing  CLARITY  to  Common  Myths  and  Misconceptions     Table  of  Contents     Introduction             2   The  Rise  of  Cloud  Computing             3   Physical  Location           4   Transmission             4   Access  Security             5   Security  From  Disaster           6   The  New  Reality  of  Cloud  ERP  Solutions       6   Security  Checklist           7   CLARITY  es:  Cloud-­‐Hosted  –Microsoft  Powered                             8   Sutherland  Global–A  Practical  Overview                              10   Contact  Information                                                            10     About  Sutherland  Global  Services                              11             Authors:   Dan  McCue,  Senior  Vice  President,  Finance  &  Accounting,  Sutherland  Global  Services   Bill  Burke,  CEO,  Merit  Solutions   Cloud  Security:  Bringing  CLARITY  to  Common  Myths  and  Misconceptions  ©  2012  Sutherland  Global  Services.   Page  1
  2. 2. Introduction  Companies  in  today’s  economic  environment  are  all  facing  the  age-­‐old  business  conundrum:  how  can  we  do  more  with  less?  To  help  improve  capacity  but  drive  down  costs,  organizations  are  increasingly  turning  to  cloud-­‐based  technologies.    Cloud-­‐based  Enterprise  Resource  Planning  (ERP)  can  be  deployed  quickly,  minimizes  the  initial  investment,  reduces  the  Total  Cost  of  Ownership  (TCO)  and  offers  seamless  upgrades.  Although  many  CEOs,  CFOs,  CIOs  and  key  stakeholders  look  to  cloud  computing  to  help  realize  tremendous  savings,  there  are  concerns  about  cloud-­‐based  data  solutions.  In  the  age  of  cyber  attacks  and  the  seemingly  ever-­‐growing  list  of  online  security  threats,  senior  executives  worry  about  the  safety  of  their  cloud-­‐based  information.  Physical  location,  data  transmission,  access  security  and  disaster  recovery  represent  the  four  top-­‐of-­‐mind  security  concerns.  This  white  paper  will  look  at  some  of  the  key  aspects  of  cloud  security  and  examine  some  of  the  myths  and  misconceptions.  Research  also  shows  that  while  senior  executives  are  apprehensive  about  cloud-­‐based  security,  only  a  small  percentage  conduct  due  diligence  on  their  providers.  This  white  paper  also  includes  a  checklist  of  10  questions  that  SMBs,  mid-­‐market  companies  and  large  organizations  should  ask  their  potential  providers.Cloud  Security:  Bringing  CLARITY  to  Common  Myths  and  Misconceptions  ©  2012  Sutherland  Global  Services.   Page  2
  3. 3. The  Rise  of  Cloud  Computing  A  2011  survey  by  CDW  found  that  28%  of  US-­‐based  organizations  are  using  cloud  computing  today,  and  73%  of  those  organizations  took  their  first  step  by  implementing  a  single  cloud  application.  Interestingly,  the  vast  majority  of  the  survey  respondents  (84%)  say  they  “have  already  employed  at  least  one  cloud  application.”  So,  in  essence,  there  are  a  lot  of  first  steps  being  taken,  and  wider  cloud  adoption  is  foreseeable.    There’s  no  doubt  the  cloud  is  garnering  attention  as   Top  5  Cloud  ERP  Misconceptions  companies  cautiously  explore  cloud  applications.  According  to  an  April  2011  Forrester  Research  report  titled  “Sizing  the   1. With  a  cloud  ERP  solution,  our  data  Cloud”  the  global  cloud  computing  market  is  estimated  to   isn’t  as  secure  as  it  is  onsite.reach  $241  billion  in  2020.  Yet,  despite  the  rise  of  cloud   2. Cloud  ERP  solutions  provide  only  basic  computing,  there  are  a  number  of  misconceptions  floating   ERP  functionality.  around,  with  security  at  the  top  of  the  list.   3. Cloud  ERP  solutions  can’t  be     customized.  