SlideShare una empresa de Scribd logo

Cloud Security: Bringing CLARITY to Common Myths and Misconceptions

CLARITY es by Sutherland Global Services, Inc.
CLARITY es by Sutherland Global Services, Inc.

Want to get some CLARITY on common myths and misconceptions about Cloud ERP system? Read this whitepaper to find out what really is and isn’t a security issue in the Cloud. Who should read this–CEOs, CFOs, CIOs and Finance & Accounting and Info Tech executives and managers considering a new ERP system, especially one in the Cloud Top 3 things you’ll learn: 1. What the top myths and misconceptions are of Cloud security 2. The top 10 questions you should ask your potential Cloud ERP provider 3. What the value proposition is of combining a Cloud-based ERP with finance & accounting outsourcing services

1 de 11
Descargar para leer sin conexión
    Finance  and  Accounting  Services     Cloud  Security:   Bringing  CLARITY  to  Common  Myths  and  Misconceptions     Table  of  Contents     Introduction             2   The  Rise  of  Cloud  Computing             3   Physical  Location           4   Transmission             4   Access  Security             5   Security  From  Disaster           6   The  New  Reality  of  Cloud  ERP  Solutions       6   Security  Checklist           7   CLARITY  es:  Cloud-­‐Hosted  –Microsoft  Powered                             8   Sutherland  Global–A  Practical  Overview                              10   Contact  Information                                                            10     About  Sutherland  Global  Services                              11             Authors:   Dan  McCue,  Senior  Vice  President,  Finance  &  Accounting,  Sutherland  Global  Services   Bill  Burke,  CEO,  Merit  Solutions   Cloud  Security:  Bringing  CLARITY  to  Common  Myths  and  Misconceptions  ©  2012  Sutherland  Global  Services.   Page  1
Introduction   Companies  in  today’s  economic  environment  are  all  facing  the  age-­‐old  business  conundrum:  how   can  we  do  more  with  less?  To  help  improve  capacity  but  drive  down  costs,  organizations  are   increasingly  turning  to  cloud-­‐based  technologies.     Cloud-­‐based  Enterprise  Resource  Planning  (ERP)  can  be  deployed  quickly,  minimizes  the  initial   investment,  reduces  the  Total  Cost  of  Ownership  (TCO)  and  offers  seamless  upgrades.  Although   many  CEOs,  CFOs,  CIOs  and  key  stakeholders  look  to  cloud  computing  to  help  realize  tremendous   savings,  there  are  concerns  about  cloud-­‐based  data  solutions.   In  the  age  of  cyber  attacks  and  the  seemingly  ever-­‐growing  list  of  online  security  threats,  senior   executives  worry  about  the  safety  of  their  cloud-­‐based  information.  Physical  location,  data   transmission,  access  security  and  disaster  recovery  represent  the  four  top-­‐of-­‐mind  security   concerns.   This  white  paper  will  look  at  some  of  the  key  aspects  of  cloud  security  and  examine  some  of  the   myths  and  misconceptions.  Research  also  shows  that  while  senior  executives  are  apprehensive   about  cloud-­‐based  security,  only  a  small  percentage  conduct  due  diligence  on  their  providers.  This   white  paper  also  includes  a  checklist  of  10  questions  that  SMBs,  mid-­‐market  companies  and  large   organizations  should  ask  their  potential  providers. Cloud  Security:  Bringing  CLARITY  to  Common  Myths  and  Misconceptions  ©  2012  Sutherland  Global  Services.   Page  2
The  Rise  of  Cloud  Computing   A  2011  survey  by  CDW  found  that  28%  of  US-­‐based  organizations  are  using  cloud  computing   today,  and  73%  of  those  organizations  took  their  first  step  by  implementing  a  single  cloud   application.  Interestingly,  the  vast  majority  of  the  survey  respondents  (84%)  say  they  “have   already  employed  at  least  one  cloud  application.”  So,  in  essence,  there  are  a  lot  of  first  steps  being   taken,  and  wider  cloud  adoption  is  foreseeable.     There’s  no  doubt  the  cloud  is  garnering  attention  as   Top  5  Cloud  ERP  Misconceptions   companies  cautiously  explore  cloud  applications.  According   to  an  April  2011  Forrester  Research  report  titled  “Sizing  the   1. With  a  cloud  ERP  solution,  our  data   Cloud”  the  global  cloud  computing  market  is  estimated  to   isn’t  as  secure  as  it  is  onsite. reach  $241  billion  in  2020.  Yet,  despite  the  rise  of  cloud   2. Cloud  ERP  solutions  provide  only  basic   computing,  there  are  a  number  of  misconceptions  floating   ERP  functionality.   around,  with  security  at  the  top  of  the  list.   3. Cloud  ERP  solutions  can’t  be     customized.   As  companies  transition  from  low-­‐risk  “testing  the  waters”  to   4. It’s  difficult  to  integrate  cloud  ERP   taking  the  plunge  with  cloud  ERP  for  more  mission-­‐critical   systems  with  other  systems.     functions  like  Finance  and  Accounting,  the  issue  of  cloud   5. If  the  Internet  goes  down,  the  business   security  is  inevitable.  The  question  most  often  asked  is,     goes  down. “Just  how  secure  is  our  data?”         It’s  a  legitimate  question.  It  was  only  a  few  short  years  ago  that  cloud-­‐based  ERP  systems  were  the   exception  rather  than  the  norm  for  most  companies.  The  idea  of  not  having  all  data,   infrastructure,  software  and  hardware  on-­‐site  was  new,  intriguing  and  fraught  with  concerns.   Entrusting  private  business  data  and  applications  to  an  outside  hosting  service  made  (and   continues  to  make)  some  organizations  uncomfortable.       Despite  the  cloud’s  shift  into  the  mainstream,  security  and  compliance  still  top  the  list  of   apprehensions  inhibiting  cloud  adoption.  Some  of  this  apprehension  is  caused  in  part  by  confusion   around  a  lack  of  industry  standards;  expectations  and  definitions  of  security  can  vary  from   industry  to  industry.  Different  regions  and  countries  are  subject  to  different  data  protection   policies  and  legislation  that  could  compromise  data  privacy.  Companies  need  to  conduct  due   diligence  on  their  prospective  cloud  providers.     Data  security  and  privacy  issues  are  very  real  concerns  no  matter  whether  SMBs  implement  a   cloud  ERP  solution  or  on-­‐premise  ERP.  Both  require  knowledge  of  data:  which  data  is  sensitive,   the  degree  of  sensitivity  and  the  protocols  required  to  protect  it.   Yet,  the  pervasive  myth  that  cloud-­‐based  ERP  simply  isn’t  as  secure  as  on-­‐premise  solutions   continues  to  linger.  The  myth  persists  based  on  four  misconceptions  about  the  security  of  physical   location,  transmission,  access  security,  and  disaster  security.     Cloud  Security:  Bringing  CLARITY  to  Common  Myths  and  Misconceptions  ©  2012  Sutherland  Global  Services.   Page  3
