Date post: | 17-May-2015 |
Category: |
Technology |
Upload: | kpmg-internet-protection-services |
View: | 303 times |
Download: | 0 times |
Orchestrating the
New Paradigm
Master class
Cloud Computing
Utrecht – 27 Juni 2011
John Hermans
1© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a Swiss entity. All rights reserved.
KPMG and the KPMG logo are registered trademarks of KPMG International Cooperative (―KPMG International‖), a Swiss entity.
Today’s Cloud Marketplace Perspectives
Gartner
Gartner estimates that global spending
on cloud services will hit $68 billion
this year, a gain of 16% over 2009,
which is more than triple the expected
growth rate for total IT spending.
CFO Magazine, December 2010
Savvis
70 percent of IT decision makers
are using or planning to use
cloud computing in their own
enterprises within 24 months.
Windows IT Pro Magazine,
February 1, 2011
China
China is going to see a cloud computing
market worth over RMB60 billion [~$9.1
Billion USD] in 2012.
News Track Daily, January 20, 2011
Microsoft
―For the cloud we are all in!‖ – Steve
Ballmer (CEO)
March, 2010
2© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a Swiss entity. All rights reserved.
KPMG and the KPMG logo are registered trademarks of KPMG International Cooperative (―KPMG International‖), a Swiss entity.
Understanding the Cloud Environment
Internet-based data
access & exchange
Internet-based access to low cost
computing & applications+Cloud
Environment =
On-Demand Self-Service
Internet Accessibility
Pooled Resources
Elastic Capacity
Usage-Based Billing
Cloud Environment
Characteristics:
Cloud Service Models
Software
as a Service
Business operations
over a network
Google Docs,
Salesforce.com
Platform
as a Service
Deploy customer-
created applications to
a cloud
MS Azure, Amazon
Web Services
Infrastructure
as a Service
Rent storage,
processing, network
and other computing
resources
Mozy, Rackspace
Cloud Deployment Models
Private Operated for a single organization
PublicAvailable to the general public or large industry group, owned by an organization selling cloud services
Community Shared by several organizations, supporting a specific community
“SaaS” “PaaS” “IaaS”
Discussion Topics
1. Cloud: A Game Changer
2. Cloud‘s Impact on Business
3. Cloud‘s Impact on IT
4. Impact of Cloud on Business Operations
Appendix: Understanding the Cloud
Environment
4Impact of Cloud on IT© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a Swiss
entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International Cooperative (―KPMG
International‖), a Swiss entity.
Cloud: A Game Changer Looking for Business
Leadership
The question is, how can you transform your business to
take advantage of this fundamental disruption?
Cloud virtualizes IT—but it transforms
business.
The Cloud conversation usually starts with IT.
The problem is, it often ends there, too.
It‘s easy to focus on how moving to the Cloud
helps a business cut costs, but it also creates
opportunities.
Cloud is in fact one of the most
disruptive forces in business in
20 years.
5Impact of Cloud on IT© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a Swiss
entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International Cooperative (―KPMG
International‖), a Swiss entity.
Not Just Cheaper, Better, Faster—
Cloud Enables Innovation
The Cloud has already changed how you work
and with whom you compete.
By virtualizing processes, the Cloud creates
new opportunities and business models.
By shattering barriers to entry, the Cloud
creates new competition. It gives ―two- guys-in-
a-garage‖ the scalability and infrastructure
access of an established player.
Being in the Cloud is quickly shifting from a competitive
advantage to an operational necessity.
6Impact of Cloud on IT© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a Swiss
entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International Cooperative (―KPMG
International‖), a Swiss entity.
Too Late to Wait Leaders are using the Cloud to improve business performance and increase shareholder value, not just cut costs.
How can you join them?
The Right CEO Questions to Ask:
How can Cloud help solve business
issues?
Where should you start your journey
towards Cloud?
Which Cloud models have the greatest
potential for improving your business?
