Orchestrating the
New Paradigm
Master class
Cloud Computing
Utrecht – 27 Juni 2011
John Hermans
Today’s Cloud Marketplace Perspectives
Gartner
Savvis
Gartner estimates that global spending
on cloud services will hit $68 billion
this year, a gain of 16% over 2009,
which is more than triple the expected
growth rate for total IT spending.
70 percent of IT decision makers
are using or planning to use
cloud computing in their own
enterprises within 24 months.
CFO Magazine, December 2010
Microsoft
―For the cloud we are all in!‖ – Steve
Ballmer (CEO)
Windows IT Pro Magazine,
February 1, 2011
China
China is going to see a cloud computing
market worth over RMB60 billion [~$9.1
Billion USD] in 2012.
News Track Daily, January 20, 2011
March, 2010
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a Swiss entity. All rights reserved.
KPMG and the KPMG logo are registered trademarks of KPMG International Cooperative (―KPMG International‖), a Swiss entity.
1
Understanding the Cloud Environment
Cloud
Environment
=
Internet-based data
access & exchange
Cloud Environment
Characteristics:
On-Demand
Self-Service
+
Internet
Accessibility
Cloud Service Models
Software
as a Service
Platform
as a Service
“SaaS”
“PaaS”
Internet-based access to low cost
computing & applications
Pooled
Resources
Elastic
Capacity
UsageBased
Billing
Cloud Deployment Models
Infrastructure
as a Service
Private
Operated for a single organization
Public
Available to the general public or large industry
group, owned by an organization selling cloud
services
Community
Shared by several organizations, supporting a
specific community
“IaaS”
Business operations
over a network
Deploy customercreated applications to
a cloud
Rent storage,
processing, network
and other computing
resources
Google Docs,
Salesforce.com
MS Azure, Amazon
Web Services
Mozy, Rackspace
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a Swiss entity. All rights reserved.
KPMG and the KPMG logo are registered trademarks of KPMG International Cooperative (―KPMG International‖), a Swiss entity.
2
Discussion Topics
1. Cloud: A Game Changer
2. Cloud‘s Impact on Business
3. Cloud‘s Impact on IT
4. Impact of Cloud on Business Operations
Appendix: Understanding the Cloud
Environment
Cloud: A Game Changer Looking for Business
Leadership
Cloud virtualizes IT—but it transforms
business.
 The Cloud conversation usually starts with IT.
The problem is, it often ends there, too.
 It‘s easy to focus on how moving to the Cloud
helps a business cut costs, but it also creates
opportunities.
 Cloud is in fact one of the most
disruptive forces in business in
20 years.
The question is, how can you transform your business to
take advantage of this fundamental disruption?
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a Swiss
entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International Cooperative (―KPMG
International‖), a Swiss entity.
Impact of Cloud on IT
4
Not Just Cheaper, Better, Faster—
Cloud Enables Innovation
The Cloud has already changed how you work
and with whom you compete.

By virtualizing processes, the Cloud creates
new opportunities and business models.

