Emerging Technology Challenges and Solutions for Internal Audit and Compliance<br />Danny Miller, CISA, CGEIT, CRISC, ITIL...
Topics<br />Current Technology Landscape<br />Emerging Technology<br />Cloud computing<br />Mobile computing<br />Cybersec...
Current Technology Landscape<br />On-premise hardware, software, and management<br />Support may be on-shore, near-shore o...
Current Technology Landscape (continued)<br />Localized processes and controls<br />Prompt remediation when required<br />...
Current Technology Landscape (continued)<br />Challenges/benefits<br />It's expensive and requires a lot of overhead<br />...
Emerging Technology Trends<br />Spending on public IT cloud services will grow at more than five times the rate of the IT ...
Emerging Technology<br />Cloud computing<br />Saas, PaaS, IaaS, DaaS<br />Mobile computing<br />Mobile platforms that are ...
Emerging Technology Platforms (continued)<br />Models of Cloud:<br /><ul><li>Software as a Service(SaaS)
Software applications delivered over the Internet
Platform as a Service (PaaS)
Full or partial operating system/development environment delivered over the Internet
Infrastructure as a Service (IaaS)
Computer infrastructure delivered over the Internet
Desktop as a Service (DaaS)
Virtualization of desktop systems serving thin clients, delivered over the Internet or a private Cloud</li></ul>Types of C...
Shared computer resources provided by an off-site third-party provider
Private
Dedicated computer resources provided by an off-site third-party or use of Cloud technologies on a private internal network
Hybrid
Consisting of multiple public and private Clouds</li></li></ul><li>Emerging Technology Platforms (continued)<br />Public C...
Emerging Technology Platforms (continued)<br />Cloud computing – Hybrid cloud<br />
Emerging Technology Platforms (continued)<br />Mobile computing<br />
Emerging Technology Platforms (continued)<br />Mobile computing is:<br />Wireless<br />Utilizes tablet platforms and smart...
Potential New IA Complexity<br />Cloud computing<br />Availability & performance<br />Business continuity<br />Cybersecuri...
Potential New IA Complexity (continued)<br />Cloud computing (continued)<br />Compliance<br />FISMA<br />HIPAA<br />SOX<br...
Potential New IA Complexity (continued)<br />Mobile computing<br />Security (physical and virtual)<br />Data ownership<br ...
Potential New IA Complexity (continued)<br />Mobile computing<br />WiFi/4G security<br />Surveillance and access control<b...
Solutions<br />Cloud computing<br />Demand good security in the contract with provider<br />Have a "return of data" plan a...
Upcoming SlideShare
Loading in …5
×

2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)

424 views

Published on

Emerging Technology - Risks and Challenges

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
424
On SlideShare
0
From Embeds
0
Number of Embeds
8
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)