What are the inhibitors for Cloud and how
do you mitigate risks?
Discussion Topics
1. Cloud: A Game Changer
2. Cloud‘s Impact on Business
3. Cloud‘s Impact on IT
4. Impact of Cloud on Business Operations
Appendix: Understanding the Cloud
Environment
8© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a Swiss entity. All rights reserved.
KPMG and the KPMG logo are registered trademarks of KPMG International Cooperative (―KPMG International‖), a Swiss entity.
Cloud Impact on Business
Virtualized Business Models to drive…
Opportunities to Leverage Commoditized Enterprise
Applications and Economies of Scale
Virtualized Technology
Virtualized ProcessesVirtualized
Organization
Internet-based data access &
exchange
Internet-based access to low cost computing &
applications+Cloud
Environment =
Increased Agility Greater Flexibility Faster Results Reduced Cost
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a
Swiss entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International
Cooperative (―KPMG International‖), a Swiss entity.
Increased Agility
Greater Flexibility
Faster Results
Reduced Cost
Business Benefits of Cloud
Cloud provides businesses increased agility and greater flexibility, yielding faster results at a reduced cost.
Rapidly respond to changing market conditions or needs
More options in combining people, process, and technology to deliver economic value
Faster time-to-value in achieving results that support more iterative solution design and delivery strategies
Lower total cost to deploy new solutions or to achieve new capability levels
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a
Swiss entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International
Cooperative (―KPMG International‖), a Swiss entity.
Increased Agility
Cloud provides a business with increased agility to rapidly respond to changing market conditions or needs.
Business Responsiveness
Respond faster to gaps or deficiencies in capabilities
Increase speed in rolling out new offerings internally
Speed business innovation to the marketplace
IT Resource Availability
Reduce dependence on IT function to deliver new
capabilities
Rapidly provision computer & engineering resources
Scale to support the needs of business innovation
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a
Swiss entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International
Cooperative (―KPMG International‖), a Swiss entity.
Unprecedented Flexibility to
Fill Gaps
Technology
People Process
Greater Flexibility
Cloud provides unprecedented flexibility and more options in combining people, process, and technology to
delivery economic value.
People
Makes virtual resources available internally
and externally
Offers ability to combine best-in-class
service providers (logistics, payroll, engineering, etc.)
Process
Provides access to providers of leading
practice process and service
Allows companies to leverage the
process improvements of a larger
user community
Technology
Enables organization to source an array
of IT capabilities (SaaS, IaaS, PaaS)
Offers IT resources on demand
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a
Swiss entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International
Cooperative (―KPMG International‖), a Swiss entity.
Faster Results
Our experience demonstrates that Cloud provides faster time-to-value, supporting more iterative solution
deployments
Allows organizations to be more
experimental in delivering new
capabilities without significant
investment of time and money
Allows technology deployments
to be more iterative, delivering
incremental value to the organization
faster
Often eliminates technology
provisioning all together and significantly
reduces time to configure
4 to 6 Months 4 to 6 Months 4 to 6 Months
ROI ROI ROI
Cloud Enabled Solution Deployment
Scope Design Test Accept
Go Live
18 to 36 Months
ROI
Traditional Solution Deployment
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a
Swiss entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International
Cooperative (―KPMG International‖), a Swiss entity.
Reduced Cost
In many instances, Cloud provides a lower total cost to deploy new solutions and to achieve new capability
levels
Software
Hardware
Hosting
Operations
Support
Possible 40% - 60% Reduction in TCO
Traditional
Deployment
Public Cloud
Enabled
Deployment
Lower upfront cost
May allow switch from fixed cost to
variable cost
May reduce total cost of ownership
Limits capital outlay to ―activate‖ a service
Provides ability to scale usage and
related costs as warranted
Cloud Model
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a
Swiss entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International
Cooperative (―KPMG International‖), a Swiss entity.
© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member
firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‗KPMG
International‘), a Swiss entity. All rights reserved.
