2. 2
SPEAKERS
Ross Spelman, Cloud Assurance Specialist at Espion, will show you how
businesses can confidently evaluate the impact of a move or
procurement of a cloud solution & to successfully manage software
platforms & infrastructure once in the cloud.
Nigel Tozer, Product Marketing Director EMEA at CommVault will take you
on your organisation’s journey to the Cloud & the options that public,
private & hybrid cloud strategies can provide.
Ruaidhri McSharry, COO at SureSkills will show us how cyber security is
an issue for a whole organisation, from board to staff & from customers
to suppliers – its about Resilience!
3. IT Solutions & Consulting
3
SURESKILLS
Learning
Services
Training & Certification
Learning Service Provision
- Develop
- Support
- Manage
Training Service Provision
- Certification Training
- Tailored Training
- Managed Training Services (Local)
IT Service Provision
- IT Change
- IT Transition
- IT Support
4. 4
WHAT? TRAINING & CERTIFICATION
ACCREDITATION TAILORED VALUE BLENDED
• Project Management
• Service Management
• Business Analysis
• Unified Learning
• Applications
• VMware & AWS
• Technology
• Digital Marketing
• On-Boarding
• Specialised
• Other – bespoke
requirements
Blending bespoke
learning that is multi
modality based on
learners & business
needs.
Programmes that are
developed with specific
goals in mind – sales
readiness; baseline
skills
& more
5. 5
WHAT? IT SOLUTIONS & CONSULTING
Our project management will
ensure the smooth transition
from implementation to support.
As you take ownership we will
make sure that you have the
right level of service to maintain
the systems.
With your new systems in
place and your staff trained up,
you need to ensure continued
business value – sustain with
continual service
improvement.
Change is good, we help you
plan for Change, Our planning &
risk management strategies
ensure successful & sustained
change with minimal disruption
to the business.
CHANGE TRANSITION SUSTAIN
6. 6
WHAT? LEARNING SERVICES
DEVELOP SUPPORT MANAGE
Global Support & Delivery –
Dell Education Services
Global Operations ReadinessGlobal Education Services
DEVELOP SUPPORT MANAGE
Audience
- Inside, Partners & Customers
Service Provision
- Help-Desk (L/CMS)
- BI & Analytics
- IM/KM Support
- Content Management
Comment: Helpdesk, System
Support, Migration & Content
Rationalization
Audience
- Inside, Partners & Customers
Service Provision
- Design, Development & Delivery
- Multi-Modality
- Global Certification
- Execution Excellence
Comment: ICM, VTSP, VCP, VCA – Web
Based Learning & Instructor Led Training
Audience
- Inside, Partners
Service Provision
- Full E2E Managed Learning Service
- Though-Leadership
- Business Value
- Execution Excellence
Comment: CAP/id2, 3E Approach &
Operations Launch Readiness Process
10. Organisations need to be able to confidently
evaluate the impact of a move or procurement
of a cloud solution and to successfully manage
software, platforms and infrastructure once in
the cloud.
need
11. Speaker: Ross Spelman
With an in-depth knowledge and understanding of enterprise risk
management and the importance of sound internal controls, I
help companies to assess, identify and manage risk. Through the
development and evaluation of business and technology
standards, procedures and controls I help organisations keep
their information safe, on premise or in the cloud….
12. The total market size for cloud computing
is expected to reach $555 billion by 2020.
Allied Market Research July 2014
13. Global SaaS software revenues are forecasted
to reach $106B in 2016, increasing 21% over
projected 2015 spending levels.
A Goldman Sachs study published in January
2015 had already projected that spending on
cloud computing infrastructure and platforms
will grow at a 30% CAGR through to 2018
compared with 5% growth for the overall
enterprise IT.
14. Importance for Businesses
• Achieve economies of scale – increase volume output or productivity with less people. Overall
cost per unit, project or product drops significantly.
