SlideShare ist ein Scribd-Unternehmen logo

Cloud Security Keynote: Cloud-Mobile Convergence: IT's Next Horizon, CISO's Next Challenge

Livingstone Advisory
Livingstone Advisory

The world of computing is moving to the cloud —shared infrastructure, shared systems, instant provisioning, and pay-as-you-go services. And users can enjoy anytime, anywhere access to services and their data, on any device. But are we secure within the new cloud environments? Are information assets adequately protected as they move around in the cloud? The answer to both is yes— as long as your underlying security architecture has been designed for the cloud. In this session, Rob Livingstone will examine key security considerations surrounding the convergence of hybrid clouds, mobile devices and BYOD, and provide practical guidance on how to identify, mitigate and the key technical and systemic risks in your Cloud journey.

TechnologieBusiness
1 von 25
Cloud Security Keynote: Cloud-Mobile Convergence: IT's Next Horizon, CISO's Next Challenge Presented by: Rob Livingstone Principal – Rob Livingstone Advisory Pty Ltd Fellow – University of Technology, Sydney
What I will be covering 1. Exploring the real definition of Cloud 2. Scope of this presentation 3. Systemic vs. Technical risks 4. Hybrid Cloud is the reality 5. Adding in mobility 6. BYOD, or Bring your own Disaster? 7. Hybrid Cloud + Mobility + BYOD  Systemic Risk? 8. Standards? Which standards? 9. Orchestrating the transition
1. Exploring the real definition of Cloud The most sensible Definition of Cloud: “Forget your technical definition of the Cloud, ask your mom what the Cloud is…. …And what your mother will tell you about the Cloud is that it means it’s not on my computer.” Dave Asprey – Global VP, Cloud Security, Trend Micro ‘Navigating through the Cloud ‘ - Podcast Episode 23 rd May 2012
2. Scope of this presentation
2. Scope of this presentation • Mission critical, non-commodity, enterprise systems • Multi-year investment in a cloud solution • Shifting existing enterprise capability to Cloud, (or integrating) • Mid to large enterprise • High security, privacy and confidentiality needs • High governance loads and compliance environments • Low risk appetite / high failure penalty environments
3. Systemic vs. Technical Risk Systemic Risks • Taking a systemic view of risk will give you a better perspective of the actual risk, rather that what you think the risk might be • Systemic risks are those with the greatest potential impact as they affect the entire system (ie: Organisation, government, country, world…) • Case in Point: How is that the finance industry, which is one of the more regulated, and invests heavily in risk identification, mitigation and transference could be the cause of the current global financial problems? • Systemic risk for the enterprise is the silent killer and is often the hardest to identify as only a few have a complete, transparent and objective overview of the overall enterprise in sufficient detail. • Mitigation through approaches such as Enterprise Risk Management (ERM), origins in fraud, organisational governance, insurance, etc
3. Systemic vs. Technical Risk Technical (or functional) Risk • Identifying, categorising and ranking technical and functional risks is core to conventional IT risk assessment approaches: o Risk of a specific event = (Impact x Probability of that event occurring) + Risk Adjustment • Underpins conventional risk certification frameworks e.g. ISO 2700X • Certification does not necessarily equal security or effectiveness of your risk management model • Often focusing on the diverse range of technical risks, does not account for the interaction between risks. • Systemic risks are often more significant than the sum of the individual, technical risks
4. Hybrid Cloud is the reality Hybrid will be the dominant form in the enterprise “Within five years, it will be primarily deployed by enterprises working in a hybrid mode”. - Gartner Gartner "Predicts 2012: Cloud Computing Is Becoming a Reality” (Published: 8 December 2011 ID:G00226103)
4. Hybrid Cloud is the reality …. And with the Hybrid Cloud comes complexity…. le si mp is not m ste c o sy this e n g n a gi Ma
4. Hybrid Cloud is the reality …. As is the complexity….! • Orchestrating versioning, change control and rollback • Life expectancy alignments • Business Continuity • Identity Management • Due diligence • Forensics • BYOD • Mobility • Legislative / Jurisdictional • Contractual complexity ….. To name but a few
4. Hybrid Cloud is the reality …. And what about availability in the Hybrid Cloud? Availability of hybrid will be lower in a hybrid model due to the 'weakest link' effect in the cloud ecosystem
4. Hybrid Cloud is the reality Hybrid cloud can contribute to…. •Increased vulnerability due to its fragmented architecture and larger surface … •however if it is properly architected, risks largely eliminated by implementing measures such as… o Deploying effective policy based key management processes o Properly segmenting your public and private clouds o Encrypting each part of the hybrid Cloud with separate keys o … amongst other measures