Physical  Location   The  Misconception:  A  cloud-­‐based  solution  is  nebulous  and  can’t  be  secured.     The  Reality   Cloud  computing  is  new,  unknown  and  eyed  suspiciously.  It  has  the  appearance  of  being  risky   because  you  cannot  secure  its  perimeter—where  are  a  cloud’s  boundaries?    A  May  2010  study  by   the  Ponemon  Institute  found  that  IT  professionals  believed  security  risks  were  more  difficult  to   curtail  in  the  cloud,  including  securing  the  physical  location  of  data  assets  and  restricting   privileged  user  access  to  sensitive  data.  Yet,  as  CIO  Magazine  pointed  out:   “…respondents  only  gave  the  on-­‐premise  alternative  a  56%  positive  rating!  In  other  words,  nearly   half  the  respondents  believe  that  their  own  internal  data  centers  do  not  do  a  good  job  of  securing   1 the  physical  environments  of  their  data  centers.”   The  reality  is  that  often  on-­‐premise  ERP  security  does  not  measure  up  to  the  same  standards  as  a   world-­‐class  data  state-­‐of-­‐the-­‐art  facility.     An  ideal  data  center  should  be  secure,  free  of  windows,  and  built  with  cement  or  steel   fortifications  with  24/7  on-­‐site  security.  Most  SMB  IT  departments  reside  in  a  department  or  on  a   floor  of  commercial  buildings  and  office  towers,  which  rarely  have  these  conditions.   In  comparison,  the  CLARITY  es  data  centers  are  housed  in  multi-­‐million  dollar  facilities  with   building  fortifications.  The  main  data  center  is  housed  underground  in  a  facility  that  is  designed  to   withstand  an  8.3  magnitude  earthquake.  The  data  centers  also  have  24/7/365  security,  monitored   by  staff  as  well  as  security  guards.   Transmission   Misconception:  Cloud-­‐based  solutions  are  more  vulnerable  to  hacking  and  other  attacks.   The  Reality   SMBs  typically  invest  in  hardware,  software  and  applications  to  thwart  specific  security   challenges:  spam,  security  breaches,  malware,  non-­‐compliance,  and  so  forth.  Unfortunately,  many   of  these  products  have  limited  life  cycles,  are  difficult  to  scale  and,  from  a  security  point  of  view,   often  only  produce  single  points  of  failure.  Additionally,  the  latest  technologies  to  scramble  and   encrypt  data  –  RSA,  Secure  Socket  Layer  (SSL),  Data  Encryption  Standard  (DES),  or  Triple  DES,  etc.   –  can  quickly  drain  SMB  IT  budgets.   With  traditional  licensed  ERP  software,  organizations  typically  must  wait  for  the  next  release  to   benefit  from  the  latest  features,  upgrades,  or  security  patches.  Sometimes  limited  resources  can   mean  that  upgrades  aren’t  always  deployed  in  a  timely  manner.  In  fact,  two-­‐thirds  of  mid-­‐size   businesses  are  running  outdated  versions  of  their  ERP  software2.  This  can  leave  these  companies   vulnerable.   1  Golden,  Bernard.  "Cloud  Computing  Security:  IT's  Take  on  State  of  Play."  CIO  Magazine.  N.p.,  17  May  2010.  Web.   2  "Why  Cloud  Computing  Matters  to  Finance,"  Ron  Gill,  CMA,  CFM:  Strategic  Finance,  January  2011.   Cloud  Security:  Bringing  CLARITY  to  Common  Myths  and  Misconceptions  ©  2012  Sutherland  Global  Services.   Page  4
Under  the  SaaS  (Software  as  a  Service)  delivery  model  that  forms  the  basis  of  cloud  ERP,  the   provider  continuously  and  unobtrusively  adds  the  latest  features  and  upgrades,  which  means  that   users  can  be  assured  that  they’re  actually  using—rather  than  waiting  for—the  latest  security   technology.   By  their  very  nature,  external  applications  like  cloud-­‐based  technologies  must  adopt  a  “trust  no   one”  approach.  Layers  of  security  controls,  encryption  of  all  sensitive  data  and  security  testing  at   the  application  level,  as  well  as  countless  other  safeguards  are  necessary  for  cloud  security.   A  world-­‐class  cloud  ERP  provider  will  perform  rigorous  internal  vulnerability  scans,  log  threats,  and   are  audited  for  SSAE  16  (formerly  SAS  70  Type  II)  compliance.  Data  is  fully  secured,  both  in   transmission  and  at  rest.  For  example,  CLARITY  es  runs  on  a  Microsoft  Dynamics  AX  platform.  It   uses  the  RPC_C_AUTHN_LEVEL_PKT_PRIVACY  call,  which  provides  the  highest  security  level   available  through  a  remote  procedure  call  (RPC).  There  are  no  software  or  hardware  purchases,   and  updates  are  seamless.   Access  Security   The  Misconception:  An  on-­‐premise  solution  offers  more  security  over   who  may  access  information.     The  Reality   The  myth  that  a  cloud  solution  simply  cannot  be  as  secure  as  an  on-­‐premise  solution  has  very   much  to  do  with  the  notion  of  “seeing  is  believing.”  Often  companies  feel  more  in  control  of  their   data  when  it  resides  under  their  own  roof.     When  ERP  is  on-­‐site,  it  is  the  sole  responsibility  of  the  IT  department  to  authenticate  and  log  all   access  to  data  in  order  to  prevent  unwanted  users,  both  internal  and  external,  from  accessing   information  or  resources.   Access  security  for  on-­‐premise  ERP  systems  may  be  enforced  through  business  logic  or  at  the   database  layer.  This  authenticates  users  and  provides  them  with  specific  rights  to  data  objects.     For  example,  a  payroll  clerk  would  only  have  access  to  payroll  data,  not  customer  records.   A  cloud-­‐based  ERP  is  no  different.  With  CLARITY  es,  you  control  access  to  data  throughout  by   managing  security  restrictions  on  forms,  records  and  data  fields  for  specific  user  groups  and   domains,  and  define  and  assign  rights  according  to  how  you  want  security  restrictions  managed.   As  well,  because  CLARITY  es  is  a  single-­‐tenant  environment  there  is  no  risk  of  data  being   inadvertently  exposed  to  other  users  due  to  poor  implementation  of  the  access  management   process.   While  a  secure  cloud  ERP  system  doesn’t  increase  the  vulnerability  of  your  business  data,   authenticated  users  have  “anywhere,  anytime,  any  device”  access,  which  is  a  tremendous   advantage  for  global  collaboration,  monitoring  and  managing.   Cloud  Security:  Bringing  CLARITY  to  Common  Myths  and  Misconceptions  ©  2012  Sutherland  Global  Services.   Page  5