As  companies  transition  from  low-­‐risk  “testing  the  waters”  to   4. It’s  difficult  to  integrate  cloud  ERP  taking  the  plunge  with  cloud  ERP  for  more  mission-­‐critical   systems  with  other  systems.    functions  like  Finance  and  Accounting,  the  issue  of  cloud   5. If  the  Internet  goes  down,  the  business  security  is  inevitable.  The  question  most  often  asked  is,     goes  down.“Just  how  secure  is  our  data?”        It’s  a  legitimate  question.  It  was  only  a  few  short  years  ago  that  cloud-­‐based  ERP  systems  were  the  exception  rather  than  the  norm  for  most  companies.  The  idea  of  not  having  all  data,  infrastructure,  software  and  hardware  on-­‐site  was  new,  intriguing  and  fraught  with  concerns.  Entrusting  private  business  data  and  applications  to  an  outside  hosting  service  made  (and  continues  to  make)  some  organizations  uncomfortable.      Despite  the  cloud’s  shift  into  the  mainstream,  security  and  compliance  still  top  the  list  of  apprehensions  inhibiting  cloud  adoption.  Some  of  this  apprehension  is  caused  in  part  by  confusion  around  a  lack  of  industry  standards;  expectations  and  definitions  of  security  can  vary  from  industry  to  industry.  Different  regions  and  countries  are  subject  to  different  data  protection  policies  and  legislation  that  could  compromise  data  privacy.  Companies  need  to  conduct  due  diligence  on  their  prospective  cloud  providers.    Data  security  and  privacy  issues  are  very  real  concerns  no  matter  whether  SMBs  implement  a  cloud  ERP  solution  or  on-­‐premise  ERP.  Both  require  knowledge  of  data:  which  data  is  sensitive,  the  degree  of  sensitivity  and  the  protocols  required  to  protect  it.  Yet,  the  pervasive  myth  that  cloud-­‐based  ERP  simply  isn’t  as  secure  as  on-­‐premise  solutions  continues  to  linger.  The  myth  persists  based  on  four  misconceptions  about  the  security  of  physical  location,  transmission,  access  security,  and  disaster  security.    Cloud  Security:  Bringing  CLARITY  to  Common  Myths  and  Misconceptions  ©  2012  Sutherland  Global  Services.   Page  3
  4. 4. Physical  Location  The  Misconception:  A  cloud-­‐based  solution  is  nebulous  and  can’t  be  secured.    The  Reality  Cloud  computing  is  new,  unknown  and  eyed  suspiciously.  It  has  the  appearance  of  being  risky  because  you  cannot  secure  its  perimeter—where  are  a  cloud’s  boundaries?    A  May  2010  study  by  the  Ponemon  Institute  found  that  IT  professionals  believed  security  risks  were  more  difficult  to  curtail  in  the  cloud,  including  securing  the  physical  location  of  data  assets  and  restricting  privileged  user  access  to  sensitive  data.  Yet,  as  CIO  Magazine  pointed  out:  “…respondents  only  gave  the  on-­‐premise  alternative  a  56%  positive  rating!  In  other  words,  nearly  half  the  respondents  believe  that  their  own  internal  data  centers  do  not  do  a  good  job  of  securing   1the  physical  environments  of  their  data  centers.”  The  reality  is  that  often  on-­‐premise  ERP  security  does  not  measure  up  to  the  same  standards  as  a  world-­‐class  data  state-­‐of-­‐the-­‐art  facility.    An  ideal  data  center  should  be  secure,  free  of  windows,  and  built  with  cement  or  steel  fortifications  with  24/7  on-­‐site  security.  Most  SMB  IT  departments  reside  in  a  department  or  on  a  floor  of  commercial  buildings  and  office  towers,  which  rarely  have  these  conditions.  In  comparison,  the  CLARITY  es  data  centers  are  housed  in  multi-­‐million  dollar  facilities  with  building  fortifications.  The  main  data  center  is  housed  underground  in  a  facility  that  is  designed  to  withstand  an  8.3  magnitude  earthquake.  