5. Adding in Mobility Mobile Devices •Are powerful cloud access devices •Extend the perimeter of your cloud •Disperse the perimeter to your cloud Have the potential to increase the vulnerability •The compromising of one of these mobile devices could be significant and compromise your entire cloud. •Use policy based key management regimes for your data.
6. BYOD or Bring Your Own Disaster? BYOD stands for Bring Your Own Device, •Reflects the increasing demands of users and organisations of their own IT departments to be increasingly agile and responsive to their needs when it comes to iPads, tablets and other mobile devices. •Read the NIST Draft Guidelines http://csrc.nist.gov/publications/drafts/800- 124r1/draft_sp800-124-rev1.pdf
6. BYOD or Bring Your Own Disaster? BYOD requires management: •Deploy Mobile Device Management systems (Remote wipe, policy enforcement) •Introduce a non-porous Virtual Desktop environment - No data can flow between the Cloud system and the mobile device itself •Containerisation: • Segregates corporate from personal data and applications • Enforces encryption and prevention of data leakage between containers • Application / device specific therefore can be a challenge to expand across the entire mobile environment for all applications.
7 . Hybrid Cloud + Mobility + BYOD  Systemic Risk? Is the Systemic risk increased by the combination of: – Hybrid Cloud es ’ s ‘Y – Mobility w er i e a ns – BYOD? at t h t th ug ges d s o ul Iw
8. Standards? Which standards? Plethora of forums, industry groups and associations – Cloud Security Alliance – Cloud Standards Customer Council – Distributed Management Task Force (DMTF) – Cloud Management Working Group (CMWG) – The European Telecommunications Standards Institute (ETSI) – National Institute of Standards and Technology (NIST) – Open Grid Forum (OGF) – Object Management Group (OMG) – Open Cloud Consortium (OCC) – Organization for the Advancement of Structured Information Standards (OASIS) – Storage Networking Industry Association (SNIA) – The Open Group – Association for Retail Technology Standards (ARTS) – TM Forum’s Cloud Services Initiative Source: cloud-standards.org
8. Standards? Which standards? • Compliance standards were originally designed for on-premise IT systems and infrastructure that were relatively static • Auditing institutions are averse to cutting edge technologies • Is your organisation standards driven? – Compliance to Standards vs. Unimpeded Innovation based on principle of caveat emptor? • Regulators not providing much specific and concrete guidance on Cloud
9. Orchestrating the Transition Consider these 5 pointers:
9. Orchestrating the Transition #1: Adopt an integrated approach to function specific methodologies and technologies • Standardised, traditional methodologies within specific disciplines such as IT security, project management, audit, and information security, in and of themselves, are self limiting. • Each discipline and/or technology is only really effective when applied in a coordinated orchestration with the other key moving parts of the organisation  Harmonization of functionally specific methodologies and technologies unleashes value and eliminates waste
9. Orchestrating the Transition #2: Manage the conflicting messages • 24% of CEOs surveyed in the 2012 PWC CEO Survey expect ‘major change’. • The eighth annual KPMG 2012 Audit Institute Report identified “IT Risk and Emerging Technologies” as the second-highest concern for audit committees, which is unprecedented in the history of the report. • Cloud evangelists see cloud as imperative, others not  Develop an effective mechanism for interpreting these messages in the context of your business
9. Orchestrating the Transition #3: Actively identify, embrace and managing shadow IT “Shadow IT can create risks of data loss, corruption or misuse, and risks of inefficient and disconnected processes and information” – Gartner*  Embrace shadow IT, and define what and what is not eligible to be considered enterprise IT *CIO New Year's Resolutions, 2012 ID:G00227785)
9. Orchestrating the Transition #4: Identify systemic risks across the organisation • Systemic risks can kill your business  Ensure your executives and key decision makers are aware of long term, systemic risks  Consider implementing Enterprise Risk Management (ERM)
9. Orchestrating the Transition #5: Don’t gloss over complexity • Senior managers with functional responsibility over specific vertical silos of the organisation may underestimate the overall complexity of their own business as a whole. • From a functional perspective, specific methodologies exist to support specific activities.  Don’t believe that simple IT solutions can paper over underlying business complexity. Test assumptions if critical.
Thank You Rob Livingstone Principal – Rob Livingstone Advisory Pty Ltd Fellow – University of Technology, Sydney www.rob-livingstone.com www.navigatingthroughthecloud.com