Security  From  Disaster   Misconception:  It’s  better  to  handle  backups  internally  to  be  able  to  access  data  more   quickly  in  case  of  a  disaster.     The  Reality   Companies  must  examine  how  often  they  back  up  data  and  where  the  backups  are  the  stored.   SMBs  looking  to  third-­‐party  back-­‐up  systems  and  business  continuity  facilities  must  thoroughly   examine  the  security  standards  that  are  in  place.  The  truth  of  the  matter  is  that  SMBs  need  to   invest  in  a  rigorous  program  for  data  backups  with  offsite  storage  in  a  secure  location  separate   from  the  main  data  center.     Key  questions  to  ask  before  choosing  an  external  backup  partner  include:  Does  the  third-­‐party   data  recovery  service  abide  by  recognized  security  standards  and  compliance  requirements?  What   happens  if  there  is  a  power  failure?  How  long  will  my  data  be  kept?   Cloud-­‐based  solutions,  like  CLARITY  es,  ensure  full  nightly  backups,  which  are  stored  in  an  off-­‐site   location  and  are  maintained  for  seven  years.  As  well,  the  data  centers  have  multiple  power   sources  and  redundant  incoming  lines  provisioned  in  an  N+1  configuration  for  continuous  power.     The  New  Reality  of  Cloud  ERP  Solutions   Traditional  and  cloud  ERP  share  many  of  the  same  security  issues,  from  preventing  unauthorized   access  to  safe  and  secure  backups.  As  the  “new  kid  on  the  block”,  cloud  technology  is  unfamiliar   and  not  fully  trusted.   SMBs  that  adopt  a  cloud-­‐based  ERP  solution,  like  CLARITY  es,  find  that  security  is  actually   improved.  Unlike  large  enterprise  companies,  SMBs  usually  don’t  have  the  high  security   infrastructure,  processes  or  best  practices  knowledge  readily  on  hand.  In  the  case  of  cyber  attacks,   cyber  espionage,  malware,  human  error  and  disasters,  cloud-­‐based  service  providers  have  higher   levels  of  security.     Microsoft  released  research  in  May  of  2012,  that  verified  the  significant  IT  security  advantages  from  using   the  cloud.  One  of  the  most  interesting  facts  to  emerge  from  the  survey  was  that  "35  percent  of  US   3 companies  surveyed  have  experienced  noticeably  higher  levels  of  security  since  moving  to  the  cloud."   Security  is  always  a  top  concern  for  companies,  but  it’s  time  to  put  to  cut  through  the  fog,  and   bring  a  little  clarity  to  the  situation:  Cloud  ERP  systems  and  the  data  they  contain  are  as  secure,  if   not  more  secure  than  traditional  ERP  systems.   3  Microsoft.  News  Center.  Cloud  Computing  Security  Benefits  Dispel  Adoption  Barrier  for  Small  to  Midsize  Businesses.   14  May  2012.  Web.   Cloud  Security:  Bringing  CLARITY  to  Common  Myths  and  Misconceptions  ©  2012  Sutherland  Global  Services.   Page  6
Security  Checklist   CompTIA's  9th  Annual  Information  Security  Trends  survey  of  U.S.  executives  with  IT   responsibilities  reported  that  only  29%  of  organizations  report  conducting  a  heavy  review  of  their   cloud  service  provider's  security  policies,  procedures  and  capabilities.   SMBs  must  vet  their  cloud  providers  by  conducting  due  diligence  and  asking  for  proof  of  physical   audits  and  physical  access  controls.  Here  are  10  questions  you  can  ask  your  provider.   1.)  What  is  your  privacy  policy?   Your  potential  solution  provider  should  have  a  well-­‐defined  and  clearly  articulated  privacy  policy   that  spells  out  exactly  who  has  access  to  various  types  of  information.  It  should  also  describe  the   organization’s  standard  operating  policies  and  procedures  for  ensuring  privacy.  Your  prospective   vendor  should  voluntarily  provide  you  with  a  copy  of  this  policy  information.     2.)  What  level  of  security  do  you  use  to  ensure  the  safety  and  integrity  of  critical  data?   To  safeguard  your  data  onsite,  your  prospective  solution  provider  should  use  a  combination  of   intrusion  detection  system  (IDS)  and  intrusion  prevention  system  (IPS)  products  and  apply   antivirus  at  various  network  layers.  It  should  also  utilize  deep  packet  inspection  (DPI)  or  an   application-­‐level  firewall  technology  that  scans  all  levels  of  packet  transmission.  Finally,  it  should   also  use  secure  socket  layer  (SSL)  or  https-­‐encrypted  transmission  to  ensure  Internet  security.   3.)  Is  your  production  equipment  housed  in  a  state-­‐of-­‐the-­‐art  facility?   Your  prospective  vendor’s  data  center  should  be  secure,  free  of  windows,  and  built  with  cement   or  steel  fortifications.  It  should  also  be  located  somewhere  that  is  not  prone  to  inclement   weather.   4.)  What  are  your  facility’s  physical  security  arrangements?  Are  they  in  place  24  hours  a  day,   seven  days  a  week,  and  365  days  a  year?   Similar  to  its  privacy  policy,  your  potential  hosted  ERP  solution  provider  should  have  well-­‐defined   and  robust  security  arrangements  that  are  in  place  at  all  times.   5.)  Do  you  contract  with  an  independent,  third-­‐party  organization  to  conduct  periodic  external   and  internal  vulnerability  scans?   In  addition  to  maintaining  an  intrusion  response  system  and  a  prepared  response  plan,  your   prospective  solution  provider  should  frequently  commission  both  routine  and  unannounced   security  audits.   6.)  How  often  do  you  back  up  data,  and  where  are  the  backups  stored?   Your  potential  hosting  provider  should  have  in  place  a  rigorous  program  of  data  backup  and   offsite  storage  in  a  secure  location  remote  from  its  main  data  center.         Cloud  Security:  Bringing  CLARITY  to  Common  Myths  and  Misconceptions  ©  2012  Sutherland  Global  Services.   Page  7
7.)  Do  you  offer  full  hardware  redundancy  to  avoid  the  negative  consequences   of  a  power  failure?   Your  prospective  solution  provider’s  data  center  and  backup  location  should  have  redundant   power  supplies,  such  as  battery  and  diesel  generator  backups,  to  avoid  the  negative  consequences   associated  with  a  power  failure.   8.)  Does  your  staff  include  a  highly  qualified  operations  team  that  monitors  the  site   24  hours  a  day,  365  days  a  year?   Your  prospective  vendor  should  have  on  staff  many  certified  security  experts,  including  those  with   the  preferred  CISSP  designation.   9.)  Is  my  data  stored  in  a  multi-­‐tenant  or  single  tenant  environment?   A  multi-­‐tenant  cloud-­‐based  ERP  is  a  set  of  pooled  computing  resources,  shared  among  many   different  organizations  (tenants).  In  short,  various  organizations  share  the  same  database.  In  a   single  tenant  environment,  customers  operate  with  their  own  individual  database.  It  is  our  belief   that  an  isolated  single  tenant  environment  best  maximizes  performance,  security,  privacy  and   integration.   10.)  How  safe  is  your  data  center  in  terms  of  natural  disasters?   Your  potential  provider  should  be  prepared  for  any  number  of  natural  disasters.  In  addition  to  a   windowless,  cement  building  with  steel  fortifications,  the  provider  should  have  multiple  power   sources  and  redundant  incoming  lines  provisioned  in  an  N+1  configuration  for  continuous  power.   