pwc presentation at seminar qs solutions march 25

Cloud, the organizational change!

1

March, 25th, Amersfoort

Wim Hutten, partner [email protected]

mailto:[email protected]

PwC

Cloud life cycle, from a user’s perspective

Cloudificating the market

2

Select

Discover Operate

Leverage

PwC

Shifting from Technology to Business


3

Platform as a Service (PaaS)

X-as a Service

Software as a Service (SaaS)

Infrastructure as a Service(IaaS)

Save Money

CIO/CFO

1. Enabling Cloud Infrastructure

Run Better

COO/PO

2. Transforming Business

Operations

Make Money

CEO

3. Monetizing Differentiated

Services

Extend Reach

CMO

4. Energizing Channels &

Communities

Be Agile

What Cloud Is What Cloud Means For Business

B2ITAlignment/Digital Transformation

PwC

What motivates to move to the Cloud?


4

Cost Reduction (SaaS for Support Processes)

Infrastructure Scalability

Strengthen the Position of IT (competence center)

Business Continuity Management

Upcoming Large Investments

Replacement of Legacy Systems / Standardization

Mergers & Acquisitions

Next Generation Workplace

Extended Workbench

CIO Prestige / Me-Too

Collaboration / Knowledge-Sharing

Private Equity Carve Out

PwC

Cloud life cycle, from a user’s perspective


5

Phase Activities Results Benefits

• Potential Analysis• Economic Analysis• Stakeholder /Readiness Analysis• Requirement Analysis

• Cloud Use Cases• Business Case• Status Determination• Requirement Specification

• Adequacy• Certainty• Orientation• Accuracy

• Tendering• Provider Screening (Market

Analysis)• Provider Selection• Contracting (e.g. Privacy)

• Request for Proposal (RfP)• Provider Short-List• Affiliate• Service Level Agreement (SLA)

• Traceability• Focus• Reliability• Efficiency

• Test Preparation & Implementation• Migration Preparation & Assistance• Change & Communication

Analysis• Tax Optimization

• Test Plan, Test Cases, Test Results• Concept on Migration &

Documentation• Change Program, Communication Plan• Tax Optimization Concept

• Operability• Regularity• Sustainability• Efficiency

• Post-Implementation Review• Security Penetration Testing• IA Support (Provider/User)• Dispute Handling

• Goal Attainment Evaluation• Vulnerabilities• Audit Report• Mediation or Assessment

• Certainty• Transparency• Dependability• Neutrality

Deployment (Cloud users)

Discover

Leverage

Operate

Select

PwC

Cloud life cycle, from a supplier’s perspective


6

Delivery (Cloud Providers)

Phase Activities Results Benefits

• Efficiency Analysis• Readiness Analysis• Transformation Strategy• Transaction Consulting

• Business Case• Status Determination• Cloud Business Model• Targeting, Pricing, Negotiation,

Integration

• Planning Security• Orientation• Sustainability• Reliability

• SLA & Privacy Statements Analysis

• E-Invoicing, E-Archive• Software Revenue Recognition• License Auditing

• Legal Statement• Transposition Concept• Revenue Recognition due to US-GAAP• List & Evaluation of License Violations

• Certainty• Compliance• Reliability• Neutrality

• Service Assurance• Software Certification• Data Privacy Seal

• Report (ISAE3402, SOC1-3)• Attestation• Certificate (EuroPriSe)

• Compliance• Regularity• Conformity to

Law

• Security Penetration Testing• Dispute Handling• Dashboard

• Security Flaws• Mediation or Assessment• KPI Cockpit

• Transparency• Neutrality• Governance

Business & Strategy

Software & Services

Sales & Revenue

Fulfillment

PwC 7

augustus 2011

PwCDigitalisering

8

2012

PwCDigitalisering

9

2012

PwCDigitalisering

10

2012

PwCDigitalisering

11

2012

PwC

Our PwC “Go4Cloud Services”

1. Readiness4CloudCompany individual determination of the actual situation involving all necessary strategic, financial, operational, tax, legal and compliance aspects for a fluent project progression before or after entering the cloud.

2. Contracting4CloudContractually safeguard services through managing outsourcing relationships with special consideration of Cloud Computing specifics (such as specific performance requirements together with the situation of data privacy and license rights) as a premise for successful collaboration.

3. DataPrivacy4CloudProtect data in terms of laws through analysis, assessment and certification of organizational and technical precautionary measures (e.g. in the context of the EuroPriSe catalogue).

4. Security4Cloud More security from the beginning through risk- and threat analysis, creation and audit of safety concepts or supporting planned safety measures together with execution of security tests to identify and fix security flaws.

5. Certification4CloudCreating trust through voluntary or mandatory certification for cloud services and cloud software solutions (e.g. Software as a Service) with or without relation to financial reporting according to defined, internationally accepted standards.

12

https://www.european-privacy-seal.eu/

https://www.european-privacy-seal.eu/

PwC

Readiness4Cloud: an overview


13

Strong reporting tool and model:

PwC

Protecting information……IT strategy & IT organisation

• Identify which strategic business objectives can be supported or accelerated by cloud computing.

• Adapt the IT strategy and/or the IT goals.

• Define the level of security that cloud services must achieve.

• Establish clear principles (Private vs. Public Cloud).

• Update your risk management with regard to the use of services.

• Define clear responsibilities, including responsibilities:

o between business and IT,o to service providers,o between different service providers.

• Define a similar reporting structure to enable reports from different internal and external stakeholders to be comparable.

• Adjust security concepts or develop new security concepts for new technologies.

• Create awareness of the opportunities and risks.


14

Cloud Computing isn’t a goal in itself Responsibility cannot be outsourced

PwC

Protecting information……IT processes & IT technology

• Adjust the internal controls or develop new control mechanisms.

• Adjust the demand and supply processes, including

o Provisioning,o De-provisioning,o Administration,o Billing.

• Integrate license and supplier management in the IT processes.

• Define the type and frequency of monitoring.

• Consider the information security aspects already during the design of a service or during the service or provider selection.

• Test the interoperability of the various Cloud services in relation to a possible switch in provider.

• Please note that in a chain of services the overall availability will decrease with each additional service.

• The closer the protective measures are to the data they are protecting, the sooner confidentiality and integrity is assured.


15

Cloud computing is not limited to IT technologies

New technologies pose new risks

PwC

Cloud, the transformational change

• Cloud life cycle

• Shift from technology to business, endures

• Motivation from a users and a providers perspective

• Data privacy, Compliance and Information Security on top of mind

• Readiness, Risk, Controls and Assurance

16

augustus 2011