Empfohlen

Why the systemic risks in Enterprise Cloud Computing could cripple your busin...
Why the systemic risks in Enterprise Cloud Computing could cripple your busin...Why the systemic risks in Enterprise Cloud Computing could cripple your busin...
Why the systemic risks in Enterprise Cloud Computing could cripple your busin...
Livingstone Advisory
 
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Livingstone Advisory
 
Where worlds collide: Agile, Project Management, Risk and Cloud?
Where worlds collide: Agile, Project Management, Risk and Cloud?Where worlds collide: Agile, Project Management, Risk and Cloud?
Where worlds collide: Agile, Project Management, Risk and Cloud?
Livingstone Advisory
 
Maximising the opportunities offered by emerging technologies within the chan...
Maximising the opportunities offered by emerging technologies within the chan...Maximising the opportunities offered by emerging technologies within the chan...
Maximising the opportunities offered by emerging technologies within the chan...
Livingstone Advisory
 
Career implications for the Business Analyst in the age of digital disruption
Career implications for the Business Analyst in the age of digital disruptionCareer implications for the Business Analyst in the age of digital disruption
Career implications for the Business Analyst in the age of digital disruption
Livingstone Advisory
 
Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...
Livingstone Advisory
 
Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...
Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...
Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...
Livingstone Advisory
 
Future Tech: How should enterprise avoid the 'success trap' of the next big t...
Future Tech: How should enterprise avoid the 'success trap' of the next big t...Future Tech: How should enterprise avoid the 'success trap' of the next big t...
Future Tech: How should enterprise avoid the 'success trap' of the next big t...
Livingstone Advisory
 

Empfohlen

Why the systemic risks in Enterprise Cloud Computing could cripple your busin...
Why the systemic risks in Enterprise Cloud Computing could cripple your busin...Why the systemic risks in Enterprise Cloud Computing could cripple your busin...
Why the systemic risks in Enterprise Cloud Computing could cripple your busin...
Livingstone Advisory
 
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Livingstone Advisory
 
Where worlds collide: Agile, Project Management, Risk and Cloud?
Where worlds collide: Agile, Project Management, Risk and Cloud?Where worlds collide: Agile, Project Management, Risk and Cloud?
Where worlds collide: Agile, Project Management, Risk and Cloud?
Livingstone Advisory
 
Maximising the opportunities offered by emerging technologies within the chan...
Maximising the opportunities offered by emerging technologies within the chan...Maximising the opportunities offered by emerging technologies within the chan...
Maximising the opportunities offered by emerging technologies within the chan...
Livingstone Advisory
 
Career implications for the Business Analyst in the age of digital disruption
Career implications for the Business Analyst in the age of digital disruptionCareer implications for the Business Analyst in the age of digital disruption
Career implications for the Business Analyst in the age of digital disruption
Livingstone Advisory
 
Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...
Livingstone Advisory
 
Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...
Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...
Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...
Livingstone Advisory
 
Future Tech: How should enterprise avoid the 'success trap' of the next big t...
Future Tech: How should enterprise avoid the 'success trap' of the next big t...Future Tech: How should enterprise avoid the 'success trap' of the next big t...
Future Tech: How should enterprise avoid the 'success trap' of the next big t...
Livingstone Advisory
 
Cloud computing: What you need to know as an Australian Finance Director
Cloud computing: What you need to know as an Australian Finance DirectorCloud computing: What you need to know as an Australian Finance Director
Cloud computing: What you need to know as an Australian Finance Director
Livingstone Advisory
 
Thriving in the world of Big Data
Thriving in the world of Big DataThriving in the world of Big Data
Thriving in the world of Big Data
Livingstone Advisory
 
Rob Livingstone Advisory - The risks of a fractured cloud strategy within th...
Rob Livingstone Advisory - The risks of a fractured cloud strategy within th...Rob Livingstone Advisory - The risks of a fractured cloud strategy within th...
Rob Livingstone Advisory - The risks of a fractured cloud strategy within th...
Livingstone Advisory
 
Exploring the opportunities and pitfalls of new and emerging technologies in ...
Exploring the opportunities and pitfalls of new and emerging technologies in ...Exploring the opportunities and pitfalls of new and emerging technologies in ...
Exploring the opportunities and pitfalls of new and emerging technologies in ...
Livingstone Advisory
 
Exploring the opportunities and pitfalls of Cloud Computing in Australian loc...
Exploring the opportunities and pitfalls of Cloud Computing in Australian loc...Exploring the opportunities and pitfalls of Cloud Computing in Australian loc...
Exploring the opportunities and pitfalls of Cloud Computing in Australian loc...
Livingstone Advisory
 
The ‘success trap’ of new, emerging and disruptive technologies
The ‘success trap’ of new, emerging and disruptive technologiesThe ‘success trap’ of new, emerging and disruptive technologies
The ‘success trap’ of new, emerging and disruptive technologies
Livingstone Advisory
 
Your Leadership Brand - The CIO as Business Strategist driving innovation. CI...
Your Leadership Brand - The CIO as Business Strategist driving innovation. CI...Your Leadership Brand - The CIO as Business Strategist driving innovation. CI...
Your Leadership Brand - The CIO as Business Strategist driving innovation. CI...
Livingstone Advisory
 
Cloud: Fuelling the crisis of confidence in corporate IT?
Cloud: Fuelling the crisis of confidence in corporate IT?Cloud: Fuelling the crisis of confidence in corporate IT?
Cloud: Fuelling the crisis of confidence in corporate IT?
Livingstone Advisory
 
Career resilience is the name of the game
Career resilience is the name of the gameCareer resilience is the name of the game
Career resilience is the name of the game
Livingstone Advisory
 
Cloud computing implications for project management methodologies
Cloud computing implications for project management methodologiesCloud computing implications for project management methodologies
Cloud computing implications for project management methodologies
Livingstone Advisory
 
Will the Cloud be your disaster, or will Cloud be your disaster recovery?
Will the Cloud be your disaster, or will Cloud be your disaster recovery?Will the Cloud be your disaster, or will Cloud be your disaster recovery?
Will the Cloud be your disaster, or will Cloud be your disaster recovery?
Livingstone Advisory
 