For  example,  our  main  data  center’s  backup  generators  can  power  a  city  of  25,000  people  -­‐  which   allows  us  to  go  off  grid  for  28  days  without  water,  electricity,  sewer,  or  natural  gas  feeds.   CLARITY  es:  Cloud-­‐Hosted  –Microsoft-­‐Powered   The  ERP  platform  of  the  CLARITY  es  solution  is  cloud-­‐hosted  and  powered  by  Microsoft  Dynamics   AX,  considered  by  Gartner  as  a  market  leader.  The  cloud-­‐hosting  ensures  rapid  implementation   and  low  up-­‐front  costs.   CLARITY  es  provides  multiple  customized  portals  and  tailored  solutions  for  all  aspects  of   your  business:   • Finance  &  Accounting   • Procurement   • Human  Capital  Management   • Sales  &  Marketing  (CRM)   • Project  Accounting   • Supply  Chain  Management   • Production  /  Manufacturing   • Business  Intelligence  &  Reporting   CLARITY  es  is  a  composite  and  customizable  solution  with  core  industry-­‐specific  functionalities.  All   elements  of  the  solution  from  application  implementation,  support  and  hosting  to  service  delivery   with  guaranteed  metrics  are  provided  by  Sutherland  Global  Services  –  one  of  the  world’s  largest   pure-­‐play  BPO  service  providers. Cloud  Security:  Bringing  CLARITY  to  Common  Myths  and  Misconceptions  ©  2012  Sutherland  Global  Services.   Page  8
Dynamics  AX  Power   Powerful  Foundation  Gives  You  More  Value  Faster   Pre-­‐built  industry-­‐specific  functionalities  enable  users  to  streamline  mission-­‐critical  business   processes  with  workflow  functionality  and  alerts  that  provide  automatic  notification  of  pending   tasks  and  events.  These  features  provide  management  real-­‐time  visibility  into  critical  business   data  through  customized  dashboards  and  reports.  With  powerful  embedded  business  intelligence   and  analytics,  you  will  be  able  to  run  ad-­‐hoc  reports  rapidly  and  streamline  workflows.   CLARITY  es  Cloud  Advantage   Supply  Chain   CLARITY  es  has  complete  supply  chain  integration  and  is  customizable  to  your  industry   and  business.   Flexible  &  Agile   CLARITY  es  gives  you  flexible  deployment  options,  allowing  you  to  switch  between  the  cloud  and   on-­‐premise  deployment,  implementing  your  solutions  all  at  once  or  in  phases.  This  unified  natural   model  offers  companies  improved  forecasting,  reporting,  and  budgeting  abilities.  Extend  these   models  with  industry-­‐specific  capabilities  as  the  company  evolves.   Web  Access   CLARITY  es  gives  you  anywhere,  anytime  access  with  97.99%  Up  Time.  This  user-­‐centric  platform   provides  access  to  more  people,  including  customers  and  partners,  while  guaranteeing  data   control  maintenance  and  integrity.  You  get  a  dedicated  environment  (not  multi-­‐tenant)  that   replicates  on-­‐premise  configuration,  the  administrative  rights  to  the  servers,  and  a  secure  VPN   access.  Your  data  will  be  available  where  you  need  it,  when  you  need  it.  CLARITY  es  is  certified   SSAE  16  (formerly  SAS  70  Type  II)  compliant.   Simplified  Solution  Drives  Adoption  &  Lowers  Costs   The  interface  is  familiar  and  intuitive,  allowing  for  easy-­‐to-­‐use  collaboration  with  colleagues,   partners,  vendors,  and  customers  using  integrated  email,  instant  messaging,  and  presence   information  through  unified  communications.       Cloud  Security:  Bringing  CLARITY  to  Common  Myths  and  Misconceptions  ©  2012  Sutherland  Global  Services.   Page  9
Sutherland  Global  –  A  Practical  Overview   Structure   • Globally  distributed  delivery  capacity  and  domain  capability   • The  Deloitte-­‐established  Tulsa  FAO  Centre  of  Excellence  has  been  servicing   clients  since  1995   • Strategic  global  locations  designed  to  satisfy  SSAE  16  (formerly  SAS  70  Type  II)  standards   and  Sarbanes-­‐Oxley  requirements   Capability   • Full  suite  of  BPaaS  services  –  transaction  processing  to  financial  and   management  reporting   • Integrated  analytics  to  support  Collections,  Financial  Planning  and  Analysis  functions   • Onshore,  offshore  and  hybrid  solutions  tailored  to  meet  client-­‐specific  needs   Expertise   • Dedicated  team  experienced  in  business  transformation,  process  optimization   and  transition  services   • Expertise  in  utilizing  existing  client  applications  and/or  SGS-­‐hosted  ERP  systems   • Robust  set  of  add-­‐on  technologies  supported  by  in-­‐house  application  management  team   Flexibility   • Custom-­‐crafted  Pricing  and  Commercial  Structure  aligned  to  client  needs  and  objectives   • Output/Outcome  Based  Pricing  and  No  Termination  penalties         If  you  would  like  to  continue  the  conversation  and  get  information  about   our  CLARITY  es  offering  please  contact:  +1-­‐800-­‐388-­‐4557     Cloud  Security:  Bringing  CLARITY  to  Common  Myths  and  Misconceptions  ©  2012  Sutherland  Global  Services.   Page  10
  About  Sutherland  Global  Services   Sutherland  Global  Services  is  a  multi-­‐national  technology-­‐enabled  business  process  outsourcing   (BPO)  services  company  providing  a  unique  combination  of  vast  BPO  resources  as  well  as   extensive  expertise  and  industry  knowledge  in  Finance  and  Accounting.  We  help  you  build  a  high-­‐ performance  finance  organization  by  combining  accounting  best  practices  with  proven  BPO   processes.  Our  global  service  delivery  infrastructure  and  full  range  of  outsourcing  solutions  –  from   specific  transactional  processes  to  controller  and  compliance  functions  –help  you  reduce  costs   while  gaining  better  visibility  and  control  of  financial  processes  and  data.  All  of  our  finance  and   accounting  engagements  are  led  by  our  Controllership  &  Management  Center,  based  in  Tulsa,   Oklahoma.   Our  strategy  quickly  improves  your  F&A  operations  by  adapting  a  set  of  standardized  processes   and  using  technology  and  automation  to  improve  efficiency.  We  begin  by  analyzing  your  existing   accounting  workflows,  then  we  design  an  outsourcing  solution  based  on  your  business  objectives   and  available  resources.  Ongoing  processes  are  transferred  to  our  organization.  Once  this   transition  is  complete,  we  follow  through  to  ensure  flawless  service  delivery.         The  Result:  You  gain  access  to  higher  quality,  more  complete  financial  information  to  support   effective  tactical  and  strategic  decision-­‐making  across  your  business.  Our  outsourcing  solution  not   only  reduces  the  cost  of  the  finance  function;  it  provides  CFOs  the  opportunity  to  focus  the   organization  on  what  is  strategically  important  to  the  business.             Cloud  Security:  Bringing  CLARITY  to  Common  Myths  and  Misconceptions  ©  2012  Sutherland  Global  Services.   Page  11