The  data  centers  also  have  24/7/365  security,  monitored  by  staff  as  well  as  security  guards.  Transmission  Misconception:  Cloud-­‐based  solutions  are  more  vulnerable  to  hacking  and  other  attacks.  The  Reality  SMBs  typically  invest  in  hardware,  software  and  applications  to  thwart  specific  security  challenges:  spam,  security  breaches,  malware,  non-­‐compliance,  and  so  forth.  Unfortunately,  many  of  these  products  have  limited  life  cycles,  are  difficult  to  scale  and,  from  a  security  point  of  view,  often  only  produce  single  points  of  failure.  Additionally,  the  latest  technologies  to  scramble  and  encrypt  data  –  RSA,  Secure  Socket  Layer  (SSL),  Data  Encryption  Standard  (DES),  or  Triple  DES,  etc.  –  can  quickly  drain  SMB  IT  budgets.  With  traditional  licensed  ERP  software,  organizations  typically  must  wait  for  the  next  release  to  benefit  from  the  latest  features,  upgrades,  or  security  patches.  Sometimes  limited  resources  can  mean  that  upgrades  aren’t  always  deployed  in  a  timely  manner.  In  fact,  two-­‐thirds  of  mid-­‐size  businesses  are  running  outdated  versions  of  their  ERP  software2.  This  can  leave  these  companies  vulnerable.   1  Golden,  Bernard.  "Cloud  Computing  Security:  ITs  Take  on  State  of  Play."  CIO  Magazine.  N.p.,  17  May  2010.  Web.   2  "Why  Cloud  Computing  Matters  to  Finance,"  Ron  Gill,  CMA,  CFM:  Strategic  Finance,  January  2011.  Cloud  Security:  Bringing  CLARITY  to  Common  Myths  and  Misconceptions  ©  2012  Sutherland  Global  Services.   Page  4
  5. 5. Under  the  SaaS  (Software  as  a  Service)  delivery  model  that  forms  the  basis  of  cloud  ERP,  the  provider  continuously  and  unobtrusively  adds  the  latest  features  and  upgrades,  which  means  that  users  can  be  assured  that  they’re  actually  using—rather  than  waiting  for—the  latest  security  technology.  By  their  very  nature,  external  applications  like  cloud-­‐based  technologies  must  adopt  a  “trust  no  one”  approach.  Layers  of  security  controls,  encryption  of  all  sensitive  data  and  security  testing  at  the  application  level,  as  well  as  countless  other  safeguards  are  necessary  for  cloud  security.  A  world-­‐class  cloud  ERP  provider  will  perform  rigorous  internal  vulnerability  scans,  log  threats,  and  are  audited  for  SSAE  16  (formerly  SAS  70  Type  II)  compliance.  Data  is  fully  secured,  both  in  transmission  and  at  rest.  For  example,  CLARITY  es  runs  on  a  Microsoft  Dynamics  AX  platform.  It  uses  the  RPC_C_AUTHN_LEVEL_PKT_PRIVACY  call,  which  provides  the  highest  security  level  available  through  a  remote  procedure  call  (RPC).  There  are  no  software  or  hardware  purchases,  and  updates  are  seamless.  Access  Security  The  Misconception:  An  on-­‐premise  solution  offers  more  security  over  who  may  access  information.    The  Reality  The  myth  that  a  cloud  solution  simply  cannot  be  as  secure  as  an  on-­‐premise  solution  has  very  much  to  do  with  the  notion  of  “seeing  is  believing.”  Often  companies  feel  more  in  control  of  their  data  when  it  resides  under  their  own  roof.    When  ERP  is  on-­‐site,  it  is  the  sole  responsibility  of  the  IT  department  to  authenticate  and  log  all  access  to  data  in  order  to  prevent  unwanted  users,  both  internal  and  external,  from  accessing  information  or  resources.  Access  security  for  on-­‐premise  ERP  systems  may  be  enforced  through  business  logic  or  at  the  database  layer.  This  authenticates  users  and  provides  them  with  specific  rights  to  data  objects.    For  example,  a  payroll  clerk  would  only  have  access  to  payroll  data,  not  customer  records.  