• Reduce spending on technology infrastructure. Maintain easy access to your information with
minimal upfront spending. Pay as you go (weekly, quarterly or yearly), based on demand.
• Globalise your workforce inexpensively. Users worldwide can access the cloud, provided they
have an Internet connection.
• Streamline processes. Get more work done in less time with less people.
• Reduce capital costs. No need to spend big money on hardware, software or licensing fees.
• Improve accessibility. Access anytime, anywhere, making you more available.
• Monitor projects more effectively. Stay within budget and ahead of completion cycle times.
• Less personnel training is needed. It takes fewer people to do more work on a cloud, with a
minimal learning curve on hardware and software issues.
• Minimise licensing software. Scale up and down without the need to buy expensive software
licenses or programs.
• Improve flexibility. You can change direction without serious “people” or “financial” issues at
stake.
17. Overview of Cloud Assurance
By gaining assurance on how a Cloud Service Provider is treating risk
and by verifying the standard of their security controls, systems and
practices, a cloud consumer can build trust.
The areas to assess in order gain Cloud Service Provider assurance are:
• Business Context & Requirements
• Market Performance Analysis & Forecast
• Cloud Service Provider Business Analysis & Verification
• Cloud Service Provider Security & Verification
24. Looking at the market just tells a small part of the story……• Through the utilisation of PAAS companies are
launching 80% more apps per year with a 70%
accelerated time to market and a 75-85% reduction
in infrastructure costs, resulting in a 520% return on
investment.
• PAAS reduces time to software-launch by integrating
with IaaS.
PAAS Market Analysis and Performance
25. PAAS Market Analysis and Performance
Looking at the market just tells a small part of the story……
26. IAAS Market Analysis and Performance
Few Major Players
Market domination over last near decade
32. Strategic
• Business plan
• Strategic plan for the following 3 years
Financial
• Financial statements audited
Management
• Organisation chart Short-term objectives
• CV/Bio of people in the management of the company/unit
responsible for the service
• Commercial
• Number of service users
• Evolution of service users
• Commercial plan for the service
Assessing a Cloud Service Provider Business
33. Operation
• Service road map
• People certifications in the service operation
• Training policy
• Unwanted rotation ratio
• Service awards and recognitions
• Certifications (quality, development…)
• Outsourcing policy
• Dispute resolution system (arbitration)
Supplemental information
• Mergers and acquisitions
• Security incidents
• Changes in service plans
• Certifications and/or audits issues
• Change in key third party outsourcers
Assessing a Cloud Service Provider Business
34. Metrics to Assess a CSP from a Business perspective
If a cloud provider's pricing or promises seem too good to be true, they probably are.
Assessing a Cloud Service Provider Business
35. The company filed for US Chapter 11 bankruptcy in October 2013
Introduced in January 2012, Exec.Cloud was designed with SMBs in mind. Two years
after its release, Symantec realised that two features that they felt critical to its success
were missing: content-sharing features and mobile capabilities.
Rather than investing in the development of those features, Symantec felt it was a
smarter move to focus on its other backup product rather than fix Exec.Cloud. This
decision wasn’t without repercussion for SMBs who signed up for Symantec’s BE.Cloud.
Assessing a Cloud Service Provider Business
38. • Five layers of governance for IT are Network, Storage, Server, Services and
Applications
• On premise - organisation has control over Storage, Server, Services and Applications;
vendor and organisation can have shared control over Networks
• SaaS model - most layers are controlled by the vendor
• PaaS model - Applications and Services are controlled by both while Servers, Storage
and Network controlled by the vendor
• IaaS model - Applications are controlled by the organisation, Services controlled by
