Managing the cloud revolution

Cloud, een revolutie in goede banen leiden.

Maak SharePoint toegankelijk !

1

11 Juni 2013, Amsterdam

Wim Hutten, partner PwC [email protected]

PwC

Discover, select, operate, Leverage

Cloud

2

augustus 2011

PwC

Cloud life cycle, from a user’s perspective

Cloudificating the market

3

Select

Discover Operate

Leverage

PwC

Shifting from Technology to Business


4

Platform as a Service (PaaS)

X-as a Service

Software as a Service (SaaS)

Infrastructure as a Service(IaaS)

Save Money

CIO/CFO

1. Enabling Cloud Infrastructure

Run Better

COO/PO

2. Transforming Business

Operations

Make Money

CEO

3. Monetizing Differentiated

Services

Extend Reach

CMO

4. Energizing Channels &

Communities

Be Agile

What Cloud Is What Cloud Means For Business

B2ITAlignment/Digital Transformation

PwC

What motivates to move to the Cloud?


5

Cost Reduction (SaaS for Support Processes)

Infrastructure Scalability

Strengthen the Position of IT (competence center)

Business Continuity Management

Upcoming Large Investments

Replacement of Legacy Systems / Standardization

Mergers & Acquisitions

Next Generation Workplace

Extended Workbench

CIO Prestige / Me-Too

Collaboration / Knowledge-Sharing

Private Equity Carve Out

PwC

Cloud business expectations in The Netherlands Results surveys in the Dutch Market

59%

6


77%

53%

64%

See Cloud computing as future model of IT.

See a future in Cloud computing or see it as a viable future option.

Of the companies already incorporated Cloud computing into their organisations strategy.

Of the companies have or are thinking of moving business critical systems to the Cloud.

PwC

Cloud life cycle, from a user’s perspective


7

Phase Activities Results Benefits

• Potential Analysis • Economic Analysis

• Stakeholder /Readiness Analysis • Requirement Analysis

• Cloud Use Cases • Business Case • Status Determination

• Requirement Specification

• Adequacy • Certainty • Orientation • Accuracy

• Tendering • Provider Screening (Market Analysis) • Provider Selection

• Contracting (e.g. Privacy)

• Request for Proposal (RfP) • Provider Short-List • Affiliate

• Service Level Agreement (SLA)

• Traceability • Focus • Reliability • Efficiency

• Test Preparation & Implementation • Migration Preparation & Assistance

• Change & Communication Analysis

• Tax Optimization

• Test Plan, Test Cases, Test Results • Concept on Migration &

Documentation • Change Program, Communication Plan • Tax Optimization Concept

• Operability • Regularity • Sustainability • Efficiency

• Post-Implementation Review

• Security Penetration Testing • IA Support (Provider/User) • Dispute Handling

• Goal Attainment Evaluation

• Vulnerabilities • Audit Report • Mediation or Assessment

• Certainty • Transparency • Dependability • Neutrality

Deployment (Cloud users)

Discover

Leverage

Operate

Select

PwC

Cloud life cycle, from a supplier’s perspective


8

Delivery (Cloud Providers)

Phase Activities Results Benefits

• Efficiency Analysis • Readiness Analysis • Transformation Strategy • Transaction Consulting

• Business Case • Status Determination • Cloud Business Model • Targeting, Pricing, Negotiation, Integration

• Planning Security • Orientation • Sustainability • Reliability

• SLA & Privacy Statements Analysis

• E-Invoicing, E-Archive • Software Revenue Recognition • License Auditing

• Legal Statement • Transposition Concept • Revenue Recognition due to US-GAAP • List & Evaluation of License Violations

• Certainty • Compliance • Reliability • Neutrality

• Service Assurance • Software Certification • Data Privacy Seal

• Report (ISAE3402, SOC1-3) • Attestation • Certificate (EuroPriSe)

• Compliance • Regularity • Conformity to Law

• Security Penetration Testing • Dispute Handling • Dashboard

• Security Flaws • Mediation or Assessment • KPI Cockpit

• Transparency • Neutrality • Governance

Business & Strategy

Software & Services

Sales & Revenue

Fulfillment

PwC

Our PwC “Go4Cloud Services”

1. Readiness4Cloud Company individual determination of the actual situation involving all necessary strategic, financial, operational, tax, legal and compliance aspects for a fluent project progression before or after entering the cloud.

2. Contracting4Cloud Contractually safeguard services through managing outsourcing relationships with special consideration of Cloud Computing specifics (such as specific performance requirements together with the situation of data privacy and license rights) as a premise for successful collaboration.

3. DataPrivacy4Cloud Protect data in terms of laws through analysis, assessment and certification of organizational and technical precautionary measures (e.g. in the context of the EuroPriSe catalogue).

4. Security4Cloud More security from the beginning through risk- and threat analysis, creation and audit of safety concepts or supporting planned safety measures together with execution of security tests to identify and fix security flaws.