14
KPMG Survey May 2010
Conducted in the Netherlands – 120 CIOs/CISOs participated
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a
Swiss entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International
Cooperative (―KPMG International‖), a Swiss entity.
© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member
firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‗KPMG
International‘), a Swiss entity. All rights reserved.
Cloud into perspective: cloud computing is both marginal and significant
• Marginality of the cloud
• Europe < 5 percent of total IT spending
• US: 60 percent of total IT spending
• Significance of the cloud
• Growth of commercial cloud services 20 to
30 percent per year (2010-2015)
• Move towards centralization and
commoditization of IT
15
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a
Swiss entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International
Cooperative (―KPMG International‖), a Swiss entity.
Cloud Can Be Implemented in Multiple Ways
Cloud can be delivered
through a variety of service
and deployment models
(i.e., SaaS, Public, Private)
It is often provided through a
hybrid of these options.
Community
Cloud
Public
Cloud
Private
Cloud
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a
Swiss entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International
Cooperative (―KPMG International‖), a Swiss entity.
Where Do Most Organizations Begin?
Most organizations are investing in Software as a Service in both Public and Community deployment models
as well as investing in Private Clouds.
Software as a Service in the Public Cloud is a model for delivering cloud technologies to support specific business services over the Internet
Community Cloud brings together private networks with external partners to enhance the entire value chain across businesses, suppliers, and customers
Private Cloud extends existing internal efforts to virtualize IT by enabling the delivery of IT as a Service, going further in reducing long-term operational costs than just traditional virtualization. Infrastructure as a Service models are often core aspects of a private cloud.
Community Cloud brings together private
networks with external partners to enhance
the entire value chain across businesses,
suppliers, and customers
Community
Cloud
Public
CloudPrivate
Cloud
18© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a Swiss entity. All rights reserved.
KPMG and the KPMG logo are registered trademarks of KPMG International Cooperative (―KPMG International‖), a Swiss entity.
Community and SaaS – Maximizing the Benefit
Community ModelSaaS Model
in Public ModelPrivate Model
?
?
Increased Agility
Greater Flexibility
Faster Results
Reduced Cost
While all Cloud models deliver on the promise of agility and flexibility faster and cheaper, Private Clouds
pose short-term speed and cost considerations, especially when they are internally hosted. Use of IaaS
offerings (internally and externally) can mitigate cost and speed issues, but organizations must balance
those gains with the data privacy/security risks they are willing to take.
19© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a Swiss entity. All rights reserved.
KPMG and the KPMG logo are registered trademarks of KPMG International Cooperative (―KPMG International‖), a Swiss entity.
Community Cloud
Collaboration: Allows organizations to leverage and access services used by other participating organizations creating unprecedented synergies.
Common Standards: Allows related companies to share common IT capabilities such as data services, security services, and testing services.
Extended Organization: Supports processes and solutions that span multiple business partners including suppliers, providers, and customers.
Flexibility: Offers shared investment and setup costs and the ability to work with trusted suppliers who are part of the community.
Faster Time-to-Market: Speeds innovation as all organizations benefit from advances made by others in the cloud.
Community Cloud
Brings together private networks with
external partners
Enhances the entire value chain
across businesses, suppliers, and
customers
Community clouds allow businesses with common interests to leverage shared services to support new
business models offering the greatest potential for transformational impact.
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a
Swiss entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International
Cooperative (―KPMG International‖), a Swiss entity.