By shattering barriers to entry, the Cloud
creates new competition. It gives ―two- guys-ina-garage‖ the scalability and infrastructure
access of an established player.
Being in the Cloud is quickly shifting from a competitive
advantage to an operational necessity.
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a Swiss
entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International Cooperative (―KPMG
International‖), a Swiss entity.
Impact of Cloud on IT
5
Too Late to Wait
Leaders
are using the Cloud to
improve business performance
and increase shareholder value,
not just cut costs.
How can you join them?
The Right CEO Questions to Ask:
 How can Cloud help solve business
issues?
 Where should you start your journey
towards Cloud?
 Which Cloud models have the greatest
potential for improving your business?
 What are the inhibitors for Cloud and how
do you mitigate risks?
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a Swiss
entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International Cooperative (―KPMG
International‖), a Swiss entity.
Impact of Cloud on IT
6
Discussion Topics
1. Cloud: A Game Changer
2. Cloud‘s Impact on Business
3. Cloud‘s Impact on IT
4. Impact of Cloud on Business Operations
Appendix: Understanding the Cloud
Environment
Cloud Impact on Business
Cloud
Environment
=
Internet-based data access &
exchange
+
Internet-based access to low cost computing &
applications
Virtualized Technology
Virtualized Processes
Virtualized
Organization
Opportunities to Leverage
Commoditized Enterprise
Applications and Economies
of Scale
Virtualized Business Models to drive…
Increased Agility
Greater Flexibility
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a Swiss entity. All rights reserved.
KPMG and the KPMG logo are registered trademarks of KPMG International Cooperative (―KPMG International‖), a Swiss entity.
Faster Results
Reduced Cost
8
Business Benefits of Cloud
Cloud provides businesses increased agility and greater flexibility, yielding faster results at a reduced cost.
Increased Agility
Rapidly respond to changing market conditions or needs
Greater Flexibility
More options in combining people, process, and technology to
deliver economic value
Faster Results
Faster time-to-value in achieving results that support more
iterative solution design and delivery strategies
Reduced Cost
Lower total cost to deploy new solutions or to achieve new
capability levels
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a
Swiss entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International
Cooperative (―KPMG International‖), a Swiss entity.
Increased Agility
Cloud provides a business with increased agility to rapidly respond to changing market conditions or needs.
Business Responsiveness

Respond faster to gaps or deficiencies in capabilities

Increase speed in rolling out new offerings internally

Speed business innovation to the marketplace
IT Resource Availability

Reduce dependence on IT function to deliver new
capabilities

Rapidly provision computer & engineering resources

Scale to support the needs of business innovation
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a
Swiss entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International
Cooperative (―KPMG International‖), a Swiss entity.
Greater Flexibility
Cloud provides unprecedented flexibility and more options in combining people, process, and technology to
delivery economic value.
People
 Makes virtual resources available internally
and externally
 Offers ability to combine best-in-class
service providers (logistics, payroll, engineering, etc.)
Process
 Provides access to providers of leading
practice process and service
 Allows companies to leverage the
process improvements of a larger
user community
Technology
 Enables organization to source an array
of IT capabilities (SaaS, IaaS, PaaS)
 Offers IT resources on demand
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a
Swiss entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International
Cooperative (―KPMG International‖), a Swiss entity.
Technology
Unprecedented Flexibility to
Fill Gaps
People
Process
Faster Results
Our experience demonstrates that Cloud provides faster time-to-value, supporting more iterative solution
deployments



