managing the cloud revolution
DESCRIPTION
Discover, select, operate and leverage cloud.TRANSCRIPT
Cloud, een revolutie in goede banen leiden.
Maak SharePoint toegankelijk !
1
11 Juni 2013, Amsterdam
Wim Hutten, partner PwC [email protected]
PwC
Discover, select, operate, Leverage
Cloud
2
augustus 2011
PwC
Cloud life cycle, from a user’s perspective
Cloudificating the market
3
Select
Discover Operate
Leverage
PwC
Shifting from Technology to Business
Cloudificating the market
4
Platform as a Service (PaaS)
X-as a Service
Software as a Service (SaaS)
Infrastructure as a Service(IaaS)
Save Money
CIO/CFO
1. Enabling Cloud Infrastructure
Run Better
COO/PO
2. Transforming Business
Operations
Make Money
CEO
3. Monetizing Differentiated
Services
Extend Reach
CMO
4. Energizing Channels &
Communities
Be Agile
What Cloud Is What Cloud Means For Business
B2ITAlignment/Digital Transformation
PwC
What motivates to move to the Cloud?
Cloudificating the market
5
Cost Reduction (SaaS for Support Processes)
Infrastructure Scalability
Strengthen the Position of IT (competence center)
Business Continuity Management
Upcoming Large Investments
Replacement of Legacy Systems / Standardization
Mergers & Acquisitions
Next Generation Workplace
Extended Workbench
CIO Prestige / Me-Too
Collaboration / Knowledge-Sharing
Private Equity Carve Out
PwC
Cloud business expectations in The Netherlands Results surveys in the Dutch Market
59%
6
Cloudificating the market
77%
53%
64%
See Cloud computing as future model of IT.
See a future in Cloud computing or see it as a viable future option.
Of the companies already incorporated Cloud computing into their organisations strategy.
Of the companies have or are thinking of moving business critical systems to the Cloud.
PwC
Cloud life cycle, from a user’s perspective
Cloudificating the market
7
Phase Activities Results Benefits
• Potential Analysis • Economic Analysis
• Stakeholder /Readiness Analysis • Requirement Analysis
• Cloud Use Cases • Business Case • Status Determination
• Requirement Specification
• Adequacy • Certainty • Orientation • Accuracy
• Tendering • Provider Screening (Market Analysis) • Provider Selection
• Contracting (e.g. Privacy)
• Request for Proposal (RfP) • Provider Short-List • Affiliate
• Service Level Agreement (SLA)
• Traceability • Focus • Reliability • Efficiency
• Test Preparation & Implementation • Migration Preparation & Assistance
• Change & Communication Analysis
• Tax Optimization
• Test Plan, Test Cases, Test Results • Concept on Migration &
Documentation • Change Program, Communication Plan • Tax Optimization Concept
• Operability • Regularity • Sustainability • Efficiency
• Post-Implementation Review
• Security Penetration Testing • IA Support (Provider/User) • Dispute Handling
• Goal Attainment Evaluation
• Vulnerabilities • Audit Report • Mediation or Assessment
• Certainty • Transparency • Dependability • Neutrality
Deployment (Cloud users)
Discover
Leverage
Operate
Select
PwC
Cloud life cycle, from a supplier’s perspective
Cloudificating the market
8
Delivery (Cloud Providers)
Phase Activities Results Benefits
• Efficiency Analysis • Readiness Analysis • Transformation Strategy • Transaction Consulting
• Business Case • Status Determination • Cloud Business Model • Targeting, Pricing, Negotiation, Integration
• Planning Security • Orientation • Sustainability • Reliability
• SLA & Privacy Statements Analysis
• E-Invoicing, E-Archive • Software Revenue Recognition • License Auditing
• Legal Statement • Transposition Concept • Revenue Recognition due to US-GAAP • List & Evaluation of License Violations
• Certainty • Compliance • Reliability • Neutrality
• Service Assurance • Software Certification • Data Privacy Seal
• Report (ISAE3402, SOC1-3) • Attestation • Certificate (EuroPriSe)
• Compliance • Regularity • Conformity to Law
• Security Penetration Testing • Dispute Handling • Dashboard
• Security Flaws • Mediation or Assessment • KPI Cockpit
• Transparency • Neutrality • Governance
Business & Strategy
Software & Services
Sales & Revenue
Fulfillment
PwC
Our PwC “Go4Cloud Services”
1. Readiness4Cloud Company individual determination of the actual situation involving all necessary strategic, financial, operational, tax, legal and compliance aspects for a fluent project progression before or after entering the cloud.
2. Contracting4Cloud Contractually safeguard services through managing outsourcing relationships with special consideration of Cloud Computing specifics (such as specific performance requirements together with the situation of data privacy and license rights) as a premise for successful collaboration.
3. DataPrivacy4Cloud Protect data in terms of laws through analysis, assessment and certification of organizational and technical precautionary measures (e.g. in the context of the EuroPriSe catalogue).
