SlideShare uma empresa Scribd logo

Master Data in the Cloud: 5 Security Fundamentals

Sarah Fane
Sarah Fane

Your master data is essential to the smooth operation of your business. But it is also valuable to others. Master data is vulnerable to both internal and external attacks. As the future of business and data is increasingly cloud-based, we explore five fundamentals to ensure the security of your data.

Tecnologia
1 de 6
Baixar para ler offline
W H I T E PA P E R Your master data is essential to the smooth operation of your business. But it is also valuable to others. Master data is vulnerable to both internal and external attacks. As the future of business and data is increasingly cloud-based, we explore five fundamentals to ensure the security of your data. © sharedserviceslink and JPD Financial 2017 Master Data in the Cloud: 5 Security Fundamentals
1 One of the most important assets in your business is your data. Data, including your master vendor data, contains information essential to the day-to-day running of your organization. Without it, operations would come to a grinding halt. However it’s not just valuable to you. Master data can be a target, and it can be compromised in breaches, hacks, or data leaks (intentional or unintentional). In the wrong hands, this information could expose you to fraud; it could compromise sensitive business information; and it could seriously damage your reputation with current and future customers, as well as with shareholders and the business market at large. As automation becomes more common in business in the form of cloud-based technology, opportunities for data access increase. Thankfully, there are a number of precautions and preparations well worth considering before putting your sensitive master data into the cloud, which will help to make your transition much more secure. There are many valid concerns when it comes to data security Master data contains a huge amount of information that ensures your business is able to operate. But in the wrong hands, the possibilities are terrifying. Your master data contains commercially sensitive information about your business and your suppliers. It includes which suppliers you use, how much you spend with them, when their contracts are up for renewal and what their bank details are. The information in your master data can also lay the foundation for fraud that may happen in downstream processes in, for example, purchasing or payments. Given the relatively easy access to this sensitive data, it is surprising how infrequently this data gets the protection it needs. A 2016 sharedserviceslink survey shows that over one-third, 34% of respondents, had an incident of fraud in the last 5 years that could have been prevented with better vendor master data control. Regular checks and audits of your master data can go a long way to mitigate these risks. However many companies aren’t resourced to review and audit master data and supplier vendor data on a regular basis. Keeping on top of your supplier base for irregularities or credits that may be owed to you is a time-consuming task that often falls onto the shoulders of an over-worked accounts payable team who have other more pressing priorities. In the wrong hands, master data can be exploited: • Exposing which suppliers you use, and the exact amount you spend with them could reveal commercially sensitive or secret information. • Fraudsters (internal or external) could mimic existing suppliers, invoicing you with realistic-looking, fake invoices. • Bank details suppliers could be changed to re-direct payments to a fraudster. • Employee expenses can contain sensitive and private information. Have you had an incident of fraud that could have been prevented by better vendor master control? 34% 9% 57% No Yes, within the last 10 years Yes, within the last 5 years sharedserviceslink report: Get Proactive About your Vendor Data, 2016
2 The General Data Protection Regulation (GDPR) comes into effect on May 25th 2018. While it is a European Union (EU) regulation, if you process data about individuals in the context of selling goods or services to citizens in EU countries, then you will need to comply. Key compliance elements include: • Responding to data subjects’ requests about how their data is being used and requests to remove data • Notifying those affected by data breaches within 72 hours • Clarified data consent policies Non-compliance fines can be up to 4% of annual global turnover or 20 Million Euros, whichever is greater. To remain compliant, organizations must demonstrate compliance, and that can be done through enhancing data protection policies, staff training, internal audits and creating and improving security features on an ongoing basis. Third parties who specialize in auditing suppliers can help you manage these risks, and help you drive credit recovery, but a critical success factor is understanding the level to which