Recomendados

Intraday tips
Intraday tipsIntraday tips
Intraday tipsIntraday Stock Futures
 
Mama Trailer Shots Breakdown
Mama Trailer Shots BreakdownMama Trailer Shots Breakdown
Mama Trailer Shots BreakdownJonathanlarham
 
Designing for search and discovery is crucial: an example from rare disease
Designing for search and discovery is crucial: an example from rare diseaseDesigning for search and discovery is crucial: an example from rare disease
Designing for search and discovery is crucial: an example from rare diseaseInspire
 
Trailer shots breakdown
Trailer shots breakdownTrailer shots breakdown
Trailer shots breakdownJonathanlarham
 
Annotated conventions of my magazine
Annotated conventions of my magazineAnnotated conventions of my magazine
Annotated conventions of my magazineJonathanlarham
 
Representations prensentation
Representations prensentationRepresentations prensentation
Representations prensentationJonathanlarham
 
Annotated comparisons of the conventions between the two
Annotated comparisons of the conventions between the twoAnnotated comparisons of the conventions between the two
Annotated comparisons of the conventions between the twoJonathanlarham
 
Detailed analysis
Detailed analysisDetailed analysis
Detailed analysisJonathanlarham
 

Recomendados

Intraday tips
Intraday tipsIntraday tips
Intraday tipsIntraday Stock Futures
 
Mama Trailer Shots Breakdown
Mama Trailer Shots BreakdownMama Trailer Shots Breakdown
Mama Trailer Shots BreakdownJonathanlarham
 
Designing for search and discovery is crucial: an example from rare disease
Designing for search and discovery is crucial: an example from rare diseaseDesigning for search and discovery is crucial: an example from rare disease
Designing for search and discovery is crucial: an example from rare diseaseInspire
 
Trailer shots breakdown
Trailer shots breakdownTrailer shots breakdown
Trailer shots breakdownJonathanlarham
 
Annotated conventions of my magazine
Annotated conventions of my magazineAnnotated conventions of my magazine
Annotated conventions of my magazineJonathanlarham
 
Representations prensentation
Representations prensentationRepresentations prensentation
Representations prensentationJonathanlarham
 
Annotated comparisons of the conventions between the two
Annotated comparisons of the conventions between the twoAnnotated comparisons of the conventions between the two
Annotated comparisons of the conventions between the twoJonathanlarham
 
Detailed analysis
Detailed analysisDetailed analysis
Detailed analysisJonathanlarham
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture CodeSkeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations Rajiv Jayarajah, MAppComm, ACC
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data ScienceChristy Abraham Joy
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 

Más contenido relacionado

Destacado

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 

Destacado (20)