Allows organizations to be more
experimental in delivering new
capabilities without significant
investment of time and money
Allows technology deployments
to be more iterative, delivering
incremental value to the organization
faster
Often eliminates technology
provisioning all together and significantly
reduces time to configure
Traditional Solution Deployment
ROI
18 to 36 Months
Go Live
Scope
Design
Test
Cloud Enabled Solution Deployment
ROI
4 to 6 Months
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a
Swiss entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International
Cooperative (―KPMG International‖), a Swiss entity.
Accept
ROI
4 to 6 Months
ROI
4 to 6 Months
Reduced Cost
In many instances, Cloud provides a lower total cost to deploy new solutions and to achieve new capability
levels
Possible 40% - 60%
Reduction in TCO
 Lower upfront cost
Software
 May allow switch from fixed cost to
variable cost
 May reduce total cost of ownership
Hardware
Cloud Model
Hosting
 Provides ability to scale usage and
related costs as warranted
Operations
Support
Traditional
Deployment
 Limits capital outlay to ―activate‖ a service
Public Cloud
Enabled
Deployment
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a
Swiss entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International
Cooperative (―KPMG International‖), a Swiss entity.
KPMG Survey May 2010
Conducted in the Netherlands – 120 CIOs/CISOs participated
14
© 2011
© 2011
KPMG
KPMG
Advisory
Advisory
N.V.,
N.V.,
a Dutch
the Dutch
limited
member
liabilityfirm
company,
of KPMG
is aInternational
subsidiary of
Cooperative
KPMG Europe
(―KPMG
LLP International‖),
and a membera
firm
Swiss
of theentity.
KPMG
Allnetwork
rights reserved.
of independent
KPMG member
and the KPMG
firms affiliated
logo arewith
registered
KPMG trademarks
InternationalofCooperative
KPMG International
(‗KPMG
International‘),
Cooperativea(―KPMG
Swiss entity.
International‖),
All rightsareserved.
Swiss entity.
Cloud into perspective: cloud computing is both marginal and significant
•
Marginality of the cloud
• Europe < 5 percent of total IT spending
• US: 60 percent of total IT spending
•
Significance of the cloud
• Growth of commercial cloud services 20 to
30 percent per year (2010-2015)
• Move towards centralization and
commoditization of IT
© 2011
© 2011
KPMG
KPMG
Advisory
Advisory
N.V.,
N.V.,
a Dutch
the Dutch
limited
member
liabilityfirm
company,
of KPMG
is aInternational
subsidiary of
Cooperative
KPMG Europe
(―KPMG
LLP International‖),
and a membera
firm
Swiss
of theentity.
KPMG
Allnetwork
rights reserved.
of independent
KPMG member
and the KPMG
firms affiliated
logo arewith
registered
KPMG trademarks
InternationalofCooperative
KPMG International
(‗KPMG
International‘),
Cooperativea(―KPMG
Swiss entity.
International‖),
All rightsareserved.
Swiss entity.
15
Cloud Can Be Implemented in Multiple Ways
Cloud can be delivered
through a variety of service
and deployment models
(i.e., SaaS, Public, Private)
It is often provided through a
hybrid of these options.
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a
Swiss entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International
Cooperative (―KPMG International‖), a Swiss entity.
Public
Cloud
Community
Cloud
Private
Cloud
Where Do Most Organizations Begin?
Most organizations are investing in Software as a Service in both Public and Community deployment models
as well as investing in Private Clouds.
Software as a
Service in the Public
Cloud is a model for
delivering cloud
technologies to
support specific
business services over
the Internet
Community Cloud brings
together private networks
with external partners to
enhance the entire value
chain across businesses,
suppliers, and customers
Community Cloud brings together private
Community
networks with external
partners to enhance
Cloud
the entire value chain across businesses,
suppliers,Public
and customers
Cloud
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a
Swiss entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International
Cooperative (―KPMG International‖), a Swiss entity.
Private
Cloud
Private Cloud extends
existing internal efforts to
virtualize IT by enabling the
delivery of IT as a Service,
going further in reducing
long-term operational costs
than just traditional
virtualization. Infrastructure
as a Service models are
often core aspects of a
private cloud.
Community and SaaS – Maximizing the Benefit
Community Model
SaaS Model
in Public Model
Private Model
Increased Agility



Greater Flexibility



Faster Results


?