Rob livingstone CIO Strategy Summit - Park Hyatt Melbourne 17th feb 2012
Rob livingstone CIO Strategy Summit - Park Hyatt Melbourne 17th feb 2012Rob livingstone CIO Strategy Summit - Park Hyatt Melbourne 17th feb 2012
Rob livingstone CIO Strategy Summit - Park Hyatt Melbourne 17th feb 2012
Livingstone Advisory
 
CIA Trifecta ISACA Boise 2016 Watson
CIA Trifecta ISACA Boise 2016 WatsonCIA Trifecta ISACA Boise 2016 Watson
CIA Trifecta ISACA Boise 2016 Watson
Patricia M Watson
 
UU innovation masters november 2010
UU innovation masters november 2010UU innovation masters november 2010
UU innovation masters november 2010
Tim Willoughby
 
Social business and innovation
Social business and innovationSocial business and innovation
Social business and innovation
John Mancini
 
What does it take to engage employees and customers?
What does it take to engage employees and customers?What does it take to engage employees and customers?
What does it take to engage employees and customers?
John Mancini
 
A future history of content management
A future history of content managementA future history of content management
A future history of content management
John Mancini
 
McAfee and AIIM Task Force Findings
McAfee and AIIM Task Force FindingsMcAfee and AIIM Task Force Findings
McAfee and AIIM Task Force Findings
John Mancini
 
Everything You Need to Know About Enterprise IT in Three Slides
Everything You Need to Know About Enterprise IT in Three SlidesEverything You Need to Know About Enterprise IT in Three Slides
Everything You Need to Know About Enterprise IT in Three Slides
John Mancini
 
Information Security Shake-Up
Information Security Shake-Up Information Security Shake-Up
Information Security Shake-Up
EMC
 
Master your marketing PNC talk 19 September 2013
Master your marketing PNC talk 19 September 2013Master your marketing PNC talk 19 September 2013
Master your marketing PNC talk 19 September 2013
Ethan Chazin MBA
 
A career in_entrepreneurship_ethan_chazin_31oct2013
A career in_entrepreneurship_ethan_chazin_31oct2013A career in_entrepreneurship_ethan_chazin_31oct2013
A career in_entrepreneurship_ethan_chazin_31oct2013
Ethan Chazin MBA
 

Weitere ähnliche Inhalte

Was ist angesagt?

Your Leadership Brand - The CIO as Business Strategist driving innovation. CI...
Your Leadership Brand - The CIO as Business Strategist driving innovation. CI...Your Leadership Brand - The CIO as Business Strategist driving innovation. CI...
Your Leadership Brand - The CIO as Business Strategist driving innovation. CI...
Livingstone Advisory
 
Cloud computing implications for project management methodologies
Cloud computing implications for project management methodologiesCloud computing implications for project management methodologies
Cloud computing implications for project management methodologies
Livingstone Advisory
 
Will the Cloud be your disaster, or will Cloud be your disaster recovery?
Will the Cloud be your disaster, or will Cloud be your disaster recovery?Will the Cloud be your disaster, or will Cloud be your disaster recovery?
Will the Cloud be your disaster, or will Cloud be your disaster recovery?
Livingstone Advisory
 
Rob livingstone CIO Strategy Summit - Park Hyatt Melbourne 17th feb 2012
Rob livingstone CIO Strategy Summit - Park Hyatt Melbourne 17th feb 2012Rob livingstone CIO Strategy Summit - Park Hyatt Melbourne 17th feb 2012
Rob livingstone CIO Strategy Summit - Park Hyatt Melbourne 17th feb 2012
Livingstone Advisory
 
CIA Trifecta ISACA Boise 2016 Watson
CIA Trifecta ISACA Boise 2016 WatsonCIA Trifecta ISACA Boise 2016 Watson
CIA Trifecta ISACA Boise 2016 Watson
Patricia M Watson
 

Was ist angesagt? (20)

Cloud computing: What you need to know as an Australian Finance Director
Cloud computing: What you need to know as an Australian Finance DirectorCloud computing: What you need to know as an Australian Finance Director
Cloud computing: What you need to know as an Australian Finance Director
 
Thriving in the world of Big Data
Thriving in the world of Big DataThriving in the world of Big Data
Thriving in the world of Big Data
 
Rob Livingstone Advisory - The risks of a fractured cloud strategy within th...
Rob Livingstone Advisory - The risks of a fractured cloud strategy within th...Rob Livingstone Advisory - The risks of a fractured cloud strategy within th...
Rob Livingstone Advisory - The risks of a fractured cloud strategy within th...
 
Exploring the opportunities and pitfalls of new and emerging technologies in ...
Exploring the opportunities and pitfalls of new and emerging technologies in ...Exploring the opportunities and pitfalls of new and emerging technologies in ...
Exploring the opportunities and pitfalls of new and emerging technologies in ...
 
Exploring the opportunities and pitfalls of Cloud Computing in Australian loc...
Exploring the opportunities and pitfalls of Cloud Computing in Australian loc...Exploring the opportunities and pitfalls of Cloud Computing in Australian loc...
Exploring the opportunities and pitfalls of Cloud Computing in Australian loc...
 