both while the Network, Storage and Server controlled by the vendor
General Cloud Governance
42. Open Certification Framework
Cloud Security Alliance
AICPA Assurance Services Executive Committee
Service Organisation Controls
Payment Card Industry Data Security Certification
PCI Security Standards Council
Key factors for cloud - Security Rating Guide
Leet Security
EuroCloud Star Audit
EuroCloud Europe
Tools to help to verify Cloud Service Provider Security
ISO/IEC 27001 Certification
International Organisation for Standardisation
Including ISO/IEC 27017 controls based
on ISO/IEC 27002 for cloud services
Certified Quality in Cloud Computing
TÜV Rheinland's certification for cloud providers
43. What is Cloud Computing?
Ubiquitious Network
Access
Rapid Elasticity
Measured Service with
Pay Per Use
On Demand
Self-Service
Location Transparent
Resource Pooling
48. Data: Your next Strategic Asset
• Where is it?
• What is it?
• Who created it?
• Who has access to it?
• How long should you keep it?
• How do we do more with it?
• How do we really derive value for it?
• Do we need to keep it?
65. Service Management
Project Management
Business Analysis
Lean
Agile
Scrum
SureSkills CAP/id2™
Cyber Security
65
BEST PRACTICE
66. Assurance
Governance
Auditability
Structure
66
WHAT DOES IT MEAN?
Adopt &
Adapt
Business Value
Foundation
Point
67. INTRODUCTION – CYBER RESILIENCE
Cyber resilience is not just information security
More focus on network connectivity & the internet
Recognition that we can’t always prevent incidents
The need for balance
Prevent, detect & correct
People, process & technology
Risks & opportunities
Characteristics needed for information
Confidentiality, integrity & availability
Authentication & non-repudiation
67
68. INFORMATION & VALUE
Your precious information
Customer/client data
Operational data
Market data
Operational documents & insight
Confidential data & IP
Enabled by IT systems (which can
be hacked or compromised) – &
now critical to success
69. BEYOND IT
THE HUMAN FACTOR
Organizational value resides in data plus
people
(information + intelligence = knowledge & ability)
The “system” is technology plus people
People/behaviours cause most vulnerabilities
Narrow focus on IT won’t align strategy,
operations & people
Need to look beyond IT security – to cyber
resilience
70. WILL YOUR INFORMATION
BE COMPROMISED?
The risks are high.
73% of large organizations suffered from infection
by viruses or malicious software in the past year
(BIS, 2014 Information Security Breaches Survey)
37.3 million users experience phishing
attacks in 2013
(Kapersky Lab)
95% of security incidents involve human
(IBM 2014 Cyber Security Intelligence Index report)
50% of users open emails and click on phishing
links with the first hour
(Verizon 2015 data breach investigations report)
The U.S. Government Is Under (Cyber) Attack
The State Department confirmed on Monday that hackers
breached its unclassified email system. The White House,
the Postal Service, & NOAA have also been compromised in
recent weeks.
71. Obama: We have long known about 'significant
vulnerabilities'
The Office of Personnel Management is notifying 4
million current & former federal government
employees that their personally identifiable
information may have been exposed by a breach of its
IT systems that the government discovered in April
Cybercrime costs Irish economy €630m a year (RTE
2014)
Some 62,500 Supervalu customers at risk over
breach(2013) 71
RISK!
72. RISKS TO VALUE
Loss of corporate reputation & customer
trust
Financial loss & reduced productivity
Regulatory fines
Reduced competitive advantage
through IP theft
(Damaged personal reputations)
73. INTRODUCING CYBER RESILIENCE
Cyber resilience is about
keeping data safe, but
critically…
It’s about keeping the
value tied
to that data safe
It’s about how you
minimise damage & come
through an attack or
security failure
It’s about how you
prevent, detect, respond &
74. BARRIERS TO CYBER RESILIENCE?
Lack of awareness (board level down)
Silo thinking (“it’s an IT problem”)
Narrow focus on regulatory compliance, not risk
Confusion about what “good” looks like
Cyber resilience demands a “whole system”
view (technology & people)
