View
29
Download
0
Category
Preview:
Citation preview
Public vs private cloud for regulated entities
PwC
DC2: Restricted use
The cloud is for everyone … but not for everything
Public vs Private Cloud for Regulated Entities
2
March 2017
PwC
DC2: Restricted use
Opportunity … enabler
3
March 2017Public vs Private Cloud for Regulated Entities
Accessibility
Low Maintenance
Low/NoCAPEX
Flexibility
Dynamic
SAAS
PAASCo-
hosting
IAASCo-
location
Public
Hybrid
PrivateAgility
PwC
DC2: Restricted use
Rights … concerns … challenges
Public vs Private Cloud for Regulated Entities
4
March 2017
Location?
Access?
Seizure?
Stability?
Ownership?
Confidentiality?
SAAS
PAASCo-
hosting
IAASCo-
location
Public
Hybrid
Private
Auditability?
PwC
DC2: Restricted use
Is regulation slowing you down?
Public vs Private Cloud for Regulated Entities
5
March 2017
PwC
DC2: Restricted use
Many regulated sectors, Many AuthoritiesCommon principles
Public vs Private Cloud for Regulated Entities
6
March 2017
Banking
Investment services
Insurance
Remote Gaming
Health
Pharmaceuticals
Telecommunications
The professions (Legal; Engineering; Accounting and Audit; …)
MFSA
MGA
PwC
DC2: Restricted use
Does not impair the supervision of the authority
Compliance with the regulations must not be undermined
None of the conditions to which the Licensed Entity is subject must be removed or modified
Senior management does not delegate its responsibility
The relationship and obligations towards clients must not be altered
Capability to resume direct control over an outsourced activity, in extremis
Many regulated sectors, Many AuthoritiesCommon principles
Public vs Private Cloud for Regulated Entities
7
March 2017
PwC
DC2: Restricted use
50
55
60
65
70
75
80
85
90
95
Public Cloud Private Cloud Hybrid Cloud
Today, cloud is not a novelty
improved disaster recovery
better performance for global users
superior infrastructure manageability and flexibility
Public vs Private Cloud for Regulated Entities
8
March 2017
Percentages of US enterprises using public, private and hybrid clouds.
(Source: Evaluator Group Cloud Trends Analysis based on publicly available survey data.
PwC
DC2: Restricted use
Private hosted cloud for better control?
Main resistance to cloud computing:
Security
Regulation
Data protection
Public vs Private Cloud for Regulated Entities
9
March 2017
Actually, cloud service providers often enhance overall security
Generally security is shared: host and tenant are responsible for different parts of the stack
Application
Platform
Infrastructure
Operating System
Hypervisor
Hardware + network
HOSTTENANT
PwC
DC2: Restricted use
Security An improvement or a concern?
67%
Public vs Private Cloud for Regulated Entities
10
March 2017
Hosted private cloud adopters listed improved security or ability to meet compliance as its
top driver but also as its top concern
PwC
DC2: Restricted use
Safeguards
Recognise that no form of outsourcing is risk free and that risk is carried by the outsourcing entity
Due diligence in choosing cloud provider
Certifications
Location
Monitor performance and stability
Implement and test contingency plans
Consultation with the authority what alternative measures could adequately mitigate the risks involved
Public vs Private Cloud for Regulated Entities
11
March 2017
PwC
DC2: Restricted use
Contractual tips
Exit management (planned + unplanned)
Data portability
Performance measures/service levels
Confidentiality/secrecy/data protection
Chain-outsourcing obligations
Data breach notification obligations
Supervisory authority and auditor rights [data + premises]
Change in structure/ownership triggers
Public vs Private Cloud for Regulated Entities
12
March 2017
PwC
DC2: Restricted use
Branded Trust
Public vs Private Cloud for Regulated Entities
13
March 2017
Forecast:Mostly cloudy
This presentation has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining
specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law,
PricewaterhouseCoopers, its members, employees and agents do not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on
the information contained in this publication or for any decision based on it.
Copyright © 2017 PricewaterhouseCoopers. All rights reserved. PwC refers to the Malta member firm, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see
www.pwc.com/structure for further details.
Recommended