The ‘success trap’ of new, emerging and disruptive technologies
The ‘success trap’ of new, emerging and disruptive technologiesThe ‘success trap’ of new, emerging and disruptive technologies
The ‘success trap’ of new, emerging and disruptive technologies
 
Your Leadership Brand - The CIO as Business Strategist driving innovation. CI...
Your Leadership Brand - The CIO as Business Strategist driving innovation. CI...Your Leadership Brand - The CIO as Business Strategist driving innovation. CI...
Your Leadership Brand - The CIO as Business Strategist driving innovation. CI...
 
Cloud: Fuelling the crisis of confidence in corporate IT?
Cloud: Fuelling the crisis of confidence in corporate IT?Cloud: Fuelling the crisis of confidence in corporate IT?
Cloud: Fuelling the crisis of confidence in corporate IT?
 
Career resilience is the name of the game
Career resilience is the name of the gameCareer resilience is the name of the game
Career resilience is the name of the game
 
Cloud computing implications for project management methodologies
Cloud computing implications for project management methodologiesCloud computing implications for project management methodologies
Cloud computing implications for project management methodologies
 
Will the Cloud be your disaster, or will Cloud be your disaster recovery?
Will the Cloud be your disaster, or will Cloud be your disaster recovery?Will the Cloud be your disaster, or will Cloud be your disaster recovery?
Will the Cloud be your disaster, or will Cloud be your disaster recovery?
 
Rob livingstone CIO Strategy Summit - Park Hyatt Melbourne 17th feb 2012
Rob livingstone CIO Strategy Summit - Park Hyatt Melbourne 17th feb 2012Rob livingstone CIO Strategy Summit - Park Hyatt Melbourne 17th feb 2012
Rob livingstone CIO Strategy Summit - Park Hyatt Melbourne 17th feb 2012
 
CIA Trifecta ISACA Boise 2016 Watson
CIA Trifecta ISACA Boise 2016 WatsonCIA Trifecta ISACA Boise 2016 Watson
CIA Trifecta ISACA Boise 2016 Watson
 
UU innovation masters november 2010
UU innovation masters november 2010UU innovation masters november 2010
UU innovation masters november 2010
 
Social business and innovation
Social business and innovationSocial business and innovation
Social business and innovation
 
What does it take to engage employees and customers?
What does it take to engage employees and customers?What does it take to engage employees and customers?
What does it take to engage employees and customers?
 
A future history of content management
A future history of content managementA future history of content management
A future history of content management
 
McAfee and AIIM Task Force Findings
McAfee and AIIM Task Force FindingsMcAfee and AIIM Task Force Findings
McAfee and AIIM Task Force Findings
 
Everything You Need to Know About Enterprise IT in Three Slides
Everything You Need to Know About Enterprise IT in Three SlidesEverything You Need to Know About Enterprise IT in Three Slides
Everything You Need to Know About Enterprise IT in Three Slides
 
Information Security Shake-Up
Information Security Shake-Up Information Security Shake-Up
Information Security Shake-Up
 

Andere mochten auch

UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...
UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...
UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...
Livingstone Advisory
 

Andere mochten auch (14)

Master your marketing PNC talk 19 September 2013
Master your marketing PNC talk 19 September 2013Master your marketing PNC talk 19 September 2013
Master your marketing PNC talk 19 September 2013
 
A career in_entrepreneurship_ethan_chazin_31oct2013
A career in_entrepreneurship_ethan_chazin_31oct2013A career in_entrepreneurship_ethan_chazin_31oct2013
A career in_entrepreneurship_ethan_chazin_31oct2013
 
Consumer behavior week4_attributes
Consumer behavior week4_attributesConsumer behavior week4_attributes
Consumer behavior week4_attributes
 
Exposing the systemic risks in enterprise cloud computing
Exposing the systemic risks in enterprise cloud computingExposing the systemic risks in enterprise cloud computing
Exposing the systemic risks in enterprise cloud computing
 
Get connected socialmedia_nyu_18april15_part1
Get connected socialmedia_nyu_18april15_part1Get connected socialmedia_nyu_18april15_part1
Get connected socialmedia_nyu_18april15_part1
 
Mktg sales week2_part1
Mktg sales week2_part1Mktg sales week2_part1
Mktg sales week2_part1
 
20121131 i week liepaja 2012, Art of Resilience
20121131 i week liepaja 2012, Art of Resilience20121131 i week liepaja 2012, Art of Resilience
20121131 i week liepaja 2012, Art of Resilience
 
Build a Brand From scratch
Build a Brand From scratchBuild a Brand From scratch
Build a Brand From scratch
 
UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...
UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...
UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...
 