?
Reduced Cost
While all Cloud models deliver on the promise of agility and flexibility faster and cheaper, Private Clouds
pose short-term speed and cost considerations, especially when they are internally hosted. Use of IaaS
offerings (internally and externally) can mitigate cost and speed issues, but organizations must balance
those gains with the data privacy/security risks they are willing to take.
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a Swiss entity. All rights reserved.
KPMG and the KPMG logo are registered trademarks of KPMG International Cooperative (―KPMG International‖), a Swiss entity.
18
Community Cloud
Community Cloud
 Brings together private networks with
external partners
Flexibility: Offers shared
investment and setup costs
and the ability to work with
trusted suppliers who are part
of the community.
 Enhances the entire value chain
across businesses, suppliers, and
customers
Extended Organization:
Supports processes and
solutions that span multiple
business partners including
suppliers, providers, and
customers.
Common Standards: Allows related
companies to share common IT
capabilities such as data services,
security services, and testing services.
Collaboration: Allows
organizations to leverage
and access services used
by other participating
organizations creating
unprecedented synergies.
Faster Time-to-Market:
Speeds innovation as all
organizations benefit from
advances made by others in
the cloud.
Community clouds allow businesses with common interests to leverage shared services to support new
business models offering the greatest potential for transformational impact.
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a Swiss entity. All rights reserved.
KPMG and the KPMG logo are registered trademarks of KPMG International Cooperative (―KPMG International‖), a Swiss entity.
19
Community Cloud (continued)
As an example, Community Clouds allow companies to synchronize business processes across multiple
tiers of business partners
Order
Management
Forecast-based
Replenishment
New Product
Introduction
Collaborative
Forecasting
Buy / Sell
Procurement
Vendor Managed
Inventory
Transportation
Management
Procure to Pay
Processes
Point of Sale Based
Replenishment
Collaborative
Design
Supplier
Manufacturer
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a
Swiss entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International
Cooperative (―KPMG International‖), a Swiss entity.
Distributor
Replenishment Schedule
Receipts
Inventory Positions
POS Information
Receipts
Inventory Positions
Load Information
Shipping Information
Replenishment Plans
Replenishment Schedule
Receipts
Inventory Positions
Order Commits
Replenishment Orders
Replenishment Plans
Load Information
Shipping Information
Inventory Positions
Order Commits
Replenishment Plans
Suggested Orders
Community Cloud Platform
Retailer
Software as a Service (SaaS)
Software as a Service
 Delivery of specific business services
Flexibility: Enables faster
change management cycles
and access to technology
advances made by the
solution provider.
over a network, most commonly the
Internet
 The applications are accessible from
various client devices through web
browsers.
Scalability and Elasticity:
Allows access to IT solutions
from best-in-class providers
quickly and as needed
Time and Cost Savings: Saves time
and costs compared with traditional
client server model that deploys
software on internal infrastructure
Best Practices: Offers
opportunity to leverage best
practice processes and
technologies in use across
the organization‘s industry.
Faster and Better: Offers security
and functionality at lower costs and
with faster results
SaaS speeds up the realization of business benefit of IT solutions at lower up-front costs.
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a Swiss entity. All rights reserved.
KPMG and the KPMG logo are registered trademarks of KPMG International Cooperative (―KPMG International‖), a Swiss entity.
21
Private Cloud
Public
Cloud
Community
Cloud
Private
Cloud
Private Cloud
 Extends existing internal efforts to
Expensive: Requires
high initial set-up
investments, but long
term operational costs
may be less.
virtualize IT by enabling the delivery of
IT as a Service,
 Enables reduction in long-term
operational costs
Minimum Risk: Provides
the benefits of accessing IT
as a service while
minimizing the risks
associated with using public
cloud solutions
Control: Provides those with data
sensitivity concerns with the most
control and least risk of any of the
cloud options
Convenience: Offers a way
to deliver internal
applications through a thin
customer web interface
providing an internal
Software as a Service
capability
Infrastructure as a Service: IaaS
tends to be the primarily service
model used in private deployment
models (over PaaS and SaaS)
because it is a natural evolution of
virtualization of IT infrastructure
Private clouds reduce operational costs through virtualization and delivery of IT as a service.
They are currently popular due to regulatory, data security/privacy, and performance
concerns.
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a Swiss entity. All rights reserved.
KPMG and the KPMG logo are registered trademarks of KPMG International Cooperative (―KPMG International‖), a Swiss entity.
22
Discussion Topics
1. Cloud: A Game Changer
2. Cloud‘s Impact on Business
3. Cloud‘s Impact on IT
4. Impact of Cloud on Business Operations
Appendix: Understanding the Cloud
Environment
Too Late to Wait
Too Late to Wait
Leaders are using the Cloud to improve
business performance, not just cut costs.
How can you join them?
The Right CIO Questions to Ask Now:
 How will the adoption of Cloud within my
enterprise impact our IT delivery
capabilities?
 How do I transform my IT organization to
effectively support Cloud enabled business
models?
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a Swiss
entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International Cooperative (―KPMG
International‖), a Swiss entity.
Impact of Cloud on IT
24
IT Leaders Are Responding
Now