these third parties will protect that data. The future of data is in the cloud In finance, as in businesses in general, the future is in the cloud. Any organization of a certain scale will have some of their business-critical data in online tools and in the cloud. Most finance automation tools today are much less likely to be installed on-premise. Rather, they will be online and cloud-based. Cloud-based applications not only save on the capital expenditure of installation, they are generally much easier to upgrade and deploy across your global business. Lastly, they provide best in class security features. Engage IT early in your search for providers Even very traditional companies are entrusting their data to cloud-based providers. As with any technology deployment, it’s important to engage your IT team early in the process, so that you understand what they need to see from suppliers. “I was under the impression that we managed the vendor statements internally and did not miss any opportunities for recoveries. Once I started to review, I identified that 45% of the vendors did not provide their statements.” Ed Martinez, Former VP of Shared Services and Owner and Senior Advisor of EPM Services. Getting IT and Finance on board with cloud technology “Our IT team are inherently conservative, and understandably so, because we work with a lot of client data, and we come from a banking background. So the concept [of moving finance automation onto the cloud] was radical to some, but contemporary to others. What helped us was IT had gone through a previous cloud implementation of a completely different product outside of the finance arena, so that helped set the scene and set the comfort level. We also worked well with our provider about the IT diligence. We were able to satisfy their concerns and meet the thresholds our IT team were looking for. I’d be stunned if any organization didn’t have some form of data going in and out of the business somewhere in the processes they operate, so there has to be data standards to it.” - Robert Bloor, Group Financial Controller, Equiniti
3 Nearly every company has, or will have, some data online, sitting in cloud-based tools. When it comes to implementation, it’s important to ensure the tools, access rules, controls, and procedures satisfy both IT and Finance’s requirements early in the process, before the tender has begun. The cloud may be more secure than on-premise. Many cloud-based service providers host data in secure, geographically separated, nondescript data centers. They use technology like biometrics and 24 hour video surveillance to prevent unauthorized access. On top of that, many leverage military-grade encryption of the data they host. These levels of security are impractical for most organizations on-premise. Many companies appreciate that they need to guarantee a level of physically secure encryption that is untenable for them to attain without partnering with a third party. A move to the cloud can be motivated by the need to increase data security levels, but optimum data security is not guaranteed or indeed offered by all third parties. Your master data is important, but it’s also vulnerable. When you are using third parties – particularly cloud-based third parties – what can you do to ensure it is secure? Master data security: 5 fundamentals There are some key requirements you should seek when it comes to protecting your master data. 1. Regularly audit your data and supplier information. No matter how rigorous your processes are, it’s always good to have a third party come and look over your shoulder every now and again. While good processes can mitigate many risks, and keep the quality of your master data high, auditing all of your supplier spend and looking for irregularities (such as duplicate payments) can be extremely time-consuming. This is where third parties can add real value. Audit recovery or vendor credit recovery firms can: • Check data against databases to verify existing records • Identify and red-flag any problematic suppliers • Alert you to credits owed to you (such as duplicate payments, credit notes or rebates) which can be a huge boost to your bottom line. 2. Have a strong user awareness program User awareness is a first line of defense, and a culture of security is important, both internally and with any third party you use. For you, or any provider who works with your master data, it’s essential to have a strong user awareness program in place for data security. Your IT team or subject matter experts may know where fraud is likely to occur, but not everyone who interacts with your data will know whether their actions are assisting or jeopardising your data controls. Users who interact with data should be aware of how fraud is likely to occur. Some will need education about the latest cyber threats, while others may need reminding not to trust an inbound call to change bank account details. Without a strong user awareness, data could be unknowingly compromised. It’s also important to have a culture of openness. If someone is worried they did something wrong,