4. Security4Cloud More security from the beginning through risk- and threat analysis, creation and audit of safety concepts or supporting planned safety measures together with execution of security tests to identify and fix security flaws.
5. Certification4Cloud Creating trust through voluntary or mandatory certification for cloud services and cloud software solutions (e.g. Software as a Service) with or without relation to financial reporting according to defined, internationally accepted standards. Cloudificating the market
9
PwC
Readiness4Cloud: an overview
Cloudificating the market
10
Strong reporting tool and model:
PwC
Protecting information… …IT strategy & IT organisation
• Identify which strategic business objectives can be supported or accelerated by cloud computing.
• Adapt the IT strategy and/or the IT goals.
• Define the level of security that cloud services must achieve.
• Establish clear principles (Private vs. Public Cloud).
• Update your risk management with regard to the use of services.
• Define clear responsibilities, including responsibilities:
o between business and IT, o to service providers, o between different service providers.
• Define a similar reporting structure to enable reports from different internal and external stakeholders to be comparable.
• Adjust security concepts or develop new security concepts for new technologies.
• Create awareness of the opportunities and risks.
Cloudificating the market
11
Cloud Computing isn’t a goal in itself Responsibility cannot be outsourced
PwC
Protecting information… …IT processes & IT technology
• Adjust the internal controls or develop new control mechanisms.
• Adjust the demand and supply processes, including
o Provisioning, o De-provisioning, o Administration, o Billing.
• Integrate license and supplier management in the IT processes.
• Define the type and frequency of monitoring.
• Consider the information security aspects already during the design of a service or during the service or provider selection.
• Test the interoperability of the various Cloud services in relation to a possible switch in provider.
• Please note that in a chain of services the overall availability will decrease with each additional service.
• The closer the protective measures are to the data they are protecting, the sooner confidentiality and integrity is assured.
Cloudificating the market
12
Cloud computing is not limited to IT technologies
New technologies pose new risks
PwC
Risk and assurance from a provider perspective
Cloudificating the market
13
• Focus on financial reporting • Applicable on international level • Predefined reporting structure • Audit report can cover individual
audits/reviews initiated by your clients
• Audit scope and extent can be tailored
• Annual recertification (for type II) • No explicit focus on cloud services,
specific topics can be added
Evaluation • Focus on cloud services (XaaS) • Applicable on international level • Predefined reporting structure, set
of criteria and requirements enable highly comparable results
• Selection which of the 5 trust services criteria should be on scope
• High advertising impact with SOC 3 web seal and using AICPA logo
• General use report with a manage-ment summary for SOC 3 (incl. CPA’s opinion)
ISAE 3402 / SOC 1
SOC 2 / SOC 3
• Focus on assurance engagements other than audits or reviews of his-torical financial information (no other adequate standards existing)
• Applicable on international level • Description of basic audit
requirements and principles • Scope, evaluation criteria, extent
can be tailored individually • Cloud specific topics can be
included
• Focus on data privacy • Cloud specific topics includable • Applicable for European legal area • Evaluation of an IT product or IT
based service conducted by a 3rd party expert and a validation by an impartial certification body
• Affirming compliance with deman-ding certification criteria (based on EU Data Protection Directive)
• Visible privacy seal for companies taking consumer privacy seriously
ISAE 3000
EuroPriSe
3000
PwC
Digital strategy & transformation
SharePoint
14
augustus 2011
PwC
Strategy
Structure
People
Process
Technology
Digital Strategy & Transformation is PwC’s point-of-view on how enterprises need to adapt their business models and operations to meet the enhanced expectations of the Digital Consumer and ecosystem
Business benefits
Consumer
loyalty
Revenue growth
Risk and compliance
Cost reduction
Cloud computing
Enhanced customer
expectations
New business models
DT defines the internal & external changes enterprises must make to
thrive in this new digital ecosystem.
15
What is Digital Strategy & Transformation?
PwC
Gestructureerde vs. ongestructureerde informatie
• Gebruikt door de mens
• Foto’s
• Office documenten
• Grafieken en tekeningen
• Web pagina’s en inhoud
• Video
Ongestructureerd
• Verwerkt door systemen
• Databases
• Inkoop en verkoop
• Accounting
• Human resources
Gestructureerd
PwC
Attentiepunten SharePoint SharePoint: de uitdagingen en issues
Uitdagingen
• Gemakkelijk toegankelijk wat leidt tot een ad hoc benadering van de implementatie zonder dat dit resulteert in Business Value
• Chaos is snel gerealiseerd als gevolg van de toename aan bijvoorbeeld ongestructureerde data
• Implementatie start vanuit een technisch perspectief
• Snelle groei van SharePoint applicaties en de hierbij behorende uren aan beheer
• Relatief jonge markt; maken of kopen
• Beveiliging en duplicatie van documenten
• Adoptie en wijzigingenbeheer
• Definiëren lange termijn visie voorbij document management / samenwerking
Issues
• Veel content gegenereerd, maar leest iemand het?