Cloud forces IT organizations to evolve from a
traditional services provider model to a highly agile
services integrator model. The results?
 Those who resist are seeing their business leaders
move to the Cloud on their own.
 Leaders are focused on enhancing internal capabilities
and integrating multiple IT service offerings from
internal and external providers.
 Vendor management, IT governance, and information
architectures are critical.
 Rethinking their enterprise architectures to leverage
the value cloud can bring to key business processes
Increasingly, CIOs are shedding the support persona and
taking a seat at the strategy table.
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a Swiss
entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International Cooperative (―KPMG
International‖), a Swiss entity.
25
Cloud Computing is here to stay !
© 2011
© 2011
KPMG
KPMG
Advisory
Advisory
N.V.,
N.V.,
a Dutch
the Dutch
limited
member
liabilityfirm
company,
of KPMG
is aInternational
subsidiary of
Cooperative
KPMG Europe
(―KPMG
LLP International‖),
and a membera
firm
Swiss
of theentity.
KPMG
Allnetwork
rights reserved.
of independent
KPMG member
and the KPMG
firms affiliated
logo arewith
registered
KPMG trademarks
InternationalofCooperative
KPMG International
(‗KPMG
International‘),
Cooperativea(―KPMG
Swiss entity.
International‖),
All rightsareserved.
Swiss entity.
26
The hybrid environment as new paradigm
•
On premise IT, serviced by
local, ―own‖ organization
Organization
•
Outsourced IT, serviced by
limited number of outsourcing
partners
Users
IT in the Cloud, services by
growing numbers of cloud
service providers
Users
Services
Internet
or LAN
•
Other Cloud
Customers
Internet
Service provider
Organizations Internal IT
Service provider
Service provider
Hardware, software + data
Hardware, software + data
Hardware, software + data
Internal Data Center
Managed hosting
Third-Party Vendor (Multi-Tenant)
Combined Public + Private Cloud
Private
Private-External
Public
Hybrid
© 2011
© 2011
KPMG
KPMG
Advisory
Advisory
N.V.,
N.V.,
a Dutch
the Dutch
limited
member
liabilityfirm
company,
of KPMG
is aInternational
subsidiary of
Cooperative
KPMG Europe
(―KPMG
LLP International‖),
and a membera
firm
Swiss
of theentity.
KPMG
Allnetwork
rights reserved.
of independent
KPMG member
and the KPMG
firms affiliated
logo arewith
registered
KPMG trademarks
InternationalofCooperative
KPMG International
(‗KPMG
International‘),
Cooperativea(―KPMG
Swiss entity.
International‖),
All rightsareserved.
Swiss entity.
Hardware, software + data
27
IT ―Service Integrator‖ Model: ability to ―Orchestrate‖
Successful adoption of a Cloud delivery model depends on an organization’s ability to establish a robust
Enterprise IT Service Integration model.
The Business
Service Ownership:
• Single Point of Contact
with the Cloud Service
Providers (CSP) & IT
• Demand Capture
• Services Standards
• Service Level
Monitoring
IT Risk Management
Service
Owner
IT Risk
Manager
Vendor
Manager
IT Finance
Manager
• Risk identification and
analysis across
different CSPs
• Risk library
• Vendor/CSP Audits
IT Finance
Management
Vendor Management:
• Vendor certification
• Contract Negotiations
Rackspace
Google
Amazon Web Services
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a
Swiss entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International
Cooperative (―KPMG International‖), a Swiss entity.
Internal IT
Organization
(retained IT Services)
• Business case
• Service Costing and
Chargeback
• SLA penalty-bonus
calculation
Discussion Topics
1. Cloud: A Game Changer
2. Cloud‘s Impact on Business
3. Cloud‘s Impact on IT
4. Impact of Cloud on Business Operations
Appendix: Understanding the Cloud
Environment
Too Late to Wait
Leaders are using the Cloud to
improve business performance,
not just cut costs.
How can you join them?
The Right COO / CRO Questions to Ask
Now?
 Does adopting cloud impact my financial
processes?
 What are the tax implications of adopting
cloud?
 How will I control and manage my data?
 How do I manage cloud related security
and privacy risks?
 How do I still comply with regulations while
sending my data to cloud providers?
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a Swiss
entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International Cooperative (―KPMG
International‖), a Swiss entity.
Impact of Cloud on IT
30
Considerations
Dependency of the cloud
• External data storage and processing
• Sharing of IT resources (multi tenancy)
• Dependency on the public internet
Complexity of the hybrid environment
• Multiple concepts regarding:
•
Data management
•
Contracts
•
Technology
Security
Financial
Assurance
•
Complexity to ensure compliance
•
Lack of industry standards and certifications for
cloud providers (ISAE3400 / ISAE3000)
•
Emerging government schemes like FEDRAMP
© 2011
© 2011
KPMG
KPMG
Advisory
Advisory
N.V.,
N.V.,
a Dutch
the Dutch
limited
member
liabilityfirm
company,
of KPMG
is aInternational
subsidiary of
Cooperative
KPMG Europe
(―KPMG
LLP International‖),
and a membera
firm
Swiss
of theentity.
KPMG
Allnetwork
rights reserved.
of independent
KPMG member
and the KPMG
firms affiliated
logo arewith
registered
KPMG trademarks
InternationalofCooperative
KPMG International
(‗KPMG
International‘),
Cooperativea(―KPMG
Swiss entity.
International‖),
All rightsareserved.
Swiss entity.
Business
Risks
Operational
Vendor
Regulatory
Compliance
Technology
31
Risk and security is seen as major concern for cloud adoption
© 2011
© 2011
KPMG
KPMG
Advisory
Advisory
N.V.,
N.V.,
a Dutch
the Dutch
limited
member
liabilityfirm
company,
of KPMG
is aInternational
subsidiary of
Cooperative
KPMG Europe
(―KPMG
LLP International‖),
and a membera
firm
Swiss
of theentity.
KPMG
Allnetwork
rights reserved.
of independent
KPMG member
and the KPMG
firms affiliated
logo arewith
registered
KPMG trademarks
InternationalofCooperative
KPMG International
(‗KPMG
International‘),
Cooperativea(―KPMG
Swiss entity.
International‖),
All rightsareserved.
Swiss entity.
32
Dimensions of Risk
Operating in a cloud environment presents risks in six key dimensions
Security
Financial