4 or saw something suspicious, be sure to provide avenues for them to speak up, so you can catch issues early on. Ask any third party you use what user awareness programs they have, and if they can help you. 3. Ensure you and your providers have a security policy that keeps up with the changing landscape Your providers’ security policy should exceed your expectations. Data security doesn’t happen through chance. It’s a result of stringent policies and rigorous checks. Be sure to ask your service provider about their security policies and bring in your IT team early on in the process to make sure their policies meet, or exceed your own IT due- diligence testing. Some key elements to understand: • Who will be handling your information? Who from their organization has access to your data, and what checks have they undergone (for example do they sign Non- Disclosure Agreements?) • What security checks do they have in place? Do they use penetration testing (testing to find vulnerabilities and weaknesses in your security)? • What is their data loss prevention plan? 4.Askwhichdatastorageproviderstheyuse If you are using a Software-as-a-Service provider, they are only as secure as their partners. Most automation or SaaS providers will partner with large data warehouses. Many use companies like Amazon, Salesforce, Microsoft or Box to manage data securely. If you are evaluating providers, also evaluate who they partner with and what controls they have in place. • How will the data be encrypted? • What access controls are in place? • What back-up of data is done? 5. Data compliance checks: Compliance documents are essential to ensure data is being processed safely and securely, and that regulators’ requirements are met. Data compliance is a fast-moving landscape, and you will want to check that your supplier is up to the current standards.There is a huge amount of documentation needed to be compliant – some of the key certifications include SSAE-16 and US-EU Safe Harbor. Also, be sure to ask what they are doing to prepare for the General Data Protection Regulation (GDPR) and how they can help you prepare. Companies you can trust with your data will be proud of their compliance standards, and should share these with you openly. Will third parties keep your data safe? Key questions to ask: • What kind of penetration testing do you do? • Will you help us with our user awareness program? • Which storage providers do you use? And what level of security and encryption will there be? • What compliance checks do you use (i.e SSAE-16, US-EU Safe Harbor)? • What is your Data Loss Prevention Plan? • How are you preparing for the GDPR? • Who in your organization can access our data, and what checks have they undergone?
5 © sharedserviceslink and JPD Financial 2017 In Summary As data is valuable to your company, it’s also valuable to outsiders. As your information will almost inevitably sit within the cloud, there are a number of things you can start checking, to ensure that you remain secure. Third parties can bring significant benefit to the management of your vendor master data, but they can also bring risk. Engage IT early in the process, and don’t be afraid to ask some tough questions – based on the five fundamentals – about security. About JPD Financial As the audit landscape continues to evolve, JPD has become proficient in rebalancing expectations and offering a solution that is advantageous to our clients. Our advanced recovery credit services, together with quality communication processes, produce the best results. This personal approach strengthens the relationships of our customers and delivers the highest level of satisfaction and reward. To ensure that JPD achieves the most comprehensive data security for our clients, we have enlisted several industry-leading technology partners. Our partners include; Salesforce, Box, Microsoft, Rackspace Cloud, S-Net Communications and Informatica. All JPD employees must sign confidentiality agreements, and an independent third party is used to conduct random penetration testing. JPD’s On-Demand client portal is cloud based, leveraging the Salesforce platform. This solution will not require any physical deployment of software or hardware, thereby providing the flexibility of allowing credit management functions to be performed from anywhere our clients operate. JPD partners with Box so that our clients can securely transfer highly confidential and sensitive information. Box utilizes military grade encryption, customized Box shared links with passwords, expiration dates and restricted download access as security measures when our clients are transferring data. JPD Financial –“Helping you take the credit…. Securely” For more information email contact@jpdfinancial.com