  1. 1. Emerging Technology Challenges and Solutions for Internal Audit and Compliance<br />Danny Miller, CISA, CGEIT, CRISC, ITIL, QSA<br />Principal<br />
  2. 2. Topics<br />Current Technology Landscape<br />Emerging Technology<br />Cloud computing<br />Mobile computing<br />Cybersecurity<br />Potential IA Complexities<br />Solutions<br />What’s Next?<br />
  3. 3. Current Technology Landscape<br />On-premise hardware, software, and management<br />Support may be on-shore, near-shore or off-shore<br />
  4. 4. Current Technology Landscape (continued)<br />Localized processes and controls<br />Prompt remediation when required<br />Clear data ownership<br />Straightforward compliance approach<br />
  5. 5. Current Technology Landscape (continued)<br />Challenges/benefits<br />It's expensive and requires a lot of overhead<br />Difficult to scale and react quickly<br />Significant embedded cost structure<br />Inflexible to meet business need<br />Easier to maintain audit trail<br />
  6. 6. Emerging Technology Trends<br />Spending on public IT cloud services will grow at more than five times the rate of the IT industry in 2011-2012<br />Enterprise IT planners begin to include cloud-computing expertise in some of their job searches to be prepared for the projects of the short-term and mid-term future<br />Hosted private clouds will outnumber internal clouds 3:1…But service providers have been incrementally ready. <br />Cloud management and monitoring will fuel enterprise cloud adoption <br />32% of CIOs expect virtualization to be their top investment in 2011<br />
  7. 7. Emerging Technology<br />Cloud computing<br />Saas, PaaS, IaaS, DaaS<br />Mobile computing<br />Mobile platforms that are blurring the line between a hand-held and complex computing<br />Data analytics<br />Master Data Management<br />Cybersecurity<br />Trends<br />
  8. 8. Emerging Technology Platforms (continued)<br />Models of Cloud:<br /><ul><li>Software as a Service(SaaS)
  9. 9. Software applications delivered over the Internet
  10. 10. Platform as a Service (PaaS)
  11. 11. Full or partial operating system/development environment delivered over the Internet
  12. 12. Infrastructure as a Service (IaaS)
  13. 13. Computer infrastructure delivered over the Internet
  14. 14. Desktop as a Service (DaaS)
  15. 15. Virtualization of desktop systems serving thin clients, delivered over the Internet or a private Cloud</li></ul>Types of Clouds<br /><ul><li>Public
  16. 16. Shared computer resources provided by an off-site third-party provider
  17. 17. Private
  18. 18. Dedicated computer resources provided by an off-site third-party or use of Cloud technologies on a private internal network
  19. 19. Hybrid
  20. 20. Consisting of multiple public and private Clouds</li></li></ul><li>Emerging Technology Platforms (continued)<br />Public Cloud <br />Private Cloud <br />
  21. 21. Emerging Technology Platforms (continued)<br />Cloud computing – Hybrid cloud<br />
  22. 22. Emerging Technology Platforms (continued)<br />Mobile computing<br />
  23. 23. Emerging Technology Platforms (continued)<br />Mobile computing is:<br />Wireless<br />Utilizes tablet platforms and smartphones<br />Internet-based<br />Communication via 4G and WiFi<br />Scaled applications<br />
  24. 24. Potential New IA Complexity<br />Cloud computing<br />Availability & performance<br />Business continuity<br />Cybersecurity<br />Data encryption<br />Privacy (especially in Healthcare & Life Sciences)<br />
  25. 25. Potential New IA Complexity (continued)<br />Cloud computing (continued)<br />Compliance<br />FISMA<br />HIPAA<br />SOX<br />PCI DSS (card payments)<br />EU Data Protection Directive, et al.<br />
  26. 26. Potential New IA Complexity (continued)<br />Mobile computing<br />Security (physical and virtual)<br />Data ownership<br />Service interruption and recovery<br />Data archiving<br />Availability<br />
  27. 27. Potential New IA Complexity (continued)<br />Mobile computing<br />WiFi/4G security<br />Surveillance and access control<br />Availability<br />Data ownership and recovery<br />Auditability<br />Bluetooth “hijacking”<br />AIDC<br />
  28. 28. Solutions<br />Cloud computing<br />Demand good security in the contract with provider<br />Have a "return of data" plan at end of contract<br />Know where the data is and who has access<br />Deploy a layered security architecture<br />Assess and inventory risks<br />Conduct annual security policy audits<br />Deploy and authenticate user credentials<br />Encrypt all stored data (P2P encryption)<br />Actively manage passwords and segregation of duties<br />Implement layered firewalls<br />
  29. 29. Solutions (continued)<br />Mobile computing<br />Encrypt all WiFi access<br />Clarify data ownership<br />Implement service interruption plan<br />Disable Bluetooth communications<br />Deploy device specific security software<br />Encrypt all communications<br />
  30. 30. What’s Next?<br />Distributed computing (the Cloud)<br />Cybersecurity & Privacy focus<br />Virtualization<br />Advanced IA tools<br />Analytics<br />Provenance engines<br />Enhanced hardware firewalls<br />Advanced encryption technology<br />New data segregation and security standards<br />Secure digital communications<br />Standards such as ITIL, COBIT and PCI are integrating and are now complimentary<br />
  31. 31. What’s Next? (PCI Data Security Standards v2.0)<br />
  32. 32. What’s Next? (PCI Data Security Standards v2.0)<br />
  33. 33. What’s Next? (PCI Data Security Standards v2.0)<br />
  34. 34. What’s Next? (Enterprise Master Data Management)<br /><ul><li> Companies are awash in data, but which data is the right data to use? Data grows by 50%+ each year.
  35. 35. Company leadership needs "one version of the truth" on dashboards, reports and in analytical datasets.
  36. 36. Internal Audit and Compliance departments should be concerned about controls, availability, integrity and quality of data.
  37. 37. Conceptually:
  38. 38. Data and information are valuable corporate assets and should be treated as such
  39. 39. Data must be managed carefully and should have quality, integrity, security and availability addressed.</li></li></ul><li>What’s Next? (Enterprise Master Data Management)<br />MDM is the management of an institution’s fundamental data that is shared across multiple business units, everything from project budgets to donor contacts to employee contact information. You can think of master data as all of the enterprise data (people, places, things and activities) that the institution needs to conduct its business. <br />The goal of MDM, consequently, is to ensure the accuracy, consistency and availability of this data to the various business users.<br />We believe that all organizations would benefit greatly from creating a strategy for MDM and implementing an MDM program in light of its current state and an organization's future data and information needs.<br />
  40. 40. What’s Next? (Enterprise Master Data Management)<br />Table 1: Scope of Data Management<br />
  41. 41. What’s Next? (Data Governance Activities)<br /><ul><li>Establish institutional data standards
  42. 42. Identify and resolve data disputes
  43. 43. Implement necessary changes to data standards and policies
  44. 44. Communicate actions to the organization as appropriate
  45. 45. Ensure accountability of institutional data policies and standards
  46. 46. Escalate issues to Governance Team as necessary</li></li></ul><li>Questions?<br />
  47. 47. Emerging Technology Challenges for Internal Audit and Compliance<br />Danny Miller, CISA, CGEIT, CRISC, ITIL, QSA<br />National Solutions Lead – Cybersecurity<br />Regional Solutions Lead – Business Consulting<br />Principal, Grant Thornton LLP<br />Danny.Miller@us.gt.com<br />http://grantthornton.com/<br />

×