Underestimated start-up costs

Data segregation, isolation, encryption

Exit costs

Information security

Contract complexity

Identity and access management

Run-away variable costs

Intellectual property protection
Security
Financial
Vendor

Vendor lock-in

Service provider reliance

Performance failure

Vendor governance
Operational
Business
Risks

Complexity to ensure compliance

Lack of industry standards and certifications
for cloud providers

Records management / records retention

Regulatory change control, reliant on vendor
timeliness

Data privacy
© 2011
© 2011
KPMG
KPMG
Advisory
Advisory
N.V.,
N.V.,
a Dutch
the Dutch
limited
member
liabilityfirm
company,
of KPMG
is aInternational
subsidiary of
Cooperative
KPMG Europe
(―KPMG
LLP International‖),
and a membera
firm
Swiss
of theentity.
KPMG
Allnetwork
rights reserved.
of independent
KPMG member
and the KPMG
firms affiliated
logo arewith
registered
KPMG trademarks
InternationalofCooperative
KPMG International
(‗KPMG
International‘),
Cooperativea(―KPMG
Swiss entity.
International‖),
All rightsareserved.
Swiss entity.
Regulatory
Compliance
Business Resiliency/Disaster
Recovery

Service reliability and uptime

SLA Compliance
Operational
Vendor
Regulatory Compliance

Technology
Technology

Cross-vendor compatibility

Proprietary lock-in

Customization limitations

Inadequate change control capabilities

Technical security risks
33
Key Risks & Challenges in Adopting Cloud
Cloud adoption requires a careful examination of the potential operational risks and challenges in addition to
the technology questions.
Financial Management
and Tax
Security and Privacy
Operational
Data & Technology
Regulatory and
Compliance
Vendor Management