Recomendados

Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants- Mark - Fullbright
 
Looking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsLooking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsResilient Systems
 
Big Data: Beyond the Hype - Why Big Data Matters to You
Big Data: Beyond the Hype - Why Big Data Matters to YouBig Data: Beyond the Hype - Why Big Data Matters to You
Big Data: Beyond the Hype - Why Big Data Matters to YouDATAVERSITY
 
A data-centric program
A data-centric program A data-centric program
A data-centric program at MicroFocus Italy ❖✔
 
Proven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckProven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckNetIQ
 
Threat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideThreat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideDLT Solutions
 
Enterprise Data Privacy Quiz
Enterprise Data Privacy QuizEnterprise Data Privacy Quiz
Enterprise Data Privacy QuizDruva
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...Casey Ellis
 

Recomendados

Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants- Mark - Fullbright
 
Looking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsLooking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsResilient Systems
 
Big Data: Beyond the Hype - Why Big Data Matters to You
Big Data: Beyond the Hype - Why Big Data Matters to YouBig Data: Beyond the Hype - Why Big Data Matters to You
Big Data: Beyond the Hype - Why Big Data Matters to YouDATAVERSITY
 
A data-centric program
A data-centric program A data-centric program
A data-centric program at MicroFocus Italy ❖✔
 
Proven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckProven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckNetIQ
 
Threat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideThreat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideDLT Solutions
 
Enterprise Data Privacy Quiz
Enterprise Data Privacy QuizEnterprise Data Privacy Quiz
Enterprise Data Privacy QuizDruva
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...Casey Ellis
 
Internal Audit
Internal AuditInternal Audit
Internal AuditNigel Robinson
 
Who is the next target proactive approaches to data security
Who is the next target proactive approaches to data securityWho is the next target proactive approaches to data security
Who is the next target proactive approaches to data securityUlf Mattsson
 
Target data breach case study
Target data breach case studyTarget data breach case study
Target data breach case studyAbhilash vijayan
 
Cross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataCross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataUlf Mattsson
 
Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-IT Strategy Group
 
Data breach presentation
Data breach presentationData breach presentation
Data breach presentationBradford Bach
 
Boards' Eye View of Digital Risk & GDPR v2
Boards' Eye View of Digital Risk & GDPR v2Boards' Eye View of Digital Risk & GDPR v2
Boards' Eye View of Digital Risk & GDPR v2Graham Mann
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Erik Ginalick
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response PlanNext Dimension Inc.
 
Protecting Intellectual Property and Data Loss Prevention (DLP)
Protecting Intellectual Property and Data Loss Prevention (DLP)Protecting Intellectual Property and Data Loss Prevention (DLP)
Protecting Intellectual Property and Data Loss Prevention (DLP)Arpin Consulting
 
Keep Calm and GDPR
Keep Calm and GDPRKeep Calm and GDPR
Keep Calm and GDPRMissMarvel70
 
Data Breach Guide 2013
Data Breach Guide 2013Data Breach Guide 2013
Data Breach Guide 2013- Mark - Fullbright
 
ACCA Smart Finance Series - Trust in the Digital Age Presented by PwC
ACCA Smart Finance Series - Trust in the Digital Age Presented by PwCACCA Smart Finance Series - Trust in the Digital Age Presented by PwC
ACCA Smart Finance Series - Trust in the Digital Age Presented by PwCACCASG Community Manager
 
Data security and privacy
Data security and privacyData security and privacy
Data security and privacyrajab ssemwogerere
 
Whitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsWhitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsJason Dover
 
Protecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersProtecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersJack Nichelson
 
California Consumer Privacy Act (CCPA)
California Consumer Privacy Act (CCPA)California Consumer Privacy Act (CCPA)
California Consumer Privacy Act (CCPA)Happiest Minds Technologies
 
Insight2014 mitigate risk_fraud_6863
Insight2014 mitigate risk_fraud_6863Insight2014 mitigate risk_fraud_6863
Insight2014 mitigate risk_fraud_6863IBMgbsNA
 
Cybercrime and the Healthcare Industry
Cybercrime and the Healthcare IndustryCybercrime and the Healthcare Industry
Cybercrime and the Healthcare IndustryEMC
 
Digital trust and cyber challenge now extends beyond the Enterprise
Digital trust and cyber challenge now extends beyond the Enterprise Digital trust and cyber challenge now extends beyond the Enterprise
Digital trust and cyber challenge now extends beyond the Enterprise Mourad Khalil
 