5. Certification4Cloud Creating trust through voluntary or mandatory certification for cloud services and cloud software solutions (e.g. Software as a Service) with or without relation to financial reporting according to defined, internationally accepted standards. Cloudificating the market

9

https://www.european-privacy-seal.eu/

PwC

Readiness4Cloud: an overview


10

Strong reporting tool and model:

PwC

Protecting information… …IT strategy & IT organisation

• Identify which strategic business objectives can be supported or accelerated by cloud computing.

• Adapt the IT strategy and/or the IT goals.

• Define the level of security that cloud services must achieve.

• Establish clear principles (Private vs. Public Cloud).

• Update your risk management with regard to the use of services.

• Define clear responsibilities, including responsibilities:

o between business and IT, o to service providers, o between different service providers.

• Define a similar reporting structure to enable reports from different internal and external stakeholders to be comparable.

• Adjust security concepts or develop new security concepts for new technologies.

• Create awareness of the opportunities and risks.


11

Cloud Computing isn’t a goal in itself Responsibility cannot be outsourced

PwC

Protecting information… …IT processes & IT technology

• Adjust the internal controls or develop new control mechanisms.

• Adjust the demand and supply processes, including

o Provisioning, o De-provisioning, o Administration, o Billing.

• Integrate license and supplier management in the IT processes.

• Define the type and frequency of monitoring.

• Consider the information security aspects already during the design of a service or during the service or provider selection.

• Test the interoperability of the various Cloud services in relation to a possible switch in provider.

• Please note that in a chain of services the overall availability will decrease with each additional service.

• The closer the protective measures are to the data they are protecting, the sooner confidentiality and integrity is assured.


12

Cloud computing is not limited to IT technologies

New technologies pose new risks

PwC

Risk and assurance from a provider perspective


13

• Focus on financial reporting • Applicable on international level • Predefined reporting structure • Audit report can cover individual

audits/reviews initiated by your clients

• Audit scope and extent can be tailored

• Annual recertification (for type II) • No explicit focus on cloud services,

specific topics can be added

Evaluation • Focus on cloud services (XaaS) • Applicable on international level • Predefined reporting structure, set

of criteria and requirements enable highly comparable results

• Selection which of the 5 trust services criteria should be on scope

• High advertising impact with SOC 3 web seal and using AICPA logo

• General use report with a manage-ment summary for SOC 3 (incl. CPA’s opinion)

ISAE 3402 / SOC 1

SOC 2 / SOC 3

• Focus on assurance engagements other than audits or reviews of his-torical financial information (no other adequate standards existing)

• Applicable on international level • Description of basic audit

requirements and principles • Scope, evaluation criteria, extent

can be tailored individually • Cloud specific topics can be

included

• Focus on data privacy • Cloud specific topics includable • Applicable for European legal area • Evaluation of an IT product or IT

based service conducted by a 3rd party expert and a validation by an impartial certification body

• Affirming compliance with deman-ding certification criteria (based on EU Data Protection Directive)

• Visible privacy seal for companies taking consumer privacy seriously

ISAE 3000

EuroPriSe

3000

https://ixquick.com/graphics/europrise_logo_new.gif

http://isae3402.com/index.html

PwC

Digital strategy & transformation

SharePoint

14

augustus 2011

PwC

Strategy

Structure

People

Process

Technology

Digital Strategy & Transformation is PwC’s point-of-view on how enterprises need to adapt their business models and operations to meet the enhanced expectations of the Digital Consumer and ecosystem

Business benefits

Consumer

loyalty

Revenue growth

Risk and compliance

Cost reduction

Cloud computing

Enhanced customer

expectations

New business models

DT defines the internal & external changes enterprises must make to

thrive in this new digital ecosystem.

15

What is Digital Strategy & Transformation?

PwC

Gestructureerde vs. ongestructureerde informatie

• Gebruikt door de mens

• Foto’s

• Office documenten

• Grafieken en tekeningen

• Web pagina’s en inhoud

• E-mail

• Video

Ongestructureerd

• Verwerkt door systemen

• Databases

• Inkoop en verkoop

• Accounting

• Human resources

Gestructureerd

PwC

Attentiepunten SharePoint SharePoint: de uitdagingen en issues

Uitdagingen

• Gemakkelijk toegankelijk wat leidt tot een ad hoc benadering van de implementatie zonder dat dit resulteert in Business Value

• Chaos is snel gerealiseerd als gevolg van de toename aan bijvoorbeeld ongestructureerde data

• Implementatie start vanuit een technisch perspectief

• Snelle groei van SharePoint applicaties en de hierbij behorende uren aan beheer

• Relatief jonge markt; maken of kopen

• Beveiliging en duplicatie van documenten

• Adoptie en wijzigingenbeheer

• Definiëren lange termijn visie voorbij document management / samenwerking

Issues

• Veel content gegenereerd, maar leest iemand het?