Consumer behavior week2_valuesculture
Consumer behavior week2_valuescultureConsumer behavior week2_valuesculture
Consumer behavior week2_valuesculture
 
Get connected socialmedia_nyu_18april15_part2
Get connected socialmedia_nyu_18april15_part2Get connected socialmedia_nyu_18april15_part2
Get connected socialmedia_nyu_18april15_part2
 
Mktg sales week2_part2
Mktg sales week2_part2Mktg sales week2_part2
Mktg sales week2_part2
 
Map of the Cloud minefield - Banktech Sydney Summit 17 july 2012
Map of the Cloud minefield - Banktech Sydney Summit 17 july 2012 Map of the Cloud minefield - Banktech Sydney Summit 17 july 2012
Map of the Cloud minefield - Banktech Sydney Summit 17 july 2012
 
Mktg sales week2_part2
Mktg sales week2_part2Mktg sales week2_part2
Mktg sales week2_part2
 

Ähnlich wie Cloud Security Keynote: Cloud-Mobile Convergence: IT's Next Horizon, CISO's Next Challenge

1212 cloud standardisation j friedrich
1212 cloud standardisation j friedrich1212 cloud standardisation j friedrich
1212 cloud standardisation j friedrich
Jochen Friedrich
 
DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)
DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)
DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)
Gerardo Pardo-Castellote
 
Industrial IOT Data Connectivity Standard
Industrial IOT Data Connectivity StandardIndustrial IOT Data Connectivity Standard
Industrial IOT Data Connectivity Standard
Gerardo Pardo-Castellote
 
Security in the cloud planning guide
Security in the cloud planning guideSecurity in the cloud planning guide
Security in the cloud planning guide
Yury Chemerkin
 
Data security in cloud
Data security in cloudData security in cloud
Data security in cloud
Interop
 
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
HyTrust
 
An Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT SystemsAn Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT Systems
Denim Group
 
Security concerns of cloud migration and its implications on cloud-enabled bu...
Security concerns of cloud migration and its implications on cloud-enabled bu...Security concerns of cloud migration and its implications on cloud-enabled bu...
Security concerns of cloud migration and its implications on cloud-enabled bu...
Adewole Shitta-bey
 

Ähnlich wie Cloud Security Keynote: Cloud-Mobile Convergence: IT's Next Horizon, CISO's Next Challenge (20)

Ccie security 01
Ccie security 01Ccie security 01
Ccie security 01
 
1212 cloud standardisation j friedrich
1212 cloud standardisation j friedrich1212 cloud standardisation j friedrich
1212 cloud standardisation j friedrich
 
Eyes Wide Shut: Cybersecurity Smoke & Mirrors...
Eyes Wide Shut: Cybersecurity Smoke & Mirrors...Eyes Wide Shut: Cybersecurity Smoke & Mirrors...
Eyes Wide Shut: Cybersecurity Smoke & Mirrors...
 
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
 
DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)
DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)
DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)
 
Industrial IOT Data Connectivity Standard
Industrial IOT Data Connectivity StandardIndustrial IOT Data Connectivity Standard
Industrial IOT Data Connectivity Standard
 
Curated Computing
Curated Computing Curated Computing
Curated Computing
 
Security in the cloud planning guide
Security in the cloud planning guideSecurity in the cloud planning guide
Security in the cloud planning guide
 
What is the future of cloud security linked in
What is the future of cloud security linked inWhat is the future of cloud security linked in
What is the future of cloud security linked in
 
Data security in cloud
Data security in cloudData security in cloud
Data security in cloud
 
Why physical security just isn’t enough, Sending the heavies into virtualized...
Why physical security just isn’t enough, Sending the heavies into virtualized...Why physical security just isn’t enough, Sending the heavies into virtualized...
Why physical security just isn’t enough, Sending the heavies into virtualized...
 
Sleeping well with cloud services
Sleeping well with cloud servicesSleeping well with cloud services
Sleeping well with cloud services
 
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
 
An Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT SystemsAn Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT Systems
 
Cloud computing for SMBs
Cloud computing for SMBsCloud computing for SMBs
Cloud computing for SMBs
 
EMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the CloudEMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the Cloud
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security ppt
 
Security and smart grid what you need to know john chowdhury 2012 final
Security and smart grid what you need to know john chowdhury 2012 finalSecurity and smart grid what you need to know john chowdhury 2012 final
Security and smart grid what you need to know john chowdhury 2012 final
 
Security concerns of cloud migration and its implications on cloud-enabled bu...
Security concerns of cloud migration and its implications on cloud-enabled bu...Security concerns of cloud migration and its implications on cloud-enabled bu...
Security concerns of cloud migration and its implications on cloud-enabled bu...
 
Cloud Computing Enables Consumer-Centered Healthcare
Cloud Computing Enables Consumer-Centered HealthcareCloud Computing Enables Consumer-Centered Healthcare
Cloud Computing Enables Consumer-Centered Healthcare
 

Mehr von Livingstone Advisory

Rob livingstone Canberra Cloud Security Conference Nov 2011
Rob livingstone Canberra Cloud Security Conference Nov 2011 Rob livingstone Canberra Cloud Security Conference Nov 2011
Rob livingstone Canberra Cloud Security Conference Nov 2011
Livingstone Advisory
 

Mehr von Livingstone Advisory (7)

How to setup and lead digital transformation capability (CIOs perspectives)
How to setup and lead digital transformation capability (CIOs perspectives)How to setup and lead digital transformation capability (CIOs perspectives)
How to setup and lead digital transformation capability (CIOs perspectives)
 
Best practices to mitigate data breach risk
Best practices to mitigate data breach riskBest practices to mitigate data breach risk
Best practices to mitigate data breach risk
 