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in ComplianceThe GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in ComplianceObservePoint
 
Protect Your Firm: Knowledge, Process, Policy and Action
Protect Your Firm: Knowledge, Process, Policy and ActionProtect Your Firm: Knowledge, Process, Policy and Action
Protect Your Firm: Knowledge, Process, Policy and ActionWolters Kluwer Tax & Accounting US
 

Mais conteúdo relacionado

Mais procurados

Who is the next target proactive approaches to data security
Who is the next target proactive approaches to data securityWho is the next target proactive approaches to data security
Who is the next target proactive approaches to data securityUlf Mattsson
 
Target data breach case study
Target data breach case studyTarget data breach case study
Target data breach case studyAbhilash vijayan
 
Cross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataCross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataUlf Mattsson
 
Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-IT Strategy Group
 
Data breach presentation
Data breach presentationData breach presentation
Data breach presentationBradford Bach
 
Boards' Eye View of Digital Risk & GDPR v2
Boards' Eye View of Digital Risk & GDPR v2Boards' Eye View of Digital Risk & GDPR v2
Boards' Eye View of Digital Risk & GDPR v2Graham Mann
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Erik Ginalick
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response PlanNext Dimension Inc.
 
Protecting Intellectual Property and Data Loss Prevention (DLP)
Protecting Intellectual Property and Data Loss Prevention (DLP)Protecting Intellectual Property and Data Loss Prevention (DLP)
Protecting Intellectual Property and Data Loss Prevention (DLP)Arpin Consulting
 
Keep Calm and GDPR
Keep Calm and GDPRKeep Calm and GDPR
Keep Calm and GDPRMissMarvel70
 
ACCA Smart Finance Series - Trust in the Digital Age Presented by PwC
ACCA Smart Finance Series - Trust in the Digital Age Presented by PwCACCA Smart Finance Series - Trust in the Digital Age Presented by PwC
ACCA Smart Finance Series - Trust in the Digital Age Presented by PwCACCASG Community Manager
 
Whitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsWhitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsJason Dover
 
Protecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersProtecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersJack Nichelson
 
Insight2014 mitigate risk_fraud_6863
Insight2014 mitigate risk_fraud_6863Insight2014 mitigate risk_fraud_6863
Insight2014 mitigate risk_fraud_6863IBMgbsNA
 
Cybercrime and the Healthcare Industry
Cybercrime and the Healthcare IndustryCybercrime and the Healthcare Industry
Cybercrime and the Healthcare IndustryEMC
 
Digital trust and cyber challenge now extends beyond the Enterprise
Digital trust and cyber challenge now extends beyond the Enterprise Digital trust and cyber challenge now extends beyond the Enterprise
Digital trust and cyber challenge now extends beyond the Enterprise Mourad Khalil
 

Mais procurados (20)

Internal Audit
Internal AuditInternal Audit
Internal Audit
 
Who is the next target proactive approaches to data security
Who is the next target proactive approaches to data securityWho is the next target proactive approaches to data security
Who is the next target proactive approaches to data security
 
Target data breach case study
Target data breach case studyTarget data breach case study
Target data breach case study
 
Cross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataCross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive data
 
Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-
 
Data breach presentation
Data breach presentationData breach presentation
Data breach presentation
 
Boards' Eye View of Digital Risk & GDPR v2
Boards' Eye View of Digital Risk & GDPR v2Boards' Eye View of Digital Risk & GDPR v2
Boards' Eye View of Digital Risk & GDPR v2
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response Plan
 
Protecting Intellectual Property and Data Loss Prevention (DLP)
Protecting Intellectual Property and Data Loss Prevention (DLP)Protecting Intellectual Property and Data Loss Prevention (DLP)
Protecting Intellectual Property and Data Loss Prevention (DLP)
 
Keep Calm and GDPR
Keep Calm and GDPRKeep Calm and GDPR
Keep Calm and GDPR
 
Data Breach Guide 2013
Data Breach Guide 2013Data Breach Guide 2013
Data Breach Guide 2013
 
