Desarack Teso, JD/MBALegal Counsel, Digital Crime Unit
Corporate, External, & Legal Affairs
Today, no enterprise
is an island because of
market force demands
and unprecedented
technology disruptions
Any Channel
WHY? Market Forces
7
Consumers are enjoying the benefits of their digital lifestyle, and expect no less from their employers and
businesses with which they interact
Any Time Any Place
Any Device
Cloud computing
allows enterprises to
focus on value creation,
while delegating
capital-intensive and
hard-to manage
IT infrastructure to
specialists who are the
best in the world
The first key
advantage of cloud
is security
Business Risk #1 -
Cyberthreats
1. Extreme weather events
2. Natural disasters
3. Cyberattacks (#6 in terms of Impact)
4. Data fraud and theft
5. Failure of climate-change mitigation and
adaptation
6. Large-scale involuntary migration
7. Man-made environmental disasters
8. Terrorist attacks
9. Illicit trade
10. Asset bubbles in a major economy
Top 10 risks in terms of Likelihood
Nearly all successful
cyber-attacks start from
avoidable human
errors made by
employees
(or business partners)
A trusted cloud
provider must
respect….
Business Risk #2 -
Build a legal and compliance team and empower it to do the right thing
Cloud providers
make unrivaled
investments in…
Business Risk #3 -
HIPAA /
HITECH ActFERPA
GxP
21 CFR Part 11
Singapore
MTCS
UK
G-Cloud
Australia
IRAP/CCSL
FISC Japan
New Zealand
GCIO
China
GB 18030
EU
Model Clauses
ENISA
IAF
Argentina
PDPA
Japan CS
Mark Gold
CDSAShared
Assessments
Japan My
Number Act
FACT UK GLBA
Spain
ENS
PCI DSS
Level 1MARS-E FFIEC
China
TRUCS
Canada
Privacy Laws
MPAA
Privacy
Shield
India
MeitY
Germany IT
Grundschutz
workbook
Spain
DPA
HITRUST IG Toolkit UK
China
DJCP
ITARSection 508
VPATSP 800-171 FIPS 140-2
High
JAB P-ATOCJIS
DoD DISA
SRG Level 2
DoD DISA
SRG Level 4IRS 1075
DoD DISA
SRG Level 5
Moderate
JAB P-ATO
GLO
BA
LU
.S.
GO
VIN
DU
ST
RY
REG
ION
AL
ISO 27001
SOC 1
Type 2ISO 27018CSA STAR
Self-AssessmentISO 27017SOC 2
Type 2SOC 3ISO 22301
CSA STAR
Certification
CSA STAR
AttestationISO 9001
Source: https://iapp.org/resources/article/the-general-data-protection-regulation-matchup-series/
What is our true purpose as an organization? How do we create more value?
Can we match the best in the world in investments in IT infrastructure to minimize IT risks?
What are the foundation of TRUST if we decide to delegate IT functions (and risks) to a third party?