A  cloud-­‐based  ERP  is  no  different.  With  CLARITY  es,  you  control  access  to  data  throughout  by  managing  security  restrictions  on  forms,  records  and  data  fields  for  specific  user  groups  and  domains,  and  define  and  assign  rights  according  to  how  you  want  security  restrictions  managed.  As  well,  because  CLARITY  es  is  a  single-­‐tenant  environment  there  is  no  risk  of  data  being  inadvertently  exposed  to  other  users  due  to  poor  implementation  of  the  access  management  process.  While  a  secure  cloud  ERP  system  doesn’t  increase  the  vulnerability  of  your  business  data,  authenticated  users  have  “anywhere,  anytime,  any  device”  access,  which  is  a  tremendous  advantage  for  global  collaboration,  monitoring  and  managing.  Cloud  Security:  Bringing  CLARITY  to  Common  Myths  and  Misconceptions  ©  2012  Sutherland  Global  Services.   Page  5
  6. 6. Security  From  Disaster  Misconception:  It’s  better  to  handle  backups  internally  to  be  able  to  access  data  more  quickly  in  case  of  a  disaster.    The  Reality  Companies  must  examine  how  often  they  back  up  data  and  where  the  backups  are  the  stored.  SMBs  looking  to  third-­‐party  back-­‐up  systems  and  business  continuity  facilities  must  thoroughly  examine  the  security  standards  that  are  in  place.  The  truth  of  the  matter  is  that  SMBs  need  to  invest  in  a  rigorous  program  for  data  backups  with  offsite  storage  in  a  secure  location  separate  from  the  main  data  center.    Key  questions  to  ask  before  choosing  an  external  backup  partner  include:  Does  the  third-­‐party  data  recovery  service  abide  by  recognized  security  standards  and  compliance  requirements?  What  happens  if  there  is  a  power  failure?  How  long  will  my  data  be  kept?  Cloud-­‐based  solutions,  like  CLARITY  es,  ensure  full  nightly  backups,  which  are  stored  in  an  off-­‐site  location  and  are  maintained  for  seven  years.  As  well,  the  data  centers  have  multiple  power  sources  and  redundant  incoming  lines  provisioned  in  an  N+1  configuration  for  continuous  power.    The  New  Reality  of  Cloud  ERP  Solutions  Traditional  and  cloud  ERP  share  many  of  the  same  security  issues,  from  preventing  unauthorized  access  to  safe  and  secure  backups.  As  the  “new  kid  on  the  block”,  cloud  technology  is  unfamiliar  and  not  fully  trusted.  SMBs  that  adopt  a  cloud-­‐based  ERP  solution,  like  CLARITY  es,  find  that  security  is  actually  improved.  Unlike  large  enterprise  companies,  SMBs  usually  don’t  have  the  high  security  infrastructure,  processes  or  best  practices  knowledge  readily  on  hand.  In  the  case  of  cyber  attacks,  cyber  espionage,  malware,  human  error  and  disasters,  cloud-­‐based  service  providers  have  higher  levels  of  security.    Microsoft  released  research  in  May  of  2012,  that  verified  the  significant  IT  security  advantages  from  using  the  cloud.  One  of  the  most  interesting  facts  to  emerge  from  the  survey  was  that  "35  percent  of  US   3companies  surveyed  have  experienced  noticeably  higher  levels  of  security  since  moving  to  the  cloud."  Security  is  always  a  top  concern  for  companies,  but  it’s  time  to  put  to  cut  through  the  fog,  and  bring  a  little  clarity  to  the  situation:  Cloud  ERP  systems  and  the  data  they  contain  are  as  secure,  if  not  more  secure  than  traditional  ERP  systems.   3  Microsoft.  News  Center.  Cloud  Computing  Security  Benefits  Dispel  Adoption  Barrier  for  Small  to  Midsize  Businesses.   14  May  2012.  Web.  Cloud  Security:  Bringing  CLARITY  to  Common  Myths  and  Misconceptions  ©  2012  Sutherland  Global  Services.   Page  6