ACCA Smart Finance Series - Trust in the Digital Age Presented by PwC
ACCA Smart Finance Series - Trust in the Digital Age Presented by PwCACCA Smart Finance Series - Trust in the Digital Age Presented by PwC
ACCA Smart Finance Series - Trust in the Digital Age Presented by PwC
 
Data security and privacy
Data security and privacyData security and privacy
Data security and privacy
 
Whitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsWhitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant Environments
 
Protecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersProtecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the Beefeaters
 
California Consumer Privacy Act (CCPA)
California Consumer Privacy Act (CCPA)California Consumer Privacy Act (CCPA)
California Consumer Privacy Act (CCPA)
 
Insight2014 mitigate risk_fraud_6863
Insight2014 mitigate risk_fraud_6863Insight2014 mitigate risk_fraud_6863
Insight2014 mitigate risk_fraud_6863
 
Cybercrime and the Healthcare Industry
Cybercrime and the Healthcare IndustryCybercrime and the Healthcare Industry
Cybercrime and the Healthcare Industry
 
Digital trust and cyber challenge now extends beyond the Enterprise
Digital trust and cyber challenge now extends beyond the Enterprise Digital trust and cyber challenge now extends beyond the Enterprise
Digital trust and cyber challenge now extends beyond the Enterprise
 

Semelhante a Master Data in the Cloud: 5 Security Fundamentals

The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in ComplianceThe GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in ComplianceObservePoint
 
Managing data security and privacy in call centres ankur gupta
Managing data security and privacy in call centres ankur guptaManaging data security and privacy in call centres ankur gupta
Managing data security and privacy in call centres ankur guptaAankur Gupta
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3Meg Weber
 
Five strategies for gdpr compliance
Five strategies for gdpr complianceFive strategies for gdpr compliance
Five strategies for gdpr compliancePeter Goldbrunner
 
For digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustFor digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustGrant Thornton LLP
 
10 Things to Note before Choosing Managed IT Support.pdf
10 Things to Note before Choosing Managed IT Support.pdf10 Things to Note before Choosing Managed IT Support.pdf
10 Things to Note before Choosing Managed IT Support.pdfMetaorange
 
10 Things to Note before Choosing Managed IT Support.pptx
10 Things to Note before Choosing Managed IT Support.pptx10 Things to Note before Choosing Managed IT Support.pptx
10 Things to Note before Choosing Managed IT Support.pptxMetaorange
 
Big data security
Big data securityBig data security
Big data securityAnne ndolo
 
Big data security
Big data securityBig data security
Big data securityAnne ndolo
 
Luxembourg Wort_QA_240314 (final)
Luxembourg Wort_QA_240314 (final) Luxembourg Wort_QA_240314 (final)
Luxembourg Wort_QA_240314 (final) Alex Blumen
 
Data Privacy: The Hidden Beast within Mergers & Acquisitions
Data Privacy: The Hidden Beast within Mergers & AcquisitionsData Privacy: The Hidden Beast within Mergers & Acquisitions
Data Privacy: The Hidden Beast within Mergers & AcquisitionsTrustArc
 
Piwik PRO The Real Cost of Data Privacy
Piwik PRO The Real Cost of Data Privacy Piwik PRO The Real Cost of Data Privacy
Piwik PRO The Real Cost of Data Privacy Piwik PRO
 
#Privacy Matters - Come il regolamento privacy europeo da un problema può div...
#Privacy Matters - Come il regolamento privacy europeo da un problema può div...#Privacy Matters - Come il regolamento privacy europeo da un problema può div...
#Privacy Matters - Come il regolamento privacy europeo da un problema può div...Giulio Coraggio
 
Maintain data privacy during software development
Maintain data privacy during software developmentMaintain data privacy during software development
Maintain data privacy during software developmentMuhammadArif823
 