Community Cloud (continued)
As an example, Community Clouds allow companies to synchronize business processes across multiple
tiers of business partners
Supplier Manufacturer Distributor Retailer
Su
gg
este
d O
rde
rs
Rep
len
ish
men
t P
lan
s
Ord
er
Com
mits
Sh
ipp
ing
In
form
atio
n
Lo
ad
In
form
atio
n
Rep
len
ish
men
t P
lan
s
Rep
len
ish
men
t O
rde
rs
Ord
er
Com
mits
Rep
len
ish
men
t S
ch
ed
ule
Rep
len
ish
men
t P
lan
s
Sh
ipp
ing
In
form
atio
n
Lo
ad
In
form
atio
n
PO
S In
form
atio
n
Inve
nto
ry P
ositio
ns
Inve
nto
ry P
ositio
ns
Inve
nto
ry P
ositio
ns
Inve
nto
ry P
ositio
ns
Rece
ipts
Rece
ipts
Rece
ipts
Rep
len
ish
men
t S
ch
ed
ule
Collaborative Forecasting
Point of Sale Based Replenishment
Order Management
Forecast-based Replenishment
Procure to Pay Processes
New Product Introduction
Transportation Management
Vendor Managed Inventory
Buy / Sell Procurement
Collaborative Design
Community Cloud Platform
21© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a Swiss entity. All rights reserved.
KPMG and the KPMG logo are registered trademarks of KPMG International Cooperative (―KPMG International‖), a Swiss entity.
Software as a Service (SaaS)
Best Practices: Offers opportunity to leverage best practice processes and technologies in use across the organization‘s industry.
Time and Cost Savings: Saves time and costs compared with traditional client server model that deploys software on internal infrastructure
Scalability and Elasticity: Allows access to IT solutions from best-in-class providers quickly and as needed
Flexibility: Enables faster change management cycles and access to technology advances made by the solution provider.
Faster and Better: Offers security and functionality at lower costs and with faster results
Software as a Service
Delivery of specific business services
over a network, most commonly the
Internet
The applications are accessible from
various client devices through web
browsers.
SaaS speeds up the realization of business benefit of IT solutions at lower up-front costs.
22© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a Swiss entity. All rights reserved.
KPMG and the KPMG logo are registered trademarks of KPMG International Cooperative (―KPMG International‖), a Swiss entity.
Community
Cloud
Public
Cloud
Private
Cloud
Private Cloud
Convenience: Offers a way to deliver internal applications through a thin customer web interface providing an internal Software as a Service capability
Control: Provides those with data sensitivity concerns with the most control and least risk of any of the cloud options
Minimum Risk: Provides the benefits of accessing IT as a service while minimizing the risks associated with using public cloud solutions
Expensive: Requires high initial set-up investments, but long term operational costs may be less.
Infrastructure as a Service: IaaS tends to be the primarily service model used in private deployment models (over PaaS and SaaS) because it is a natural evolution of virtualization of IT infrastructure
Private Cloud
Extends existing internal efforts to
virtualize IT by enabling the delivery of
IT as a Service,
Enables reduction in long-term
operational costs
Private clouds reduce operational costs through virtualization and delivery of IT as a service. They are currently popular due to regulatory, data security/privacy, and performance concerns.
Discussion Topics
1. Cloud: A Game Changer
2. Cloud‘s Impact on Business
3. Cloud‘s Impact on IT
4. Impact of Cloud on Business Operations
Appendix: Understanding the Cloud
Environment
24Impact of Cloud on IT© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a Swiss
entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International Cooperative (―KPMG
International‖), a Swiss entity.
Too Late to Wait
Too Late to Wait
Leaders are using the Cloud to improve
business performance, not just cut costs.
How can you join them?
The Right CIO Questions to Ask Now:
How will the adoption of Cloud within my
enterprise impact our IT delivery
capabilities?
How do I transform my IT organization to
effectively support Cloud enabled business
models?
25© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a Swiss
entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International Cooperative (―KPMG
International‖), a Swiss entity.
Increasingly, CIOs are shedding the support persona and
taking a seat at the strategy table.
Cloud forces IT organizations to evolve from a
traditional services provider model to a highly agile
services integrator model. The results?
Those who resist are seeing their business leaders
move to the Cloud on their own.
Leaders are focused on enhancing internal capabilities
and integrating multiple IT service offerings from
internal and external providers.