Influence, Power, Integrity and your career in IT
Influence, Power, Integrity and your career in ITInfluence, Power, Integrity and your career in IT
Influence, Power, Integrity and your career in IT
 
Rob livingstone Canberra Cloud Security Conference Nov 2011
Rob livingstone Canberra Cloud Security Conference Nov 2011 Rob livingstone Canberra Cloud Security Conference Nov 2011
Rob livingstone Canberra Cloud Security Conference Nov 2011
 
Rob livingstone - Australian Payroll Association's Annual Conference May 2011
Rob livingstone - Australian Payroll Association's Annual Conference May 2011Rob livingstone - Australian Payroll Association's Annual Conference May 2011
Rob livingstone - Australian Payroll Association's Annual Conference May 2011
 
Australian Not-for-Profit CIO Forum March 2011 - Rob Livingstone
Australian Not-for-Profit CIO Forum March 2011 - Rob LivingstoneAustralian Not-for-Profit CIO Forum March 2011 - Rob Livingstone
Australian Not-for-Profit CIO Forum March 2011 - Rob Livingstone
 
Navigating through the cloud SPUSC 2011 -Rob Livingstone Keynote
Navigating through the cloud SPUSC 2011 -Rob Livingstone KeynoteNavigating through the cloud SPUSC 2011 -Rob Livingstone Keynote
Navigating through the cloud SPUSC 2011 -Rob Livingstone Keynote
 

Kürzlich hochgeladen

Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Kürzlich hochgeladen (20)

Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 

Cloud Security Keynote: Cloud-Mobile Convergence: IT's Next Horizon, CISO's Next Challenge