Movement from CapEx to OpEx model impacts existing budgeting, forecasting, and reporting processes
CapEx to OpEx model and changes in the character and source of service impacts tax considerations
Outdated tax laws and regulations create uncertainty when characterizing the various cloud transactions
Cloud ROI and cost/benefit analysis are complicated by need for knowledge of existing cost of delivery and future use of service
 Data may be stored in cloud (1) without proper customer segregation allowing possible accidental or malicious disclosure to third parties
and/or (2) in a legal jurisdiction where the rights of data subject are not protected
 Loss of governance of critical areas, e.g., vulnerability management, infrastructure hardening, or physical security
 Weak logical access controls due to cloud vendor‘s IAM immaturity
 Cloud adoption introduces rapid change in the organization
 Cloud sourcing may impact existing organizational roles and could require new skills or make others redundant
 Business resiliency/disaster recovery needs and plans will change and require updating




Risk of creating independent silos of information perpetuate the problem of data integrity, quality, and insight
Business can bypass the IT function to implement technology solutions, posing challenges for IT governance
Cloud delivery models dramatically change how IT delivers technology services to support business requirements
Cloud adoption opens the four Data Center walls to external IT Services providers, creating new risks
 Lack of visibility into the Cloud Service Providers (CSPs) operations inhibits analysis of its compliance with pertinent laws and
regulations
 Complexity of records management/records retention creates challenges
 Lack of industry standards and certifications for cloud providers creates risks
•
•
•
Lack of clarity of ownership responsibilities between cloud vendor and user company
No prevalent standards for vendor interoperability
Extensive reliance on CSPs
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a
Swiss entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International
Cooperative (―KPMG International‖), a Swiss entity.
To conclude
Orchestration of the hybrid environment is a critical success factor
© 2011
© 2011
KPMG
KPMG
Advisory
Advisory
N.V.,
N.V.,
a Dutch
the Dutch
limited
member
liabilityfirm
company,
of KPMG
is aInternational
subsidiary of
Cooperative
KPMG Europe
(―KPMG
LLP International‖),
and a membera
firm
Swiss
of theentity.
KPMG
Allnetwork
rights reserved.
of independent
KPMG member
and the KPMG
firms affiliated
logo arewith
registered
KPMG trademarks
InternationalofCooperative
KPMG International
(‗KPMG
International‘),
Cooperativea(―KPMG
Swiss entity.
International‖),
All rightsareserved.
Swiss entity.
35
Key messages
© 2011
© 2011
KPMG
KPMG
Advisory
Advisory
N.V.,
N.V.,
a Dutch
the Dutch
limited
member
liabilityfirm
company,
of KPMG
is aInternational
subsidiary of
Cooperative
KPMG Europe
(―KPMG
LLP International‖),
and a membera
firm
Swiss
of theentity.
KPMG
Allnetwork
rights reserved.
of independent
KPMG member
and the KPMG
firms affiliated
logo arewith
registered
KPMG trademarks
InternationalofCooperative
KPMG International
(‗KPMG
International‘),
Cooperativea(―KPMG
Swiss entity.
International‖),
All rightsareserved.
Swiss entity.
36
APPENDIX
UNDERSTANDING THE CLOUD
ENVIRONMENT
Understanding the Cloud Environment
Cloud
Environment
=
Internet-based data
access & exchange
Cloud Environment
Characteristics:
On-Demand
Self-Service
+
Internet
Accessibility
Cloud Service Models
Software
as a Service
Platform
as a Service
“SaaS”
“PaaS”
Internet-based access to low cost
computing & applications
Pooled
Resources
Elastic
Capacity
UsageBased
Billing
Cloud Deployment Models
Infrastructure
as a Service
Private
Operated for a single organization
Public
Available to the general public or large industry
group, owned by an organization selling cloud
services
Community
Shared by several organizations, supporting a
specific community
“IaaS”
Business operations
over a network
Deploy customercreated applications to
a cloud
Rent storage,
processing, network
and other computing
resources
Google Docs,
Salesforce.com
MS Azure, Amazon
Web Services
Mozy, Rackspace
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a Swiss entity. All rights reserved.
KPMG and the KPMG logo are registered trademarks of KPMG International Cooperative (―KPMG International‖), a Swiss entity.
38
Understanding the Cloud Service Models
Description
 Provider applications are accessible through a thin client interface
such as a web browser
Software as a
Service
Less End User
Management
 Provider manages/controls the infrastructure including network,
servers, operating systems, storage, or individual application
capabilities
E.g., Google Apps, MS Office Live, Netsuite, Salesforce
More End User
Control
Platform as a
Service
Less End User
Management
 Enables customer to deploy onto the cloud infrastructure
consumer-created or acquired applications created using
programming languages/tools supported by the provider.
 Consumer does not manage/control cloud infrastructure but
has control over deployed applications and possibly application
hosting.
E.g., Windows Azure, Force.com, Google App Engine
More End User
Control
Infrastructure
as a
Service
 Provider offers quick deployment of computing resources such
as processing, storage, and network
 Developers can write applications that run on the cloud
E.g., Amazon.com, Rackspace, Terremark, IBM
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a
Swiss entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International
Cooperative (―KPMG International‖), a Swiss entity.
Understanding the Cloud Deployment Models
Each service model can be deployed leveraging several different deployment models: Private, Public, or
Community
Private Cloud: A ―closed‖ environment
for a single organization hosted internally
or by a third party