Cyber resilience has to be part of your
organisational culture…
This is why you need RESILIA
75. WHAT IS RESILIA?
RESILIA is a portfolio of training, learning &
certification aimed at building cyber resilience
across the organization, from the boardroom
down. Underpinned by Cyber Resilience Best
Practices it comprises of:
1. Foundation & Practitioner Certifications
2. Organization wide awareness learning
3. Cyber Pathway Tool
4. Leadership engagement
5. Professional Development Programme
76. WHAT WILL YOU GAIN (AND KEEP)?
Clarity & confidence throughout your
organization as it responds to a cyber
attack
Best practice disciplines –
encompassing people, process &
technology, whatever
your organization’s size
Enhanced management strategies
Aligned IT operations, security
& incident management
Secured value
77. WHAT WILL YOU GAIN (AND KEEP)?
The right ingredients for effective cyber
resilience
Common language across IT & non-IT teams
Enhanced collaboration
Enhanced control, reporting
good governance
A framework to exploit ITIL
best practice investments
Higher levels of certified staff
78. Best Practice Guide
Core practical guidance for strategy,
implementation & management:
“what good looks like”
Individual Awareness
Learning & Know-how
All staff across an organisation
IT teams & data
owners/managers
Membership
& CPD
IT teams & data
owners/managers
Leader
Engagement
Leadership team
across an organisation
Management
Pathway Tool
Foundation
& Practitioner
Training
RESILIA:
THE PORTFOLIO
79. WHY? WHO IS IT FOR?
The Foundation & Practitioner certification is aimed at:
IT & security functions
Risk & compliance functions
Core business functions including HR,
Finance, Procurement, Operations &
Marketing.
The awareness learning is for the entire
organization.
The leadership engagement delivers specialised training
& learning for the leaders within an organization
80. RESILIA:
BEST PRACTICE
The management processes you need to
embed
across the organization (large or small)
An organization-wide management
system involving people, process
& technology
Practical, pragmatic guidance
aligned with common approaches
& standards
Structure follows the proven ITIL
lifecycle used by thousands of
organizations across the world
81. RESILIA:
CERTIFIED TRAINING
Foundation & Practitioner courses for global
certified training
Link cyber resilience to business strategy
Enable effective resilience based on best
practice & repeatable processes
Create individual expertise in
risk & vulnerability assessment
the selection of appropriate controls,
including their structured
implementation and management
82. IT VENDORS-
CISCO, MS,
ORACLE etc
ISC(2)
CISSP
CompTIA
Security+
EC Council
Ethical Hacker
EC Council
Certified Security
Analyst
CISM
ISC(2)
SSCP
CLAS
ISO27001
auditor
CESG
CCP
CESG
CCT
ISACA Cybersecurity
Fundamentals
Certificate
AXELOS Cyber
Practitioner
AXELOS Cyber
Foundation
BCS InfoSec
Principles
Key
Grey = non-certification
course
Size of circle = course
market share
TECHNICAL FOCUS BUSINESS FOCUS
GENERAL
AUDIENCE
NICHE AUDIENCE
RESILIA:
CERTIFICATION POSITIONING
83. RESILIA:
AWARENESS LEARNING
Empower all individuals with awareness of
cyber risks
and their personal responsibilities for the
organization’s overall resilience
Content for regular, continuous learning
Adaptive and personalised to suit different
learning speeds and styles
Users can learn where and when it suits
with minimal disruption to their day to
day activities
85. RESILIA:
LEADER ENGAGEMENT
Build cyber resilience expertise, insight &
action
in the boardroom
Create active understanding
of the cyber threat landscape,
cyber risks and vulnerabilities
Create practical knowledge of
how to respond & recover
in the face of cyber attacks
86. RESILIA & BEYOND
Building the best practice community:
Effective cyber resilience involves a multi-
disciplinary approach with an organization that
encompasses people, process and technology.
The RESILIA community will bring together
practitioners, decision makers & leaders across
a range of core functions.