WebinarHelping Customers Get Comfortable with the Cloud

© 2015, Perfecto Mobile Ltd. All Rights Reserved.

Agenda – Going from prospect to customer• Understand the customer:• Vendor Engagement • It is all about the data.

• In scope data for the service provided• In scope data for the processes the customer uses

• Risk Assurance• Compliance• 3rd Party Attestation• Control framework maturity

• Closing

05/03/23 2© 2015, Perfecto Mobile Ltd. All Rights Reserved.

Introduction – Customer Fear

• Anticipate that your customer (or your customers’- customer) will not be an expert in what you are selling. • Be prepared to address their

concerns which are usually based on bad information and/or actual experience. • Avoid language traps –• We have never been hacked.• We have never failed an audit.

05/03/23 3© 2015, Perfecto Mobile Ltd. All Rights Reserved.

Introduction – Real World Risk and Reality

• Cyber crime, international terrorism and global socio-economic concerns are real issues.

• According to Stopthehacker.com • Nearly three quarters, 73% of all Americans have fallen victim to some type of

cyber crime.• “In a recent survey it was reported that 90 percent of all businesses suffered

some sort of computer hack over the past 12 months and 77% of these companies felt that they were successfully attacked several times over the same period of time.”

• “Over 27 million Americans have fallen victim to identity theft over the past five years. 9 million of them found their identities stolen in the last year alone.”

• According to 2016 Verizon Databreach Investigation Report (DBIR)• “No locale, industry or organization is bulletproof when it comes to the

compromise of data.”• “…when it comes to data disclosure, the attacker is not coming from inside the

house”

• “The good guys are losing…”****

05/03/23 4© 2015, Perfecto Mobile Ltd. All Rights Reserved.

Understand The Customer Objectives

• Most popular reasons business drivers for the cloud:• Lower costs associated with operations (capital and operational)• Minimize onsite footprint• On demand infrastructure (always new)• Unlimited and automated upgrades• Redundancy and business recovery• Any device, any where at any time (IOT)

• Most common business objectives:• Reduce cost• Improve time to market• Do more with less…

05/03/23 5© 2015, Perfecto Mobile Ltd. All Rights Reserved.

Closing the Customer Engagement Gap

• Extend the initial customer engagement to include all owners of the procurement process:

• Risk Manager (CXO or Financial Stakeholder)• Vendor Management Team• Financial Manager(s)

• Be Wary of the Disconnects among stakeholders• Reducing risk vs Rapid Expansion • Trust vs Reputation• Encourage a healthy internal dialogue.

• Be Aware of the Disposition of risk owner(s).• Application and Infrastructure teams speak different languages• May have limited insight to the business direction or need(s)• May have experienced one or more breaches.

05/03/23 6© 2015, Perfecto Mobile Ltd. All Rights Reserved.

Data Considerations

• The customers data is their most sensitive asset. • Limit use of real data whenever possible.• Consider worst case scenario if the data

was lost or compromised.• Enable the customer risk analysis

process (probability vs impact).• NIST 800-171 Analysis

05/03/23 7© 2015, Perfecto Mobile Ltd. All Rights Reserved.

Risk Assurance

• Tell a good story:• Have a defined risk management program;• Align with the industry standards and keep current

with changes;• Perform audits at least annually.• Provide 3rd party attestations of your program

maturity.• Certifications across multiple industry and

methodologies.

• Assurance implies “trust” but requires evidence. • Risk management is a continuous improvement

process.

05/03/23 8© 2015, Perfecto Mobile Ltd. All Rights Reserved.

Perfecto Compliance

05/03/23 9© 2015, Perfecto Mobile Ltd. All Rights Reserved.

Perfecto is compliant with various certifications and third-party attestations. These include:

•SAS70 Type II. This report includes detailed controls Perfecto operates along with an independent auditor opinion about the effective operation of those controls.

•PCI DSS Level 1. Perfecto has been independently validated to comply with the PCI Data Security Standard as a shared host service provider.

•ISO 27001. Perfecto datacenters have achieved ISO 27001 certification.

•HIPAA. Perfecto is compliant with HIPPA’s Security and Privacy Rules.

•US/EU Privacy Shield. Perfecto maintains compliance with the 2016 EU Privacy Shield (new data privacy law formerly Safe Harbor).

In Closing

•Know Your Customer•Align the offering with the business problem•Tackle the risk story up front

Gregory Johnsongregj@perfectomobile.com

781-281-5304

05/03/23 10© 2015, Perfecto Mobile Ltd. All Rights Reserved.