  7. 7. Security  Checklist  CompTIAs  9th  Annual  Information  Security  Trends  survey  of  U.S.  executives  with  IT  responsibilities  reported  that  only  29%  of  organizations  report  conducting  a  heavy  review  of  their  cloud  service  providers  security  policies,  procedures  and  capabilities.  SMBs  must  vet  their  cloud  providers  by  conducting  due  diligence  and  asking  for  proof  of  physical  audits  and  physical  access  controls.  Here  are  10  questions  you  can  ask  your  provider.  1.)  What  is  your  privacy  policy?  Your  potential  solution  provider  should  have  a  well-­‐defined  and  clearly  articulated  privacy  policy  that  spells  out  exactly  who  has  access  to  various  types  of  information.  It  should  also  describe  the  organization’s  standard  operating  policies  and  procedures  for  ensuring  privacy.  Your  prospective  vendor  should  voluntarily  provide  you  with  a  copy  of  this  policy  information.    2.)  What  level  of  security  do  you  use  to  ensure  the  safety  and  integrity  of  critical  data?  To  safeguard  your  data  onsite,  your  prospective  solution  provider  should  use  a  combination  of  intrusion  detection  system  (IDS)  and  intrusion  prevention  system  (IPS)  products  and  apply  antivirus  at  various  network  layers.  It  should  also  utilize  deep  packet  inspection  (DPI)  or  an  application-­‐level  firewall  technology  that  scans  all  levels  of  packet  transmission.  Finally,  it  should  also  use  secure  socket  layer  (SSL)  or  https-­‐encrypted  transmission  to  ensure  Internet  security.  3.)  Is  your  production  equipment  housed  in  a  state-­‐of-­‐the-­‐art  facility?  Your  prospective  vendor’s  data  center  should  be  secure,  free  of  windows,  and  built  with  cement  or  steel  fortifications.  It  should  also  be  located  somewhere  that  is  not  prone  to  inclement  weather.  4.)  What  are  your  facility’s  physical  security  arrangements?  Are  they  in  place  24  hours  a  day,  seven  days  a  week,  and  365  days  a  year?  Similar  to  its  privacy  policy,  your  potential  hosted  ERP  solution  provider  should  have  well-­‐defined  and  robust  security  arrangements  that  are  in  place  at  all  times.  5.)  Do  you  contract  with  an  independent,  third-­‐party  organization  to  conduct  periodic  external  and  internal  vulnerability  scans?  In  addition  to  maintaining  an  intrusion  response  system  and  a  prepared  response  plan,  your  prospective  solution  provider  should  frequently  commission  both  routine  and  unannounced  security  audits.  6.)  How  often  do  you  back  up  data,  and  where  are  the  backups  stored?  Your  potential  hosting  provider  should  have  in  place  a  rigorous  program  of  data  backup  and  offsite  storage  in  a  secure  location  remote  from  its  main  data  center.        Cloud  Security:  Bringing  CLARITY  to  Common  Myths  and  Misconceptions  ©  2012  Sutherland  Global  Services.   Page  7
  8. 8. 7.)  Do  you  offer  full  hardware  redundancy  to  avoid  the  negative  consequences  of  a  power  failure?  Your  prospective  solution  provider’s  data  center  and  backup  location  should  have  redundant  power  supplies,  such  as  battery  and  diesel  generator  backups,  to  avoid  the  negative  consequences  associated  with  a  power  failure.  8.)  Does  your  staff  include  a  highly  qualified  operations  team  that  monitors  the  site  24  hours  a  day,  365  days  a  year?  Your  prospective  vendor  should  have  on  staff  many  certified  security  experts,  including  those  with  the  preferred  CISSP  designation.  9.)  Is  my  data  stored  in  a  multi-­‐tenant  or  single  tenant  environment?  A  multi-­‐tenant  cloud-­‐based  ERP  is  a  set  of  pooled  computing  resources,  shared  among  many  different  organizations  (tenants).  