The Cloud A Necessary Risk for Business Recording

The Cloud: A Necessary Risk for Business Recording of this session via any media type is strictly prohibited. Page 1

• Toby Merrill ACE Group, Division SVP ACE Global Cyber Risk Practice • Anthony Caratzas Broadridge Financial Solutions Managing Director, Risk Management • Vinny Sakore ICSA Labs, a division of Verizon Program Manager, Cloud Services • David Navetta, Esq. CIPP Information Law Group, Partner Recording of this session via any media type is strictly prohibited. Page 2

What to Expect • What is Cloud Computing and Should Risk Managers Care? • How Can Cloud Computing Benefit Business? • What are the Risks of Migrating to the Cloud? • Making the Cloud Work for Your Company Recording of this session via any media type is strictly prohibited. Page 3

CFO Round. Table News, CFOs and CIOs Can Keep Up With Business’ Growth With Cloud Computing, 2013 http: //www. thecforoundtable. com/news/bid/327086/CFOs-and-CIOs-Can-Keep-Up-With-Business-Growth-With-Cloud-Computing Recording of this session via any media type is strictly prohibited. Page 4

IRDC 3 DMW, Cloud Computing, 2013 http: //www. c 3 dmw. com/IRDC 3 DMW/Cloud. Computing. jsp Recording of this session via any media type is strictly prohibited. Page 5

Mother Nature Network, Is cloud computing secure? , Photo: Shutterstock, 2012 http: //www. mnn. com/money/sustainable-business-practices/stories/cloud-computing-secure Recording of this session via any media type is strictly prohibited. Page 6

What is Cloud Computing? Visual Model of NIST Working Definition of the Cloud http: //csrc. nist. gov/groups/SNS/cloud-computing/index. html Recording of this session via any media type is strictly prohibited. Page 7

What is Cloud Computing? Recording of this session via any media type is strictly prohibited. Page 8

Should Risk Managers Care? Cisco UCS and EMC® VNX™ 5300 with Microsoft Private Cloud Fast Track 2. 0, 2012 http: //www. cisco. com/c/en/us/solutions/collateral/data-center-virtualization/unified-computing/whitepaper_c 11 -711496. html Recording of this session via any media type is strictly prohibited. Page 9

How Can Cloud Computing Benefit Business? • Reduced Infrastructure Costs • Capacity, Scalability and Speed • Security and Backup • Availability, Geography and Mobility • Regulatory Compliance • Other Benefits http: //s 1228. photobucket. com/user/thewindowsclub/media/cloud-computing. jpg. html#/user/thewindowsclub/media/cloudcomputing. jpg. html? &_suid=139784972428108712990863256382 Recording of this session via any media type is strictly prohibited. Adapted from Source: ©Teacher & Educational Development, University of New Mexico School of Medicine, 2005 Page 10

What are some of the Risks of Migrating to the Cloud? • Contracts • Loss of Control • Aggregation Risk • Costs • Data Security Recording of this session via any media type is strictly prohibited. Adapted from Source: ©Teacher & Educational Development, University of New Mexico School of Medicine, 2005 Page 11

What are Risks of Migrating to the Cloud? – In More Detail • • Cloud Relationships Geography Privacy System and Data Availability Data Retention Incident response Electronic Discovery / Electronic Evidence Recording of this session via any media type is strictly prohibited. Adapted from Source: ©Teacher & Educational Development, University of New Mexico School of Medicine, 2005 Page 12

Making Cloud Computing Work for Your Company • Privacy by Design and Culture • Shared Security and Related Responsibilities • Control and Liability • Due Diligence and Vendor Management Programs Recording of this session via any media type is strictly prohibited. Adapted from Source: ©Teacher & Educational Development, University of New Mexico School of Medicine, 2005 Page 13

Making Cloud Computing Work for Your Company Mitigating Risks – Multidisciplinary • Technical • Legal • Risk Transfer (Insurance) Recording of this session via any media type is strictly prohibited. Adapted from Source: ©Teacher & Educational Development, University of New Mexico School of Medicine, 2005 Page 14

https: //www. gartner. com/doc/2221320 Recording of this session via any media type is strictly prohibited. Adapted from Source: ©Teacher & Educational Development, University of New Mexico School of Medicine, 2005 Page 15

Making Cloud Computing Work for Your Company Vendor Management Programs • RFP Phase • Risk Identification Phase • Formal Security and Privacy Assessment • Data Security and Privacy Schedule • Negotiation Strategies • Audit and Reoccurring Risk Assessment This material is for informational purposes only and not for the purpose of providing legal advice. You should contact your attorney to obtain advice with respect to any particular issue or problem Recording of this session via any media type is strictly prohibited. Adapted from Source: ©Teacher & Educational Development, University of New Mexico School of Medicine, 2005 Page 16

Making Cloud Computing Work for Your Company Key Contract Terms • Definitions • Preventative Contract Terms • Controls in place to prevent data breach • “Reasonable security” • Specific controls • Audit and Enforcement Terms • Assessment / scanning rights • Non-compliance reporting • Credits / damages • Incident Response Contract Terms • Risk of Loss Contract Terms This material is for informational purposes only and not for the purpose of providing legal advice. You should contact your attorney to obtain advice with respect to any particular issue or problem Recording of this session via any media type is strictly prohibited. Adapted from Source: ©Teacher & Educational Development, University of New Mexico School of Medicine, 2005 Page 17

Making Cloud Computing Work for Your Company • Privacy by Design and Culture • Shared Security and Related Responsibilities • Control and Liability • Due Diligence and Vendor Management Programs This material is for informational purposes only and not for the purpose of providing legal advice. You should contact your attorney to obtain advice with respect to any particular issue or problem Recording of this session via any media type is strictly prohibited. Adapted from Source: ©Teacher & Educational Development, University of New Mexico School of Medicine, 2005 Page 18

Questions, Final Comments and Contact Information • Toby Merrill toby. merrill@acegroup. com • Anthony Caratzas • Vinny Sakore Anthony. Caratzas@broadridge. com vinny. sakore@icsalabs. com • David Navetta, Esq. CIPP dnavetta@infolawgroup. com Recording of this session via any media type is strictly prohibited. Page 19