Cloud computing risk & challenges
1 like2,407 views
The document discusses challenges and opportunities arising from cloud computing in financial management, particularly related to taxation and regulation. It highlights risks of multi-jurisdictional taxation and compliance with data privacy laws, emphasizing the need for secure data handling and audits. Additionally, it outlines security considerations for organizations of different sizes when utilizing cloud services.
Cloud computing risk & challenges
- 2. 16 JULY 2014 PARAG DEODHAR ‐ 3rd Annual Asian GRC & IT Security Conference 2014 2 Private Public Hybrid
- 3. FINANCIAL MANAGEMENT • CAPEX to OPEX • Capital can be on used for growth of business. 16 JULY 2014 PARAG DEODHAR ‐ 3rd Annual Asian GRC & IT Security Conference 2014 3 Opportunities
- 4. • Cloud may create a permanent establishment (PE) for: – Service provider through its infrastructure – Client through the use of servers in a territory outside the home jurisdiction. • A business conducted in the cloud creates practical difficulties in determining where that income was sourced. – Cloud uses shared resources, servers can be located in multiple jurisdictions, a simple transaction may be processed in multiple countries. – The place where a transaction takes place is difficult to ascertain in these circumstances, as only part of a transaction may be completed in any one jurisdiction. • Consumption‐based taxes – GST / VAT apply where the service is consumed or content is delivered • Organizations that transfer data, software and other Cloud services across border need to be aware of the potential liability to export controls. 16 JULY 2014 PARAG DEODHAR ‐ 3rd Annual Asian GRC & IT Security Conference 2014 4 Businesses risk getting taxed in more than one place
- 5. LEAKING CLOUDS? 16 JULY 2014 PARAG DEODHAR ‐ 3rd Annual Asian GRC & IT Security Conference 2014 5
- 6. SECURITY AND PRIVACY 16 JULY 2014 PARAG DEODHAR ‐ 3rd Annual Asian GRC & IT Security Conference 2014 6 For a large, regulated organization: it may be a nightmare… For a small organization: it may offer much better security Private Public Hybrid
- 7. SECURITY 16 JULY 2014 PARAG DEODHAR ‐ 3rd Annual Asian GRC & IT Security Conference 2014 7 IDENTITY & ACCESS ENCRYPTION STORAGE COLLATERAL DAMAGE AVAILABILITY & DESTRUCTION HUMAN THREAT
- 9. REGULATIONS & COMPLIANCE Data Privacy Laws and Regulations IT Act, RBI / IRDA regulations… Encryption / Lawful interception Who owns the data? Under the ITA, a corporate entity when transferring sensitive personal information to another entity should ensure, that the entity to whom such information is being transferred should have similar security practices to protect such information. Further, a corporate entity in possession of sensitive personal information should ensure that the provider of such information is aware of the agency collecting and retaining information, the intended recipients of the information and the purpose for which the information shall be used. As per ITA, data security audits need to be carried by companies through approved auditors at least once a year or when significant changes / upgrades happen. 16 JULY 2014 PARAG DEODHAR ‐ 3rd Annual Asian GRC & IT Security Conference 2014 9