Vendor management, IT governance, and information
architectures are critical.
Rethinking their enterprise architectures to leverage the value cloud can bring to key business processes
IT Leaders Are Responding
Now
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a
Swiss entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International
Cooperative (―KPMG International‖), a Swiss entity.
© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member
firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‗KPMG
International‘), a Swiss entity. All rights reserved.
Cloud Computing is here to stay !
26
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a
Swiss entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International
Cooperative (―KPMG International‖), a Swiss entity.
© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member
firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‗KPMG
International‘), a Swiss entity. All rights reserved.
The hybrid environment as new paradigm
• On premise IT, serviced by
local, ―own‖ organization
• Outsourced IT, serviced by
limited number of outsourcing
partners
• IT in the Cloud, services by
growing numbers of cloud
service providers
Users
Organization
Hardware, software + data
Managed hosting
Private-External
Hardware, software + data
Third-Party Vendor (Multi-Tenant)
Public
Hardware, software + data
Internal Data Center
Private
Organizations Internal IT Service providerService provider
Internet
or LAN
Services
Users
Other Cloud
Customers
Internet
Hardware, software + data
Service provider
Combined Public + Private Cloud
Hybrid
27
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a
Swiss entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International
Cooperative (―KPMG International‖), a Swiss entity.
IT Risk Management• Risk identification and
analysis across
different CSPs
• Risk library
• Vendor/CSP Audits
IT Finance
Management• Business case
• Service Costing and
Chargeback
• SLA penalty-bonus
calculation
IT ―Service Integrator‖ Model: ability to ―Orchestrate‖
Successful adoption of a Cloud delivery model depends on an organization’s ability to establish a robust
Enterprise IT Service Integration model.
Vendor
Manager
IT Risk
Manager
Service
Owner
Rackspace
Amazon Web Services
Internal IT
Organization
(retained IT Services)
Service Ownership:• Single Point of Contact
with the Cloud Service
Providers (CSP) & IT
• Demand Capture
• Services Standards
• Service Level
Monitoring
Vendor Management:• Vendor certification
• Contract Negotiations
IT Finance
Manager
The Business
Discussion Topics
1. Cloud: A Game Changer
2. Cloud‘s Impact on Business
3. Cloud‘s Impact on IT
4. Impact of Cloud on Business Operations
Appendix: Understanding the Cloud
Environment
30Impact of Cloud on IT© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a Swiss
entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International Cooperative (―KPMG
International‖), a Swiss entity.
Too Late to Wait Leaders are using the Cloud to
improve business performance,
not just cut costs.
How can you join them?
The Right COO / CRO Questions to Ask
Now?
Does adopting cloud impact my financial
processes?
What are the tax implications of adopting
cloud?
How will I control and manage my data?
How do I manage cloud related security
and privacy risks?
How do I still comply with regulations while
sending my data to cloud providers?
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a
Swiss entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International
Cooperative (―KPMG International‖), a Swiss entity.
© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member
firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‗KPMG
International‘), a Swiss entity. All rights reserved.
Considerations
Dependency of the cloud
• External data storage and processing
• Sharing of IT resources (multi tenancy)
• Dependency on the public internet
Complexity of the hybrid environment
• Multiple concepts regarding:
• Data management
• Contracts
• Technology
Assurance
• Complexity to ensure compliance
• Lack of industry standards and certifications for
cloud providers (ISAE3400 / ISAE3000)
• Emerging government schemes like FEDRAMP
Financial
Vendor
Security
Business
Risks
Regulatory
ComplianceTechnology
Operational
31
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a
Swiss entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International
Cooperative (―KPMG International‖), a Swiss entity.
© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member
firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‗KPMG
International‘), a Swiss entity. All rights reserved.
Risk and security is seen as major concern for cloud adoption
32
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a
Swiss entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International
Cooperative (―KPMG International‖), a Swiss entity.
© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member
firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‗KPMG
International‘), a Swiss entity. All rights reserved.
Dimensions of Risk
Operating in a cloud environment presents risks in six key dimensions
Financial
Underestimated start-up costs
Exit costs
Contract complexity
Run-away variable costs
Financial
Vendor
Security
Business
Risks
Regulatory
ComplianceTechnology
Operational
Security
Data segregation, isolation, encryption
Information security
Identity and access management
Intellectual property protection
Vendor
Vendor lock-in
Service provider reliance
Performance failure
Vendor governance
Regulatory Compliance
Complexity to ensure compliance
Lack of industry standards and certifications
for cloud providers
Records management / records retention
Regulatory change control, reliant on vendor
timeliness
Data privacy
Operational
Business Resiliency/Disaster
Recovery
Service reliability and uptime
SLA Compliance
Technology
Cross-vendor compatibility
Proprietary lock-in
Customization limitations
Inadequate change control capabilities
Technical security risks
33
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a
Swiss entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International
Cooperative (―KPMG International‖), a Swiss entity.
Key Risks & Challenges in Adopting Cloud
Cloud adoption requires a careful examination of the potential operational risks and challenges in addition to
the technology questions.
Financial Management and Tax
Movement from CapEx to OpEx model impacts existing budgeting, forecasting, and reporting processes
CapEx to OpEx model and changes in the character and source of service impacts tax considerations
Outdated tax laws and regulations create uncertainty when characterizing the various cloud transactions
Cloud ROI and cost/benefit analysis are complicated by need for knowledge of existing cost of delivery and future use of service
Data may be stored in cloud (1) without proper customer segregation allowing possible accidental or malicious disclosure to third parties
and/or (2) in a legal jurisdiction where the rights of data subject are not protected
Loss of governance of critical areas, e.g., vulnerability management, infrastructure hardening, or physical security
Weak logical access controls due to cloud vendor‘s IAM immaturity
Cloud adoption introduces rapid change in the organization
Cloud sourcing may impact existing organizational roles and could require new skills or make others redundant
Business resiliency/disaster recovery needs and plans will change and require updating
Security and Privacy
Operational
Regulatory and Compliance
Vendor Management
Data & Technology
• Lack of clarity of ownership responsibilities between cloud vendor and user company• No prevalent standards for vendor interoperability• Extensive reliance on CSPs
Lack of visibility into the Cloud Service Providers (CSPs) operations inhibits analysis of its compliance with pertinent laws and
regulations
Complexity of records management/records retention creates challenges
Lack of industry standards and certifications for cloud providers creates risks
Risk of creating independent silos of information perpetuate the problem of data integrity, quality, and insight
Business can bypass the IT function to implement technology solutions, posing challenges for IT governance
Cloud delivery models dramatically change how IT delivers technology services to support business requirements
Cloud adoption opens the four Data Center walls to external IT Services providers, creating new risks
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a
Swiss entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International
Cooperative (―KPMG International‖), a Swiss entity.
© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member
firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‗KPMG
International‘), a Swiss entity. All rights reserved.
To conclude
Orchestration of the hybrid environment is a critical success factor
35
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a
Swiss entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International
Cooperative (―KPMG International‖), a Swiss entity.
© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member
firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‗KPMG
International‘), a Swiss entity. All rights reserved.
Key messages
36
APPENDIX
UNDERSTANDING THE CLOUD
ENVIRONMENT
38© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a Swiss entity. All rights reserved.
KPMG and the KPMG logo are registered trademarks of KPMG International Cooperative (―KPMG International‖), a Swiss entity.