  • 1. Cloud Security Keynote: Cloud-Mobile Convergence: IT's Next Horizon, CISO's Next Challenge Presented by: Rob Livingstone Principal – Rob Livingstone Advisory Pty Ltd Fellow – University of Technology, Sydney
  • 2. What I will be covering 1. Exploring the real definition of Cloud 2. Scope of this presentation 3. Systemic vs. Technical risks 4. Hybrid Cloud is the reality 5. Adding in mobility 6. BYOD, or Bring your own Disaster? 7. Hybrid Cloud + Mobility + BYOD  Systemic Risk? 8. Standards? Which standards? 9. Orchestrating the transition
  • 3. 1. Exploring the real definition of Cloud The most sensible Definition of Cloud: “Forget your technical definition of the Cloud, ask your mom what the Cloud is…. …And what your mother will tell you about the Cloud is that it means it’s not on my computer.” Dave Asprey – Global VP, Cloud Security, Trend Micro ‘Navigating through the Cloud ‘ - Podcast Episode 23 rd May 2012
  • 4. 2. Scope of this presentation
  • 5. 2. Scope of this presentation • Mission critical, non-commodity, enterprise systems • Multi-year investment in a cloud solution • Shifting existing enterprise capability to Cloud, (or integrating) • Mid to large enterprise • High security, privacy and confidentiality needs • High governance loads and compliance environments • Low risk appetite / high failure penalty environments
  • 6. 3. Systemic vs. Technical Risk Systemic Risks • Taking a systemic view of risk will give you a better perspective of the actual risk, rather that what you think the risk might be • Systemic risks are those with the greatest potential impact as they affect the entire system (ie: Organisation, government, country, world…) • Case in Point: How is that the finance industry, which is one of the more regulated, and invests heavily in risk identification, mitigation and transference could be the cause of the current global financial problems? • Systemic risk for the enterprise is the silent killer and is often the hardest to identify as only a few have a complete, transparent and objective overview of the overall enterprise in sufficient detail. • Mitigation through approaches such as Enterprise Risk Management (ERM), origins in fraud, organisational governance, insurance, etc
  • 7. 3. Systemic vs. Technical Risk Technical (or functional) Risk • Identifying, categorising and ranking technical and functional risks is core to conventional IT risk assessment approaches: o Risk of a specific event = (Impact x Probability of that event occurring) + Risk Adjustment • Underpins conventional risk certification frameworks e.g. ISO 2700X • Certification does not necessarily equal security or effectiveness of your risk management model • Often focusing on the diverse range of technical risks, does not account for the interaction between risks. • Systemic risks are often more significant than the sum of the individual, technical risks
  • 8. 4. Hybrid Cloud is the reality Hybrid will be the dominant form in the enterprise “Within five years, it will be primarily deployed by enterprises working in a hybrid mode”. - Gartner Gartner "Predicts 2012: Cloud Computing Is Becoming a Reality” (Published: 8 December 2011 ID:G00226103)
  • 9. 4. Hybrid Cloud is the reality …. And with the Hybrid Cloud comes complexity…. le si mp is not m ste c o sy this e n g n a gi Ma
  • 10. 4. Hybrid Cloud is the reality …. As is the complexity….! • Orchestrating versioning, change control and rollback • Life expectancy alignments • Business Continuity • Identity Management • Due diligence • Forensics • BYOD • Mobility • Legislative / Jurisdictional • Contractual complexity ….. To name but a few
  • 11. 4. Hybrid Cloud is the reality …. And what about availability in the Hybrid Cloud? Availability of hybrid will be lower in a hybrid model due to the 'weakest link' effect in the cloud ecosystem
  • 12. 4. Hybrid Cloud is the reality Hybrid cloud can contribute to…. •Increased vulnerability due to its fragmented architecture and larger surface … •however if it is properly architected, risks largely eliminated by implementing measures such as… o Deploying effective policy based key management processes o Properly segmenting your public and private clouds o Encrypting each part of the hybrid Cloud with separate keys o … amongst other measures
  • 13. 5. Adding in Mobility Mobile Devices •Are powerful cloud access devices •Extend the perimeter of your cloud •Disperse the perimeter to your cloud Have the potential to increase the vulnerability •The compromising of one of these mobile devices could be significant and compromise your entire cloud. •Use policy based key management regimes for your data.
  • 14. 6. BYOD or Bring Your Own Disaster? BYOD stands for Bring Your Own Device, •Reflects the increasing demands of users and organisations of their own IT departments to be increasingly agile and responsive to their needs when it comes to iPads, tablets and other mobile devices. •Read the NIST Draft Guidelines http://csrc.nist.gov/publications/drafts/800- 124r1/draft_sp800-124-rev1.pdf
  • 15. 6. BYOD or Bring Your Own Disaster? BYOD requires management: •Deploy Mobile Device Management systems (Remote wipe, policy enforcement) •Introduce a non-porous Virtual Desktop environment - No data can flow between the Cloud system and the mobile device itself •Containerisation: • Segregates corporate from personal data and applications • Enforces encryption and prevention of data leakage between containers • Application / device specific therefore can be a challenge to expand across the entire mobile environment for all applications.
  • 16. 7 . Hybrid Cloud + Mobility + BYOD  Systemic Risk? Is the Systemic risk increased by the combination of: – Hybrid Cloud es ’ s ‘Y – Mobility w er i e a ns – BYOD? at t h t th ug ges d s o ul Iw
  • 17. 8. Standards? Which standards? Plethora of forums, industry groups and associations – Cloud Security Alliance – Cloud Standards Customer Council – Distributed Management Task Force (DMTF) – Cloud Management Working Group (CMWG) – The European Telecommunications Standards Institute (ETSI) – National Institute of Standards and Technology (NIST) – Open Grid Forum (OGF) – Object Management Group (OMG) – Open Cloud Consortium (OCC) – Organization for the Advancement of Structured Information Standards (OASIS) – Storage Networking Industry Association (SNIA) – The Open Group – Association for Retail Technology Standards (ARTS) – TM Forum’s Cloud Services Initiative Source: cloud-standards.org
  • 18. 8. Standards? Which standards? • Compliance standards were originally designed for on-premise IT systems and infrastructure that were relatively static • Auditing institutions are averse to cutting edge technologies • Is your organisation standards driven? – Compliance to Standards vs. Unimpeded Innovation based on principle of caveat emptor? • Regulators not providing much specific and concrete guidance on Cloud
  • 19. 9. Orchestrating the Transition Consider these 5 pointers:
  • 20. 9. Orchestrating the Transition #1: Adopt an integrated approach to function specific methodologies and technologies • Standardised, traditional methodologies within specific disciplines such as IT security, project management, audit, and information security, in and of themselves, are self limiting. • Each discipline and/or technology is only really effective when applied in a coordinated orchestration with the other key moving parts of the organisation  Harmonization of functionally specific methodologies and technologies unleashes value and eliminates waste
  • 21. 9. Orchestrating the Transition #2: Manage the conflicting messages • 24% of CEOs surveyed in the 2012 PWC CEO Survey expect ‘major change’. • The eighth annual KPMG 2012 Audit Institute Report identified “IT Risk and Emerging Technologies” as the second-highest concern for audit committees, which is unprecedented in the history of the report. • Cloud evangelists see cloud as imperative, others not  Develop an effective mechanism for interpreting these messages in the context of your business
  • 22. 9. Orchestrating the Transition #3: Actively identify, embrace and managing shadow IT “Shadow IT can create risks of data loss, corruption or misuse, and risks of inefficient and disconnected processes and information” – Gartner*  Embrace shadow IT, and define what and what is not eligible to be considered enterprise IT *CIO New Year's Resolutions, 2012 ID:G00227785)
  • 23. 9. Orchestrating the Transition #4: Identify systemic risks across the organisation • Systemic risks can kill your business  Ensure your executives and key decision makers are aware of long term, systemic risks  Consider implementing Enterprise Risk Management (ERM)
  • 24. 9. Orchestrating the Transition #5: Don’t gloss over complexity • Senior managers with functional responsibility over specific vertical silos of the organisation may underestimate the overall complexity of their own business as a whole. • From a functional perspective, specific methodologies exist to support specific activities.  Don’t believe that simple IT solutions can paper over underlying business complexity. Test assumptions if critical.
  • 25. Thank You Rob Livingstone Principal – Rob Livingstone Advisory Pty Ltd Fellow – University of Technology, Sydney www.rob-livingstone.com www.navigatingthroughthecloud.com