What in house counsel and the business really want and need from the cloud
Download
1 / 13

What In-house Counsel and the Business Really Want and Need from the Cloud - PowerPoint PPT Presentation


  • 73 Views
  • Uploaded on

What In-house Counsel and the Business Really Want and Need from the Cloud. LEXPERT CLOUD COMPUTING CONFERENCE 2012 CLOUD COMPUTING: A PRACTICAL APPROACH. CHAIR: LISA R. LIFSHITZ – TORKIN MANES.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' What In-house Counsel and the Business Really Want and Need from the Cloud' - papina


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
What in house counsel and the business really want and need from the cloud

What In-house Counsel and the Business Really Want and Need from the Cloud

LEXPERT CLOUD COMPUTING CONFERENCE 2012CLOUD COMPUTING: A PRACTICAL APPROACH

CHAIR: LISA R. LIFSHITZ – TORKIN MANES

PANEL: CHARLES McCARRAGHER – TD BANK PETER NGUYEN – GUESTLOGIX INC.KEN LEDGER – SAVANNA ENERGY SERVICES CORP.

DECEMBER 3, 2012ST. ANDREW’S CLUB AND CONFERENCE CENTRE


Vendor due diligence
VENDOR DUE DILIGENCE from the Cloud

Environment:

  • Selecting a provider

    Challenge:

  • Who is the “real cloud service provider?

  • Where does the cloud “reside”?

    Solutions:

  • You get what you pay for – mom & pop providers vs. institutional providers

  • Ask the question of all new service providers:

    • What element of the service offering is “cloud” based?

    • What does cloud mean to the vendor?


Implementation
IMPLEMENTATION from the Cloud

Environment:

  • Implementing the solution

    Challenge:

  • Rarely turn-key

    Solutions:

  • Data migration

  • Data validation

  • Data feeds

  • Configuration

  • Acceptance testing

  • Association with payment obligations


Identifying needs and wants
IDENTIFYING NEEDS AND WANTS from the Cloud

Environment:

  • Savanna work sites are remote and operate 24/7/365 making Cloud services attractive

  • Different activities have different needs (SaaS, IaaS, mobility, cost)

  • Security, disaster recovery, scheduled outages, QOS requirements change by activity

  • Internal IT resources are fully utilized and cannot address needs of users want lists

    Challenge:

  • Setting up services that are accessible from remote locations cost effectively and timely

    Solutions:

  • Carefully consider needs vs. wants can a Cloud solution work

  • Identify nature of data not nature of application impact from loss of data

  • Focus internal resources on support of solutions with critical data, leverage Cloud for less critical solutions


Misunderstanding standards
MISUNDERSTANDING STANDARDS from the Cloud

Environment:

  • Many providers quote standards, but few people know what these standards mean

  • There is no consistent internal requirement for compliance to any specific standard(s)

    Challenge:

  • Establish a compliance matrix for Cloud solutions

  • Buying decisions follow a vendor selection process defined for in-house software/hardware

    Solutions:

  • Identify the specific standards required:

    • SSAE 16 Type II - attestation

    • CICA 9110 – audit standards

    • ISO 27001 - security

  • Require independent attestation

  • Define a vendor selection process for Cloud services


Access and input
ACCESS AND INPUT from the Cloud

Environment:

  • Access and Input

    Challenge:

  • Meeting the needs of all stakeholders within the enterprise

    Solutions:

  • Tax

  • Litigation

  • Compliance

  • Audit

  • CIO


Governance disclosure
GOVERNANCE & DISCLOSURE from the Cloud

Issue:

  • Cloud services can start small and creep in scope how do you know when a service has gone from a small part of the business to a critical service and who should know

    Challenges:

  • Services can start out small to address a niche problem

  • If successful the solution can grow in scope taking a much more significant role in business systems

  • If a service becomes a critical service do we need to disclose the relationship

    Solution:

  • Define a scale for the proposed services

  • Implement or include Cloud services in your change management processes

  • Review critical suppliers regularly and disclose to the Audit Committee


Recovery and plan b
RECOVERY AND PLAN B from the Cloud

Issue:

  • Cloud services can be highly proprietary and evolve over time

  • Transition back may be difficult or impossible even if the data is recovered

    Challenges:

  • Over time web applications as well as data will evolve, data may not work with original apps

  • Data may not be recoverable from service provider

  • To critical to fail

    Solution:

  • Have access to backup data under your control

  • If a solution is critical identify a second source or backup solution

  • Test backup periodically to make sure it will work


Internal audit
INTERNAL AUDIT from the Cloud

Issue:

  • Need to maintain confidence that Cloud services have not weakened internal controls

  • Need to detect when services have evolved beyond our risk appetite

    Challenges:

  • How do we detect control weaknesses timely or know if a provider is not meeting commitments

    Solution:

  • Consider leveraging internal audit to test vendor compliance

  • Perform walkthroughs of processes identifying where Cloud services fit

  • Use Audit to educate internal departments on the use of Cloud services


Audit rights client
AUDIT RIGHTS - CLIENT from the Cloud

Environment:

  • Audit Rights

    Challenge:

  • Scope and Compliance

    Solutions:

  • the 4 Rs

    • Retention of Records

    • Rights (Audit Scope)

    • Remediation

    • Reimbursement


External audit provider
EXTERNAL AUDIT - PROVIDER from the Cloud

Issue:

  • Ensuring security and establishing credibility

    Challenge:

  • Responding to customer requests for evidence of controls

    Solution:

  • Savannahas opted to get a SSAE16 audit opinion based on controls designed to a COBIT 4 standard. Creates credibility with customers and eliminates several challenges when responding to requests for evidence of controls. Adds credibility in the event of legal challenge by meeting a high standard which has been independently evaluated.


Termination and transition
TERMINATION AND TRANSITION from the Cloud

Environment:

  • When the Cloud Evaporates

    Challenge:

  • Planned Termination vs. Unplanned Termination

    Solutions:

  • Non-cloud contingency plans

  • Transition to a new vendor


Thank you

THANK YOU from the Cloud

CHARLES McCARRAGHERSENIOR LEGAL COUNSEL,TD BANK [email protected]

PETER NGUYENGENERAL COUNSEL & CORPORATE [email protected]

LISA R. [email protected]

KEN LEDGERDIRECTOR RISK [email protected]


ad