According to Forrester Research, the global cloud computing market is valued at an estimated $40.7 billion. In the future, this market is expected to grow exponentially, as companies accelerate their adoption of cloud computing.
It's clear that cloud computing is being widely adopted as a cost-effective strategy for deploying mission-critical applications within the enterprise. Yet, myths regarding privacy and security often cloud the decision-making process.
Join us for a Webcast that will explore the facts and fictions of cloud computing for the Office of Finance. In an effort to set the record straight, our distinguished panel of experts will dive into topics that include cloud security, risk management, and finance.
The panelists for this Webcast are:
Moderator: Russ Banham, Contributing Editor, CFO magazine
Dr. Lothar Determann, Partner, Baker & McKenzie LLP
John Hugo, Vice President and Corporate Controller, Life Time Fitness
Stan Swete, Chief Technology Officer, Workday
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
Securing the Office of Finance in the Cloud -- Separating Fact from Fiction
1. Securing the Office of Finance in the Cloud --
Separating Fact from Fiction
Dr. Lothar Determann
Partner, Baker & McKenzie LLP
John Hugo
Vice President and Corporate Controller, Life Time Fitness
Stan Swete
Chief Technology Officer, Workday
Moderated by: Russ Banham, Contributing Editor, CFO magazine
Thursday, April 12, 2012
2. Securing the Office of Finance in the Cloud --
Separating Fact from Fiction
According to Forrester Research, the global cloud
computing market is valued at an estimated $40.7 billion. In
the future, this market is expected to grow exponentially, as
companies accelerate their adoption of cloud computing.
It's clear that cloud computing is being widely adopted as a
cost-effective strategy for deploying mission-critical
applications within the enterprise. Yet, myths regarding
privacy and security often cloud the decision making
process.
3. About Workday
Workday is the leader in enterprise-class, Software-as-a-Service (SaaS)
solutions for managing global businesses, combining a lower cost of ownership
with an innovative approach to business applications.
Founded by PeopleSoft veterans Dave Duffield and Aneel Bhusri, Workday
delivers unified Human Capital Management, Payroll, and Financial
Management solutions designed for today's organizations and the way people
work. Delivered in the cloud leveraging a modern technology platform,
Workday offers a fresh alternative to legacy ERP.
More than 280 customers, spanning medium-sized organizations to Fortune 50
businesses, have selected Workday. Visit us at www.workday.com.
4. Myths About Cloud Security
• Myths about security, data
privacy with Cloud
Computing cloud decisions
• Entrusting data to specialized
service providers is not new
• Cloud computing does not
necessarily increase security
risks
5. On-premise vs. Cloud Security
• Whether personal data is safer on a system secured by
the data controller in-house or an external vendor
depends on security measures deployed by each
particular organization.
• Fact is that many organizations find it difficult to stay
in control over modern IT systems, whether they hire
service providers to provide IT infrastructure or
whether they host, operate, and maintain systems
themselves.
• It is important for customer and vendor to reach a
reasonable agreement about what level of security is
appropriate for particular types of data and who
should be doing what… for either type of provider.
6. Expansion of SaaS for B2B
Sales Force Automation
Payroll
Human Resources
Expense Management
Financials
Payments
7. Key Stakeholders
Comprehensive Evaluation
– IT
– Legal / Procurement
– Corporate Leadership
Look for vendors who:
– Have successful local & global
deployments
– Are able to respond in detail to
requirements
– Invest to keep abreast of regulatory
changes
8. Questions Regarding SaaS/Cloud
• Senior management and Board of Directors early concerns
included:
- Initially, “what is SaaS”?
- Followed by, “what is the “Cloud”?
- Are we comfortable operating our key financial systems this way?
• Business Review Meetings and Audit Committee of BOD quarterly
updates were
(and still are) provided, focusing on:
- Emphasis on maintaining strong internal controls
- Focus on security
- Physical and environmental security
- Data integrity
- Code and Logic security
• Reliance on SSAE 16 (formerly SAS 70) reports
• Reliance on success of management with prior company
9. Business Drivers & Benefits
• Initial interest was with Workday, with cloud an eventual “bonus”
• The off-premise concept, including integration management was
intriguing
• Access to all traditional ERP applications, without traditional
ERP arrangement
• Currently, Workday applications in the cloud:
- Human Capital Management, Expenses (reimbursement), Payroll [all live at least 2 years]
- Procurement, Supplier Accounts (AP), Banking [go live during 2012]
- Financials (GL), Customer Accounts (AR), Fixed Assets, Projects [go live during 2013]
• Cloud strategy supports our project requirements of:
- Increased efficiency (speed of system and business processes)
- Improved accuracy and reporting
- Lower overall cost
• Managing security and data privacy with third party vs. internal
- Ensure highest level of controls around cloud security (internal vs. external expertise)
- Cost – Benefit of internal controls maintenance internally vs. reliance on third party
- Zero tolerance for breach
11. Advice to Companies Evaluating
the Cloud
• Besides operational, functionality and pricing
considerations, consider:
– does the vendor's data security safeguards meet
legal requirements and match or exceed your own
standards?
– does the vendor give you what you need for your
own compliance program (information,
contractual commitments, EU 'adequacy')?
12. Is Cloud Computing Bad
for Security?
• No, not inherently. However, it must
be supported with a culture of
security, but this is not specific to
cloud computing.
• Using a cloud system doesn’t mean
you can shirk responsibility for the
security of your systems to vendors.
• Whether personal data is safer on a
system secured by you or your vendor
depends on who you and your vendor
are and on the security measures
deployed by each particular
organization.
13. Q&A
Dr. Lothar Determann
Partner, Baker & McKenzie LLP
John Hugo
Vice President and Corporate Controller, Life Time Fitness
Stan Swete
Chief Technology Officer, Workday
Moderator: Russ Banham, Contributing Editor, CFO magazine
Hinweis der Redaktion
If you are already connecting your workers using tools on the internet, then there is no differenceWhether you are saas or on-prem, the key is what are you doing to secure your system? There is no difference in terms of how you should approach security regardless of approach. Approach should be the same. What access are you giving people, what’s your firewall look likeNot an issue between saas and on-prem. How you secure any system in an internet enabled world
Where has saas grown up?Payroll – highly sensitiveSales forecast data – sensitive to businessHr – major adoption occurred here, super privateAll of it is incredibly sensitive – financials no differentNone stands head and shoulders above the others
Compehensive – accounting, it, legal, marketing (business, legal, technical – not just technical)Vendors have experienceDepthBreadthMaturityLocal & globalLegal ramificationsOngoing Changing regulationsHave succ
Seed questionAny areas where security can be stronger with SaaS than with on-premise?