In  short,  various  organizations  share  the  same  database.  In  a  single  tenant  environment,  customers  operate  with  their  own  individual  database.  It  is  our  belief  that  an  isolated  single  tenant  environment  best  maximizes  performance,  security,  privacy  and  integration.  10.)  How  safe  is  your  data  center  in  terms  of  natural  disasters?  Your  potential  provider  should  be  prepared  for  any  number  of  natural  disasters.  In  addition  to  a  windowless,  cement  building  with  steel  fortifications,  the  provider  should  have  multiple  power  sources  and  redundant  incoming  lines  provisioned  in  an  N+1  configuration  for  continuous  power.  For  example,  our  main  data  center’s  backup  generators  can  power  a  city  of  25,000  people  -­‐  which  allows  us  to  go  off  grid  for  28  days  without  water,  electricity,  sewer,  or  natural  gas  feeds.  CLARITY  es:  Cloud-­‐Hosted  –Microsoft-­‐Powered  The  ERP  platform  of  the  CLARITY  es  solution  is  cloud-­‐hosted  and  powered  by  Microsoft  Dynamics  AX,  considered  by  Gartner  as  a  market  leader.  The  cloud-­‐hosting  ensures  rapid  implementation  and  low  up-­‐front  costs.  CLARITY  es  provides  multiple  customized  portals  and  tailored  solutions  for  all  aspects  of  your  business:   • Finance  &  Accounting   • Procurement   • Human  Capital  Management   • Sales  &  Marketing  (CRM)   • Project  Accounting   • Supply  Chain  Management   • Production  /  Manufacturing   • Business  Intelligence  &  Reporting  CLARITY  es  is  a  composite  and  customizable  solution  with  core  industry-­‐specific  functionalities.  All  elements  of  the  solution  from  application  implementation,  support  and  hosting  to  service  delivery  with  guaranteed  metrics  are  provided  by  Sutherland  Global  Services  –  one  of  the  world’s  largest  pure-­‐play  BPO  service  providers.Cloud  Security:  Bringing  CLARITY  to  Common  Myths  and  Misconceptions  ©  2012  Sutherland  Global  Services.   Page  8
  9. 9. Dynamics  AX  Power  Powerful  Foundation  Gives  You  More  Value  Faster  Pre-­‐built  industry-­‐specific  functionalities  enable  users  to  streamline  mission-­‐critical  business  processes  with  workflow  functionality  and  alerts  that  provide  automatic  notification  of  pending  tasks  and  events.  These  features  provide  management  real-­‐time  visibility  into  critical  business  data  through  customized  dashboards  and  reports.  With  powerful  embedded  business  intelligence  and  analytics,  you  will  be  able  to  run  ad-­‐hoc  reports  rapidly  and  streamline  workflows.  CLARITY  es  Cloud  Advantage  Supply  Chain  CLARITY  es  has  complete  supply  chain  integration  and  is  customizable  to  your  industry  and  business.  Flexible  &  Agile  CLARITY  es  gives  you  flexible  deployment  options,  allowing  you  to  switch  between  the  cloud  and  on-­‐premise  deployment,  implementing  your  solutions  all  at  once  or  in  phases.  This  unified  natural  model  offers  companies  improved  forecasting,  reporting,  and  budgeting  abilities.  Extend  these  models  with  industry-­‐specific  capabilities  as  the  company  evolves.  Web  Access  CLARITY  es  gives  you  anywhere,  anytime  access  with  97.99%  Up  Time.  This  user-­‐centric  platform  provides  access  to  more  people,  including  customers  and  partners,  while  guaranteeing  data  control  maintenance  and  integrity.  You  get  a  dedicated  environment  (not  multi-­‐tenant)  that  replicates  on-­‐premise  configuration,  the  administrative  rights  to  the  servers,  and  a  secure  VPN  access.  Your  data  will  be  available  where  you  need  it,  when  you  need  it.  CLARITY  es  is  certified  SSAE  16  (formerly  SAS  70  Type  II)  compliant.  Simplified  Solution  Drives  Adoption  &  Lowers  Costs  The  interface  is  familiar  and  intuitive,  allowing  for  easy-­‐to-­‐use  collaboration  with  colleagues,  partners,  vendors,  and  customers  using  integrated  email,  instant  messaging,  and  presence  information  through  unified  communications.      Cloud  Security:  Bringing  CLARITY  to  Common  Myths  and  Misconceptions  ©  2012  Sutherland  Global  Services.   Page  9