• Gebrek aan compliance

• Aanwezige legacy software

• Veel duplicaten – welk document bevat de waarheid?

• Onmogelijk om documenten te delen met externe partners

• Groei ongestructureerde data

• Moeilijk om documenten te vinden

• Inhoud blijft benaderbaar

• Gelanceerd door IT als een service, met tot gevolg lage adoptie

Eerste uitdagingen 1. Visie

2. Alignment 3. Governance

PwC

SharePoint 2010 / 2013 – kritische succesfactoren

Business Process

Integration

Business

Intelligence

Governance

aaaa

CommunicationChange Mgmt

Migratie

2010 > 2013

PwC

Trending topics

Wat zijn de belangrijkste ontwikkelingen op dit gebied?

• Dynamischere manier van informatie uitwisseling

• Uitrol SharePoint 2013

• Trends in de technologie zoals Cloud computing en het gebruik van mobiele technologie

• Opkomst Apps en beheer daarvan

• Opkomst interne social media bij grotere bedrijven

• Grotere afhankelijkheid van continuïteit en informatiebeveiliging

• Applicatielandschap van organisaties die niet klaar zijn voor het digitaliseringsproces

• Verregaande ketenintegratie door middel van digitalisering

• Steeds beter kunnen voorzien in real time informatie

• Ontsluiting van informatie over bestaande ERP oplossingen

• Groei ongestructureerde data

• Kwaliteit van partners

• Adoptie beperkt na implementatie

• Niet optimaal benutten van SharePoint

• 2010 versie met add ons versus 2013

• Complexiteit van migratie naar nieuwe SP versie?

SharePoint 2010/2013 Governance

Governance

aaaa

20

IT Governance

Information Management

Application Management

Governance bij organisaties?

• Green field

• Puin ruimen

• Governance met zwakke centrale autoriteit

• Goverance in omgeving met nadruk op compliance

• Governance in hiërarchisch gemanagede organisaties

• De organisatie gebruikt IT governance

PwC

Praktijk case

21

Klant X

- Men wil SharePoint, argumentatie?

- Wat moet SP gaan bijdragen aan de business? Nu en in 2016?

- Projectteam gevormd zonder business bijdrage?

- Gebruik als document management oplossing, SP kan veel meer

- Geen kennis over SP

- Lage volwassenheidsgraag m.b.t. procedures

- Wie is projectverantwoordelijke?

- Windows AD ?

- Investeren in 2010 of 2013 Beta?

PwC

Governance SharePoint

pwc

Beleid & procedures

Training & communicatie– Creeer bewustwording, adoptie en productiviteit

Dimensies rondom governance

Informatiebeveiliging Lifecycle management & eigenaarsschap

Informatie architectuur

Governance organisatie

Process/ operations governance

PwC

High level – Desired target state

Level 5 – Optimized

Level 1 – Unreliable

• All accountabilities, roles and responsibilities included in the Governance Organization are periodically evaluated and enforced

• Lifecycle Management processes are automated • Site and content security is actively monitored by the Organization and alerts and

notifications are sent to Site Owners of non-compliant sites and content

Level 4 – Managed

Level 3 – Standardized

Level 2 – Informal

• Governance process is sustained through regular reviews and is updated and improved as needed

• Information Security policies and processes are monitored, updated and followed. • Information Architecture policies and processes are monitored, updated and followed • Lifecycle Management policies and processes are monitored, updated and followed • A SharePoint Community of Interest has been created as a platform to raise awareness

and adoption

• A Governance Organization is defined and established

• Information Security policies and processes are defined and documented • Information Architecture policies and processes are defined and documented • Lifecycle Management policies and processes are defined and documented • SharePoint Administration, Development and Deployment policies and processes are

defined and documented

• Need for a Governance Organization is recognized but exists in an informal manner. • Information security policies and processes are not defined and documented. • Information Architecture policies and processes are not formalized and documented • Lifecycle Management policies and processes are not defined and documented • SharePoint Administration, Development and Deployment policies and processes are

informally followed by individuals but may not be consistent and are not defined and documented

• Information Architecture policies and processes are non-existent. User experience is very inconsistent

• No established processes and policies for Lifecycle Management exist

• SharePoint operations are rudimentary in nature

• Information Security is not supported

Optimized

Unreliable

Managed

Standardized

Informal

Value to Business -Illustrative

Current

6-12 months

18 months

Target profile

Beyond 18 Months

Focus: Progress to “Standardized” and then “Managed” from Informal

PwC

Cloud, een revolutie in goede banen leiden

• Zet uw concurrenten op achterstand

• Ongekende mogelijkheden tot betere samenwerking

• Houdt zicht op informatie, die buiten beheer I/E wordt gedeeld

• Bepaal wat compliance voor uw organisatie betekent

• Waar liggen uw uitdagingen en hoe kunt u governance beleid

inrichten

24

augustus 2011