• Gebrek aan compliance
• Aanwezige legacy software
• Veel duplicaten – welk document bevat de waarheid?
• Onmogelijk om documenten te delen met externe partners
• Groei ongestructureerde data
• Moeilijk om documenten te vinden
• Inhoud blijft benaderbaar
• Gelanceerd door IT als een service, met tot gevolg lage adoptie
Eerste uitdagingen 1. Visie
2. Alignment 3. Governance
PwC
SharePoint 2010 / 2013 – kritische succesfactoren
Business Process
Integration
Business
Intelligence
Governance
aaaa
CommunicationChange Mgmt
Migratie
2010 > 2013
PwC
Trending topics
Wat zijn de belangrijkste ontwikkelingen op dit gebied?
• Dynamischere manier van informatie uitwisseling
• Uitrol SharePoint 2013
• Trends in de technologie zoals Cloud computing en het gebruik van mobiele technologie
• Opkomst Apps en beheer daarvan
• Opkomst interne social media bij grotere bedrijven
• Grotere afhankelijkheid van continuïteit en informatiebeveiliging
• Applicatielandschap van organisaties die niet klaar zijn voor het digitaliseringsproces
• Verregaande ketenintegratie door middel van digitalisering
• Steeds beter kunnen voorzien in real time informatie
• Ontsluiting van informatie over bestaande ERP oplossingen
• Groei ongestructureerde data
• Kwaliteit van partners
• Adoptie beperkt na implementatie
• Niet optimaal benutten van SharePoint
• 2010 versie met add ons versus 2013
• Complexiteit van migratie naar nieuwe SP versie?
SharePoint 2010/2013 Governance
Governance
aaaa
20
IT Governance
Information Management
Application Management
Governance bij organisaties?
• Green field
• Puin ruimen
• Governance met zwakke centrale autoriteit
• Goverance in omgeving met nadruk op compliance
• Governance in hiërarchisch gemanagede organisaties
• De organisatie gebruikt IT governance
PwC
Praktijk case
21
Klant X
- Men wil SharePoint, argumentatie?
- Wat moet SP gaan bijdragen aan de business? Nu en in 2016?
- Projectteam gevormd zonder business bijdrage?
- Gebruik als document management oplossing, SP kan veel meer
- Geen kennis over SP
- Lage volwassenheidsgraag m.b.t. procedures
- Wie is projectverantwoordelijke?
- Windows AD ?
- Investeren in 2010 of 2013 Beta?
PwC
Governance SharePoint
pwc
Beleid & procedures
Training & communicatie– Creeer bewustwording, adoptie en productiviteit
Dimensies rondom governance
Informatiebeveiliging Lifecycle management & eigenaarsschap
Informatie architectuur
Governance organisatie
Process/ operations governance
PwC
High level – Desired target state
Level 5 – Optimized
Level 1 – Unreliable
• All accountabilities, roles and responsibilities included in the Governance Organization are periodically evaluated and enforced
• Lifecycle Management processes are automated • Site and content security is actively monitored by the Organization and alerts and
notifications are sent to Site Owners of non-compliant sites and content
Level 4 – Managed
Level 3 – Standardized
Level 2 – Informal
• Governance process is sustained through regular reviews and is updated and improved as needed
• Information Security policies and processes are monitored, updated and followed. • Information Architecture policies and processes are monitored, updated and followed • Lifecycle Management policies and processes are monitored, updated and followed • A SharePoint Community of Interest has been created as a platform to raise awareness
and adoption
• A Governance Organization is defined and established
• Information Security policies and processes are defined and documented • Information Architecture policies and processes are defined and documented • Lifecycle Management policies and processes are defined and documented • SharePoint Administration, Development and Deployment policies and processes are
defined and documented
• Need for a Governance Organization is recognized but exists in an informal manner. • Information security policies and processes are not defined and documented. • Information Architecture policies and processes are not formalized and documented • Lifecycle Management policies and processes are not defined and documented • SharePoint Administration, Development and Deployment policies and processes are
informally followed by individuals but may not be consistent and are not defined and documented
• Information Architecture policies and processes are non-existent. User experience is very inconsistent
• No established processes and policies for Lifecycle Management exist
• SharePoint operations are rudimentary in nature
• Information Security is not supported
Optimized
Unreliable
Managed
Standardized
Informal
Value to Business -Illustrative
Current
6-12 months
18 months
Target profile
Beyond 18 Months
Focus: Progress to “Standardized” and then “Managed” from Informal
PwC
Cloud, een revolutie in goede banen leiden
• Zet uw concurrenten op achterstand
• Ongekende mogelijkheden tot betere samenwerking
• Houdt zicht op informatie, die buiten beheer I/E wordt gedeeld
• Bepaal wat compliance voor uw organisatie betekent
• Waar liggen uw uitdagingen en hoe kunt u governance beleid
inrichten
24
augustus 2011