  10. 10. Sutherland  Global  –  A  Practical  Overview  Structure   • Globally  distributed  delivery  capacity  and  domain  capability   • The  Deloitte-­‐established  Tulsa  FAO  Centre  of  Excellence  has  been  servicing   clients  since  1995   • Strategic  global  locations  designed  to  satisfy  SSAE  16  (formerly  SAS  70  Type  II)  standards   and  Sarbanes-­‐Oxley  requirements  Capability   • Full  suite  of  BPaaS  services  –  transaction  processing  to  financial  and   management  reporting   • Integrated  analytics  to  support  Collections,  Financial  Planning  and  Analysis  functions   • Onshore,  offshore  and  hybrid  solutions  tailored  to  meet  client-­‐specific  needs  Expertise   • Dedicated  team  experienced  in  business  transformation,  process  optimization   and  transition  services   • Expertise  in  utilizing  existing  client  applications  and/or  SGS-­‐hosted  ERP  systems   • Robust  set  of  add-­‐on  technologies  supported  by  in-­‐house  application  management  team  Flexibility   • Custom-­‐crafted  Pricing  and  Commercial  Structure  aligned  to  client  needs  and  objectives   • Output/Outcome  Based  Pricing  and  No  Termination  penalties        If  you  would  like  to  continue  the  conversation  and  get  information  about  our  CLARITY  es  offering  please  contact:  +1-­‐800-­‐388-­‐4557    Cloud  Security:  Bringing  CLARITY  to  Common  Myths  and  Misconceptions  ©  2012  Sutherland  Global  Services.   Page  10
  11. 11.  About  Sutherland  Global  Services  Sutherland  Global  Services  is  a  multi-­‐national  technology-­‐enabled  business  process  outsourcing  (BPO)  services  company  providing  a  unique  combination  of  vast  BPO  resources  as  well  as  extensive  expertise  and  industry  knowledge  in  Finance  and  Accounting.  We  help  you  build  a  high-­‐performance  finance  organization  by  combining  accounting  best  practices  with  proven  BPO  processes.  Our  global  service  delivery  infrastructure  and  full  range  of  outsourcing  solutions  –  from  specific  transactional  processes  to  controller  and  compliance  functions  –help  you  reduce  costs  while  gaining  better  visibility  and  control  of  financial  processes  and  data.  All  of  our  finance  and  accounting  engagements  are  led  by  our  Controllership  &  Management  Center,  based  in  Tulsa,  Oklahoma.  Our  strategy  quickly  improves  your  F&A  operations  by  adapting  a  set  of  standardized  processes  and  using  technology  and  automation  to  improve  efficiency.  We  begin  by  analyzing  your  existing  accounting  workflows,  then  we  design  an  outsourcing  solution  based  on  your  business  objectives  and  available  resources.  Ongoing  processes  are  transferred  to  our  organization.  Once  this  transition  is  complete,  we  follow  through  to  ensure  flawless  service  delivery.        The  Result:  You  gain  access  to  higher  quality,  more  complete  financial  information  to  support  effective  tactical  and  strategic  decision-­‐making  across  your  business.  Our  outsourcing  solution  not  only  reduces  the  cost  of  the  finance  function;  it  provides  CFOs  the  opportunity  to  focus  the  organization  on  what  is  strategically  important  to  the  business.            Cloud  Security:  Bringing  CLARITY  to  Common  Myths  and  Misconceptions  ©  2012  Sutherland  Global  Services.   Page  11