Understanding the Cloud Environment
Internet-based data
access & exchange
Internet-based access to low cost
computing & applications+Cloud
Environment =
On-Demand Self-Service
Internet Accessibility
Pooled Resources
Elastic Capacity
Usage-Based Billing
Cloud Environment
Characteristics:
Cloud Service Models
Software
as a Service
Business operations
over a network
Google Docs,
Salesforce.com
Platform
as a Service
Deploy customer-
created applications to
a cloud
MS Azure, Amazon
Web Services
Infrastructure
as a Service
Rent storage,
processing, network
and other computing
resources
Mozy, Rackspace
Cloud Deployment Models
Private Operated for a single organization
PublicAvailable to the general public or large industry group, owned by an organization selling cloud services
Community Shared by several organizations, supporting a specific community
“SaaS” “PaaS” “IaaS”
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a
Swiss entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International
Cooperative (―KPMG International‖), a Swiss entity.
Understanding the Cloud Service Models
Infrastructure
as a
Service
Software as a
Service
Platform as a
Service
Less End User
Management
Less End User
Management
More End User
Control
More End User
Control
Description
Provider applications are accessible through a thin client interface
such as a web browser
Provider manages/controls the infrastructure including network,
servers, operating systems, storage, or individual application
capabilities
E.g., Google Apps, MS Office Live, Netsuite, Salesforce
Provider offers quick deployment of computing resources such
as processing, storage, and network
Developers can write applications that run on the cloud
E.g., Amazon.com, Rackspace, Terremark, IBM
Enables customer to deploy onto the cloud infrastructure
consumer-created or acquired applications created using
programming languages/tools supported by the provider.
Consumer does not manage/control cloud infrastructure but
has control over deployed applications and possibly application
hosting.
E.g., Windows Azure, Force.com, Google App Engine
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a
Swiss entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International
Cooperative (―KPMG International‖), a Swiss entity.
Understanding the Cloud Deployment Models
Each service model can be deployed leveraging several different deployment models: Private, Public, or
Community
Private Cloud: A ―closed‖ environment
for a single organization hosted internally
or by a third party
Allows an organization to act like a cloud
provider internally
Provides organization the flexibility to
rapidly scale internal IT resources
Provides organization with full control
over data
Often requires high initial investment
but helps reduce long term costs
Offers elastic capacity
May exist on or off premise
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a
Swiss entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International
Cooperative (―KPMG International‖), a Swiss entity.
Understanding the Cloud Deployment Models (continued)
Public Cloud: Infrastructure is owned by a cloud
services provider, which makes it available to
the general public or a large industry group
Uses pay-as-you-go, utility pricing
Provides high agility and speed-to-market
Less upfront cost
May allow switch from fixed costs to variable costs
Offers less customer control over data and
service levels
Provides the opportunity to leverage the leading
practices of an industry vertical or functional
area
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a
Swiss entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International
Cooperative (―KPMG International‖), a Swiss entity.
Understanding the Cloud Deployment Models (continued)
Community Cloud: Infrastructure is shared by
several organizations with common interests—
offering potentially the greatest
transformational value of any of the Cloud
deployment models.
Supports organizations with common
interests such as supply chain, mission,
security requirements, policy, or
compliance considerations
Often defined by industry, supply chains,
or geography
Supports the emergence of new business models
and working relationships
May be managed by the community or a
third party
May exist on or off premise
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a
Swiss entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International
Cooperative (―KPMG International‖), a Swiss entity.
© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member
firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‗KPMG
International‘), a Swiss entity. All rights reserved.
KPMG Key Contact Details
John Hermans
Partner
KPMG Advisory N.V.
Tel: +31 6 51 366 389
Email: [email protected]
43
© 2011 KPMG Advisory N.V., registered with the trade register in the
Netherlands under number 33263682, is a subsidiary of KPMG Europe
LLP and a member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (‗KPMG
International‘), a Swiss entity. All rights reserved. Printed in the
Netherlands. The KPMG name, logo and ‗cutting through complexity‘
are registered trademarks of KPMG International Cooperative.
The KPMG name, logo and ‗cutting through complexity‘ are registered
trademarks or trademarks of KPMG International Cooperative (KPMG
International).