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 

Cloud Security: Bringing CLARITY to Common Myths and Misconceptions

  • 1.     Finance  and  Accounting  Services     Cloud  Security:   Bringing  CLARITY  to  Common  Myths  and  Misconceptions     Table  of  Contents     Introduction             2   The  Rise  of  Cloud  Computing             3   Physical  Location           4   Transmission             4   Access  Security             5   Security  From  Disaster           6   The  New  Reality  of  Cloud  ERP  Solutions       6   Security  Checklist           7   CLARITY  es:  Cloud-­‐Hosted  –Microsoft  Powered                             8   Sutherland  Global–A  Practical  Overview                              10   Contact  Information                                                            10     About  Sutherland  Global  Services                              11             Authors:   Dan  McCue,  Senior  Vice  President,  Finance  &  Accounting,  Sutherland  Global  Services   Bill  Burke,  CEO,  Merit  Solutions   Cloud  Security:  Bringing  CLARITY  to  Common  Myths  and  Misconceptions  ©  2012  Sutherland  Global  Services.   Page  1
  • 2. Introduction   Companies  in  today’s  economic  environment  are  all  facing  the  age-­‐old  business  conundrum:  how   can  we  do  more  with  less?  To  help  improve  capacity  but  drive  down  costs,  organizations  are   increasingly  turning  to  cloud-­‐based  technologies.     Cloud-­‐based  Enterprise  Resource  Planning  (ERP)  can  be  deployed  quickly,  minimizes  the  initial   investment,  reduces  the  Total  Cost  of  Ownership  (TCO)  and  offers  seamless  upgrades.  Although   many  CEOs,  CFOs,  CIOs  and  key  stakeholders  look  to  cloud  computing  to  help  realize  tremendous   savings,  there  are  concerns  about  cloud-­‐based  data  solutions.   In  the  age  of  cyber  attacks  and  the  seemingly  ever-­‐growing  list  of  online  security  threats,  senior   executives  worry  about  the  safety  of  their  cloud-­‐based  information.  Physical  location,  data   transmission,  access  security  and  disaster  recovery  represent  the  four  top-­‐of-­‐mind  security   concerns.   This  white  paper  will  look  at  some  of  the  key  aspects  of  cloud  security  and  examine  some  of  the   myths  and  misconceptions.  Research  also  shows  that  while  senior  executives  are  apprehensive   about  cloud-­‐based  security,  only  a  small  percentage  conduct  due  diligence  on  their  providers.  This   white  paper  also  includes  a  checklist  of  10  questions  that  SMBs,  mid-­‐market  companies  and  large   organizations  should  ask  their  potential  providers. Cloud  Security:  Bringing  CLARITY  to  Common  Myths  and  Misconceptions  ©  2012  Sutherland  Global  Services.   Page  2
  • 3. The  Rise  of  Cloud  Computing   A  2011  survey  by  CDW  found  that  28%  of  US-­‐based  organizations  are  using  cloud  computing   today,  and  73%  of  those  organizations  took  their  first  step  by  implementing  a  single  cloud   application.  Interestingly,  the  vast  majority  of  the  survey  respondents  (84%)  say  they  “have   already  employed  at  least  one  cloud  application.”  So,  in  essence,  there  are  a  lot  of  first  steps  being   taken,  and  wider  cloud  adoption  is  foreseeable.     There’s  no  doubt  the  cloud  is  garnering  attention  as   Top  5  Cloud  ERP  Misconceptions   companies  cautiously  explore  cloud  applications.  According   to  an  April  2011  Forrester  Research  report  titled  “Sizing  the   1. With  a  cloud  ERP  solution,  our  data   Cloud”  the  global  cloud  computing  market  is  estimated  to   isn’t  as  secure  as  it  is  onsite. reach  $241  billion  in  2020.  Yet,  despite  the  rise  of  cloud   2. Cloud  ERP  solutions  provide  only  basic   computing,  there  are  a  number  of  misconceptions  floating   ERP  functionality.   around,  with  security  at  the  top  of  the  list.   3. Cloud  ERP  solutions  can’t  be     customized.   As  companies  transition  from  low-­‐risk  “testing  the  waters”  to   4. It’s  difficult  to  integrate  cloud  ERP   taking  the  plunge  with  cloud  ERP  for  more  mission-­‐critical   systems  with  other  systems.     functions  like  Finance  and  Accounting,  the  issue  of  cloud   5. If  the  Internet  goes  down,  the  business   security  is  inevitable.  The  question  most  often  asked  is,     goes  down. “Just  how  secure  is  our  data?”         It’s  a  legitimate  question.  It  was  only  a  few  short  years  ago  that  cloud-­‐based  ERP  systems  were  the   exception  rather  than  the  norm  for  most  companies.  The  idea  of  not  having  all  data,   infrastructure,  software  and  hardware  on-­‐site  was  new,  intriguing  and  fraught  with  concerns.   Entrusting  private  business  data  and  applications  to  an  outside  hosting  service  made  (and   continues  to  make)  some  organizations  uncomfortable.       Despite  the  cloud’s  shift  into  the  mainstream,  security  and  compliance  still  top  the  list  of   apprehensions  inhibiting  cloud  adoption.  Some  of  this  apprehension  is  caused  in  part  by  confusion   around  a  lack  of  industry  standards;  expectations  and  definitions  of  security  can  vary  from   industry  to  industry.  Different  regions  and  countries  are  subject  to  different  data  protection   policies  and  legislation  that  could  compromise  data  privacy.  Companies  need  to  conduct  due   diligence  on  their  prospective  cloud  providers.     Data  security  and  privacy  issues  are  very  real  concerns  no  matter  whether  SMBs  implement  a   cloud  ERP  solution  or  on-­‐premise  ERP.  Both  require  knowledge  of  data:  which  data  is  sensitive,   the  degree  of  sensitivity  and  the  protocols  required  to  protect  it.   Yet,  the  pervasive  myth  that  cloud-­‐based  ERP  simply  isn’t  as  secure  as  on-­‐premise  solutions   continues  to  linger.  The  myth  persists  based  on  four  misconceptions  about  the  security  of  physical   location,  transmission,  access  security,  and  disaster  security.     Cloud  Security:  Bringing  CLARITY  to  Common  Myths  and  Misconceptions  ©  2012  Sutherland  Global  Services.   Page  3
  • 4. Physical  Location   The  Misconception:  A  cloud-­‐based  solution  is  nebulous  and  can’t  be  secured.     The  Reality   Cloud  computing  is  new,  unknown  and  eyed  suspiciously.  It  has  the  appearance  of  being  risky   because  you  cannot  secure  its  perimeter—where  are  a  cloud’s  boundaries?    A  May  2010  study  by   the  Ponemon  Institute  found  that  IT  professionals  believed  security  risks  were  more  difficult  to   curtail  in  the  cloud,  including  securing  the  physical  location  of  data  assets  and  restricting   privileged  user  access  to  sensitive  data.  Yet,  as  CIO  Magazine  pointed  out:   “…respondents  only  gave  the  on-­‐premise  alternative  a  56%  positive  rating!  In  other  words,  nearly   half  the  respondents  believe  that  their  own  internal  data  centers  do  not  do  a  good  job  of  securing   1 the  physical  environments  of  their  data  centers.”   The  reality  is  that  often  on-­‐premise  ERP  security  does  not  measure  up  to  the  same  standards  as  a   world-­‐class  data  state-­‐of-­‐the-­‐art  facility.     An  ideal  data  center  should  be  secure,  free  of  windows,  and  built  with  cement  or  steel   fortifications  with  24/7  on-­‐site  security.  Most  SMB  IT  departments  reside  in  a  department  or  on  a   floor  of  commercial  buildings  and  office  towers,  which  rarely  have  these  conditions.   In  comparison,  the  CLARITY  es  data  centers  are  housed  in  multi-­‐million  dollar  facilities  with   building  fortifications.  The  main  data  center  is  housed  underground  in  a  facility  that  is  designed  to   withstand  an  8.3  magnitude  earthquake.  The  data  centers  also  have  24/7/365  security,  monitored   by  staff  as  well  as  security  guards.   Transmission   Misconception:  Cloud-­‐based  solutions  are  more  vulnerable  to  hacking  and  other  attacks.   The  Reality   SMBs  typically  invest  in  hardware,  software  and  applications  to  thwart  specific  security   challenges:  spam,  security  breaches,  malware,  non-­‐compliance,  and  so  forth.  Unfortunately,  many   of  these  products  have  limited  life  cycles,  are  difficult  to  scale  and,  from  a  security  point  of  view,   often  only  produce  single  points  of  failure.  Additionally,  the  latest  technologies  to  scramble  and   encrypt  data  –  RSA,  Secure  Socket  Layer  (SSL),  Data  Encryption  Standard  (DES),  or  Triple  DES,  etc.   –  can  quickly  drain  SMB  IT  budgets.   With  traditional  licensed  ERP  software,  organizations  typically  must  wait  for  the  next  release  to   benefit  from  the  latest  features,  upgrades,  or  security  patches.  Sometimes  limited  resources  can   mean  that  upgrades  aren’t  always  deployed  in  a  timely  manner.  In  fact,  two-­‐thirds  of  mid-­‐size   businesses  are  running  outdated  versions  of  their  ERP  software2.  This  can  leave  these  companies   vulnerable.   1  Golden,  Bernard.  "Cloud  Computing  Security:  IT's  Take  on  State  of  Play."  CIO  Magazine.  N.p.,  17  May  2010.  Web.   2  "Why  Cloud  Computing  Matters  to  Finance,"  Ron  Gill,  CMA,  CFM:  Strategic  Finance,  January  2011.   Cloud  Security:  Bringing  CLARITY  to  Common  Myths  and  Misconceptions  ©  2012  Sutherland  Global  Services.   Page  4