Allows an organization to act like a cloud
provider internally

Provides organization the flexibility to
rapidly scale internal IT resources

Provides organization with full control
over data

Often requires high initial investment
but helps reduce long term costs

Offers elastic capacity

May exist on or off premise
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a
Swiss entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International
Cooperative (―KPMG International‖), a Swiss entity.
Understanding the Cloud Deployment Models (continued)
Public Cloud: Infrastructure is owned by a cloud
services provider, which makes it available to
the general public or a large industry group

Uses pay-as-you-go, utility pricing

Provides high agility and speed-to-market

Less upfront cost

May allow switch from fixed costs to variable costs

Offers less customer control over data and
service levels

Provides the opportunity to leverage the leading
practices of an industry vertical or functional
area
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a
Swiss entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International
Cooperative (―KPMG International‖), a Swiss entity.
Understanding the Cloud Deployment Models (continued)
Community Cloud: Infrastructure is shared by
several organizations with common interests—
offering potentially the greatest
transformational value of any of the Cloud
deployment models.

Supports organizations with common
interests such as supply chain, mission,
security requirements, policy, or
compliance considerations

Often defined by industry, supply chains,
or geography

Supports the emergence of new business models
and working relationships

May be managed by the community or a
third party

May exist on or off premise
© 2011 KPMG Advisory N.V., the Dutch member firm of KPMG International Cooperative (―KPMG International‖), a
Swiss entity. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International
Cooperative (―KPMG International‖), a Swiss entity.
KPMG Key Contact Details
John Hermans
Partner
KPM G Advisory N.V.
Tel: +31 6 51 366 389
Email: [email protected]
© 2011
© 2011
KPMG
KPMG
Advisory
Advisory
N.V.,
N.V.,
a Dutch
the Dutch
limited
member
liabilityfirm
company,
of KPMG
is aInternational
subsidiary of
Cooperative
KPMG Europe
(―KPMG
LLP International‖),
and a membera
firm
Swiss
of theentity.
KPMG
Allnetwork
rights reserved.
of independent
KPMG member
and the KPMG
firms affiliated
logo arewith
registered
KPMG trademarks
InternationalofCooperative
KPMG International
(‗KPMG
International‘),
Cooperativea(―KPMG
Swiss entity.
International‖),
All rightsareserved.
Swiss entity.
43
© 2011 KPMG Advisory N.V., registered with the trade register in the
Netherlands under number 33263682, is a subsidiary of KPMG Europe
LLP and a member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (‗KPMG
International‘), a Swiss entity. All rights reserved. Printed in the
Netherlands. The KPMG name, logo and ‗cutting through complexity‘
are registered trademarks of KPMG International Cooperative.
The KPMG name, logo and ‗cutting through complexity‘ are registered
trademarks or trademarks of KPMG International Cooperative (KPMG
International).