  • 5. Under  the  SaaS  (Software  as  a  Service)  delivery  model  that  forms  the  basis  of  cloud  ERP,  the   provider  continuously  and  unobtrusively  adds  the  latest  features  and  upgrades,  which  means  that   users  can  be  assured  that  they’re  actually  using—rather  than  waiting  for—the  latest  security   technology.   By  their  very  nature,  external  applications  like  cloud-­‐based  technologies  must  adopt  a  “trust  no   one”  approach.  Layers  of  security  controls,  encryption  of  all  sensitive  data  and  security  testing  at   the  application  level,  as  well  as  countless  other  safeguards  are  necessary  for  cloud  security.   A  world-­‐class  cloud  ERP  provider  will  perform  rigorous  internal  vulnerability  scans,  log  threats,  and   are  audited  for  SSAE  16  (formerly  SAS  70  Type  II)  compliance.  Data  is  fully  secured,  both  in   transmission  and  at  rest.  For  example,  CLARITY  es  runs  on  a  Microsoft  Dynamics  AX  platform.  It   uses  the  RPC_C_AUTHN_LEVEL_PKT_PRIVACY  call,  which  provides  the  highest  security  level   available  through  a  remote  procedure  call  (RPC).  There  are  no  software  or  hardware  purchases,   and  updates  are  seamless.   Access  Security   The  Misconception:  An  on-­‐premise  solution  offers  more  security  over   who  may  access  information.     The  Reality   The  myth  that  a  cloud  solution  simply  cannot  be  as  secure  as  an  on-­‐premise  solution  has  very   much  to  do  with  the  notion  of  “seeing  is  believing.”  Often  companies  feel  more  in  control  of  their   data  when  it  resides  under  their  own  roof.     When  ERP  is  on-­‐site,  it  is  the  sole  responsibility  of  the  IT  department  to  authenticate  and  log  all   access  to  data  in  order  to  prevent  unwanted  users,  both  internal  and  external,  from  accessing   information  or  resources.   Access  security  for  on-­‐premise  ERP  systems  may  be  enforced  through  business  logic  or  at  the   database  layer.  This  authenticates  users  and  provides  them  with  specific  rights  to  data  objects.     For  example,  a  payroll  clerk  would  only  have  access  to  payroll  data,  not  customer  records.   A  cloud-­‐based  ERP  is  no  different.  With  CLARITY  es,  you  control  access  to  data  throughout  by   managing  security  restrictions  on  forms,  records  and  data  fields  for  specific  user  groups  and   domains,  and  define  and  assign  rights  according  to  how  you  want  security  restrictions  managed.   As  well,  because  CLARITY  es  is  a  single-­‐tenant  environment  there  is  no  risk  of  data  being   inadvertently  exposed  to  other  users  due  to  poor  implementation  of  the  access  management   process.   While  a  secure  cloud  ERP  system  doesn’t  increase  the  vulnerability  of  your  business  data,   authenticated  users  have  “anywhere,  anytime,  any  device”  access,  which  is  a  tremendous   advantage  for  global  collaboration,  monitoring  and  managing.   Cloud  Security:  Bringing  CLARITY  to  Common  Myths  and  Misconceptions  ©  2012  Sutherland  Global  Services.   Page  5
  • 6. Security  From  Disaster   Misconception:  It’s  better  to  handle  backups  internally  to  be  able  to  access  data  more   quickly  in  case  of  a  disaster.     The  Reality   Companies  must  examine  how  often  they  back  up  data  and  where  the  backups  are  the  stored.   SMBs  looking  to  third-­‐party  back-­‐up  systems  and  business  continuity  facilities  must  thoroughly   examine  the  security  standards  that  are  in  place.  The  truth  of  the  matter  is  that  SMBs  need  to   invest  in  a  rigorous  program  for  data  backups  with  offsite  storage  in  a  secure  location  separate   from  the  main  data  center.     Key  questions  to  ask  before  choosing  an  external  backup  partner  include:  Does  the  third-­‐party   data  recovery  service  abide  by  recognized  security  standards  and  compliance  requirements?  What   happens  if  there  is  a  power  failure?  How  long  will  my  data  be  kept?   Cloud-­‐based  solutions,  like  CLARITY  es,  ensure  full  nightly  backups,  which  are  stored  in  an  off-­‐site   location  and  are  maintained  for  seven  years.  As  well,  the  data  centers  have  multiple  power   sources  and  redundant  incoming  lines  provisioned  in  an  N+1  configuration  for  continuous  power.     The  New  Reality  of  Cloud  ERP  Solutions   Traditional  and  cloud  ERP  share  many  of  the  same  security  issues,  from  preventing  unauthorized   access  to  safe  and  secure  backups.  As  the  “new  kid  on  the  block”,  cloud  technology  is  unfamiliar   and  not  fully  trusted.   SMBs  that  adopt  a  cloud-­‐based  ERP  solution,  like  CLARITY  es,  find  that  security  is  actually   improved.  Unlike  large  enterprise  companies,  SMBs  usually  don’t  have  the  high  security   infrastructure,  processes  or  best  practices  knowledge  readily  on  hand.  In  the  case  of  cyber  attacks,   cyber  espionage,  malware,  human  error  and  disasters,  cloud-­‐based  service  providers  have  higher   levels  of  security.     Microsoft  released  research  in  May  of  2012,  that  verified  the  significant  IT  security  advantages  from  using   the  cloud.  One  of  the  most  interesting  facts  to  emerge  from  the  survey  was  that  "35  percent  of  US   3 companies  surveyed  have  experienced  noticeably  higher  levels  of  security  since  moving  to  the  cloud."   Security  is  always  a  top  concern  for  companies,  but  it’s  time  to  put  to  cut  through  the  fog,  and   bring  a  little  clarity  to  the  situation:  Cloud  ERP  systems  and  the  data  they  contain  are  as  secure,  if   not  more  secure  than  traditional  ERP  systems.   3  Microsoft.  News  Center.  Cloud  Computing  Security  Benefits  Dispel  Adoption  Barrier  for  Small  to  Midsize  Businesses.   14  May  2012.  Web.   Cloud  Security:  Bringing  CLARITY  to  Common  Myths  and  Misconceptions  ©  2012  Sutherland  Global  Services.   Page  6
  • 7. Security  Checklist   CompTIA's  9th  Annual  Information  Security  Trends  survey  of  U.S.  executives  with  IT   responsibilities  reported  that  only  29%  of  organizations  report  conducting  a  heavy  review  of  their   cloud  service  provider's  security  policies,  procedures  and  capabilities.   SMBs  must  vet  their  cloud  providers  by  conducting  due  diligence  and  asking  for  proof  of  physical   audits  and  physical  access  controls.  Here  are  10  questions  you  can  ask  your  provider.   1.)  What  is  your  privacy  policy?   Your  potential  solution  provider  should  have  a  well-­‐defined  and  clearly  articulated  privacy  policy   that  spells  out  exactly  who  has  access  to  various  types  of  information.  It  should  also  describe  the   organization’s  standard  operating  policies  and  procedures  for  ensuring  privacy.  Your  prospective   vendor  should  voluntarily  provide  you  with  a  copy  of  this  policy  information.     2.)  What  level  of  security  do  you  use  to  ensure  the  safety  and  integrity  of  critical  data?   To  safeguard  your  data  onsite,  your  prospective  solution  provider  should  use  a  combination  of   intrusion  detection  system  (IDS)  and  intrusion  prevention  system  (IPS)  products  and  apply   antivirus  at  various  network  layers.  It  should  also  utilize  deep  packet  inspection  (DPI)  or  an   application-­‐level  firewall  technology  that  scans  all  levels  of  packet  transmission.  Finally,  it  should   also  use  secure  socket  layer  (SSL)  or  https-­‐encrypted  transmission  to  ensure  Internet  security.   3.)  Is  your  production  equipment  housed  in  a  state-­‐of-­‐the-­‐art  facility?   Your  prospective  vendor’s  data  center  should  be  secure,  free  of  windows,  and  built  with  cement   or  steel  fortifications.  It  should  also  be  located  somewhere  that  is  not  prone  to  inclement   weather.   4.)  What  are  your  facility’s  physical  security  arrangements?  Are  they  in  place  24  hours  a  day,   seven  days  a  week,  and  365  days  a  year?   Similar  to  its  privacy  policy,  your  potential  hosted  ERP  solution  provider  should  have  well-­‐defined   and  robust  security  arrangements  that  are  in  place  at  all  times.   5.)  Do  you  contract  with  an  independent,  third-­‐party  organization  to  conduct  periodic  external   and  internal  vulnerability  scans?   In  addition  to  maintaining  an  intrusion  response  system  and  a  prepared  response  plan,  your   prospective  solution  provider  should  frequently  commission  both  routine  and  unannounced   security  audits.   6.)  How  often  do  you  back  up  data,  and  where  are  the  backups  stored?   Your  potential  hosting  provider  should  have  in  place  a  rigorous  program  of  data  backup  and   offsite  storage  in  a  secure  location  remote  from  its  main  data  center.         Cloud  Security:  Bringing  CLARITY  to  Common  Myths  and  Misconceptions  ©  2012  Sutherland  Global  Services.   Page  7
  • 8. 7.)  Do  you  offer  full  hardware  redundancy  to  avoid  the  negative  consequences   of  a  power  failure?   Your  prospective  solution  provider’s  data  center  and  backup  location  should  have  redundant   power  supplies,  such  as  battery  and  diesel  generator  backups,  to  avoid  the  negative  consequences   associated  with  a  power  failure.   8.)  Does  your  staff  include  a  highly  qualified  operations  team  that  monitors  the  site   24  hours  a  day,  365  days  a  year?   Your  prospective  vendor  should  have  on  staff  many  certified  security  experts,  including  those  with   the  preferred  CISSP  designation.   9.)  Is  my  data  stored  in  a  multi-­‐tenant  or  single  tenant  environment?   A  multi-­‐tenant  cloud-­‐based  ERP  is  a  set  of  pooled  computing  resources,  shared  among  many   different  organizations  (tenants).  In  short,  various  organizations  share  the  same  database.  In  a   single  tenant  environment,  customers  operate  with  their  own  individual  database.  It  is  our  belief   that  an  isolated  single  tenant  environment  best  maximizes  performance,  security,  privacy  and   integration.   10.)  How  safe  is  your  data  center  in  terms  of  natural  disasters?   Your  potential  provider  should  be  prepared  for  any  number  of  natural  disasters.  In  addition  to  a   windowless,  cement  building  with  steel  fortifications,  the  provider  should  have  multiple  power   sources  and  redundant  incoming  lines  provisioned  in  an  N+1  configuration  for  continuous  power.   For  example,  our  main  data  center’s  backup  generators  can  power  a  city  of  25,000  people  -­‐  which   allows  us  to  go  off  grid  for  28  days  without  water,  electricity,  sewer,  or  natural  gas  feeds.   CLARITY  es:  Cloud-­‐Hosted  –Microsoft-­‐Powered   The  ERP  platform  of  the  CLARITY  es  solution  is  cloud-­‐hosted  and  powered  by  Microsoft  Dynamics   AX,  considered  by  Gartner  as  a  market  leader.  The  cloud-­‐hosting  ensures  rapid  implementation   and  low  up-­‐front  costs.   CLARITY  es  provides  multiple  customized  portals  and  tailored  solutions  for  all  aspects  of   your  business:   • Finance  &  Accounting   • Procurement   • Human  Capital  Management   • Sales  &  Marketing  (CRM)   • Project  Accounting   • Supply  Chain  Management   • Production  /  Manufacturing   • Business  Intelligence  &  Reporting   CLARITY  es  is  a  composite  and  customizable  solution  with  core  industry-­‐specific  functionalities.  All   elements  of  the  solution  from  application  implementation,  support  and  hosting  to  service  delivery   with  guaranteed  metrics  are  provided  by  Sutherland  Global  Services  –  one  of  the  world’s  largest   pure-­‐play  BPO  service  providers. Cloud  Security:  Bringing  CLARITY  to  Common  Myths  and  Misconceptions  ©  2012  Sutherland  Global  Services.   Page  8
  • 9. Dynamics  AX  Power   Powerful  Foundation  Gives  You  More  Value  Faster   Pre-­‐built  industry-­‐specific  functionalities  enable  users  to  streamline  mission-­‐critical  business   processes  with  workflow  functionality  and  alerts  that  provide  automatic  notification  of  pending   tasks  and  events.  These  features  provide  management  real-­‐time  visibility  into  critical  business   data  through  customized  dashboards  and  reports.  With  powerful  embedded  business  intelligence   and  analytics,  you  will  be  able  to  run  ad-­‐hoc  reports  rapidly  and  streamline  workflows.   CLARITY  es  Cloud  Advantage   Supply  Chain   CLARITY  es  has  complete  supply  chain  integration  and  is  customizable  to  your  industry   and  business.   Flexible  &  Agile   CLARITY  es  gives  you  flexible  deployment  options,  allowing  you  to  switch  between  the  cloud  and   on-­‐premise  deployment,  implementing  your  solutions  all  at  once  or  in  phases.  This  unified  natural   model  offers  companies  improved  forecasting,  reporting,  and  budgeting  abilities.  Extend  these   models  with  industry-­‐specific  capabilities  as  the  company  evolves.   Web  Access   CLARITY  es  gives  you  anywhere,  anytime  access  with  97.99%  Up  Time.  This  user-­‐centric  platform   provides  access  to  more  people,  including  customers  and  partners,  while  guaranteeing  data   control  maintenance  and  integrity.  You  get  a  dedicated  environment  (not  multi-­‐tenant)  that   replicates  on-­‐premise  configuration,  the  administrative  rights  to  the  servers,  and  a  secure  VPN   access.  Your  data  will  be  available  where  you  need  it,  when  you  need  it.  CLARITY  es  is  certified   SSAE  16  (formerly  SAS  70  Type  II)  compliant.   Simplified  Solution  Drives  Adoption  &  Lowers  Costs   The  interface  is  familiar  and  intuitive,  allowing  for  easy-­‐to-­‐use  collaboration  with  colleagues,   partners,  vendors,  and  customers  using  integrated  email,  instant  messaging,  and  presence   information  through  unified  communications.       Cloud  Security:  Bringing  CLARITY  to  Common  Myths  and  Misconceptions  ©  2012  Sutherland  Global  Services.   Page  9
  • 10. Sutherland  Global  –  A  Practical  Overview   Structure   • Globally  distributed  delivery  capacity  and  domain  capability   • The  Deloitte-­‐established  Tulsa  FAO  Centre  of  Excellence  has  been  servicing   clients  since  1995   • Strategic  global  locations  designed  to  satisfy  SSAE  16  (formerly  SAS  70  Type  II)  standards   and  Sarbanes-­‐Oxley  requirements   Capability   • Full  suite  of  BPaaS  services  –  transaction  processing  to  financial  and   management  reporting   • Integrated  analytics  to  support  Collections,  Financial  Planning  and  Analysis  functions   • Onshore,  offshore  and  hybrid  solutions  tailored  to  meet  client-­‐specific  needs   Expertise   • Dedicated  team  experienced  in  business  transformation,  process  optimization   and  transition  services   • Expertise  in  utilizing  existing  client  applications  and/or  SGS-­‐hosted  ERP  systems   • Robust  set  of  add-­‐on  technologies  supported  by  in-­‐house  application  management  team   Flexibility   • Custom-­‐crafted  Pricing  and  Commercial  Structure  aligned  to  client  needs  and  objectives   • Output/Outcome  Based  Pricing  and  No  Termination  penalties         If  you  would  like  to  continue  the  conversation  and  get  information  about   our  CLARITY  es  offering  please  contact:  +1-­‐800-­‐388-­‐4557     Cloud  Security:  Bringing  CLARITY  to  Common  Myths  and  Misconceptions  ©  2012  Sutherland  Global  Services.   Page  10
  • 11.   About  Sutherland  Global  Services   Sutherland  Global  Services  is  a  multi-­‐national  technology-­‐enabled  business  process  outsourcing   (BPO)  services  company  providing  a  unique  combination  of  vast  BPO  resources  as  well  as   extensive  expertise  and  industry  knowledge  in  Finance  and  Accounting.  We  help  you  build  a  high-­‐ performance  finance  organization  by  combining  accounting  best  practices  with  proven  BPO   processes.  Our  global  service  delivery  infrastructure  and  full  range  of  outsourcing  solutions  –  from   specific  transactional  processes  to  controller  and  compliance  functions  –help  you  reduce  costs   while  gaining  better  visibility  and  control  of  financial  processes  and  data.  All  of  our  finance  and   accounting  engagements  are  led  by  our  Controllership  &  Management  Center,  based  in  Tulsa,   Oklahoma.   Our  strategy  quickly  improves  your  F&A  operations  by  adapting  a  set  of  standardized  processes   and  using  technology  and  automation  to  improve  efficiency.  We  begin  by  analyzing  your  existing   accounting  workflows,  then  we  design  an  outsourcing  solution  based  on  your  business  objectives   and  available  resources.  Ongoing  processes  are  transferred  to  our  organization.  Once  this   transition  is  complete,  we  follow  through  to  ensure  flawless  service  delivery.         The  Result:  You  gain  access  to  higher  quality,  more  complete  financial  information  to  support   effective  tactical  and  strategic  decision-­‐making  across  your  business.  Our  outsourcing  solution  not   only  reduces  the  cost  of  the  finance  function;  it  provides  CFOs  the  opportunity  to  focus  the   organization  on  what  is  strategically  important  to  the  business.             Cloud  Security:  Bringing  CLARITY  to  Common  Myths  and  Misconceptions  ©  2012  Sutherland  Global  Services.   Page  11