Where security and privacy meet partnering tips for CSOs and privacy/complian...
Where security and privacy meet partnering tips for CSOs and privacy/complian...Where security and privacy meet partnering tips for CSOs and privacy/complian...
Where security and privacy meet partnering tips for CSOs and privacy/complian...Compliancy Group
 
Data protection: Steps Organisations can take to ensure compliance
Data protection: Steps Organisations can take to ensure complianceData protection: Steps Organisations can take to ensure compliance
Data protection: Steps Organisations can take to ensure complianceEquiGov Institute
 
2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy Management2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy ManagementTrustArc
 
trellix-dlp-buyers-guide.pdf
trellix-dlp-buyers-guide.pdftrellix-dlp-buyers-guide.pdf
trellix-dlp-buyers-guide.pdfLaLaBlaGhvgT
 
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015CBIZ, Inc.
 

Semelhante a Master Data in the Cloud: 5 Security Fundamentals (20)

The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in ComplianceThe GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
 
Protect Your Firm: Knowledge, Process, Policy and Action
Protect Your Firm: Knowledge, Process, Policy and ActionProtect Your Firm: Knowledge, Process, Policy and Action
Protect Your Firm: Knowledge, Process, Policy and Action
 
Managing data security and privacy in call centres ankur gupta
Managing data security and privacy in call centres ankur guptaManaging data security and privacy in call centres ankur gupta
Managing data security and privacy in call centres ankur gupta
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
 
Five strategies for gdpr compliance
Five strategies for gdpr complianceFive strategies for gdpr compliance
Five strategies for gdpr compliance
 
For digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustFor digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a must
 
10 Things to Note before Choosing Managed IT Support.pdf
10 Things to Note before Choosing Managed IT Support.pdf10 Things to Note before Choosing Managed IT Support.pdf
10 Things to Note before Choosing Managed IT Support.pdf
 
10 Things to Note before Choosing Managed IT Support.pptx
10 Things to Note before Choosing Managed IT Support.pptx10 Things to Note before Choosing Managed IT Support.pptx
10 Things to Note before Choosing Managed IT Support.pptx
 
Big data security
Big data securityBig data security
Big data security
 
Big data security
Big data securityBig data security
Big data security
 
Luxembourg Wort_QA_240314 (final)
Luxembourg Wort_QA_240314 (final) Luxembourg Wort_QA_240314 (final)
Luxembourg Wort_QA_240314 (final)
 
Data Privacy: The Hidden Beast within Mergers & Acquisitions
Data Privacy: The Hidden Beast within Mergers & AcquisitionsData Privacy: The Hidden Beast within Mergers & Acquisitions
Data Privacy: The Hidden Beast within Mergers & Acquisitions
 
Piwik PRO The Real Cost of Data Privacy
Piwik PRO The Real Cost of Data Privacy Piwik PRO The Real Cost of Data Privacy
Piwik PRO The Real Cost of Data Privacy
 
#Privacy Matters - Come il regolamento privacy europeo da un problema può div...
#Privacy Matters - Come il regolamento privacy europeo da un problema può div...#Privacy Matters - Come il regolamento privacy europeo da un problema può div...
#Privacy Matters - Come il regolamento privacy europeo da un problema può div...
 
Maintain data privacy during software development
Maintain data privacy during software developmentMaintain data privacy during software development
Maintain data privacy during software development
 
Where security and privacy meet partnering tips for CSOs and privacy/complian...
Where security and privacy meet partnering tips for CSOs and privacy/complian...Where security and privacy meet partnering tips for CSOs and privacy/complian...
Where security and privacy meet partnering tips for CSOs and privacy/complian...
 
Data protection: Steps Organisations can take to ensure compliance
Data protection: Steps Organisations can take to ensure complianceData protection: Steps Organisations can take to ensure compliance
Data protection: Steps Organisations can take to ensure compliance
 
2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy Management2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy Management
 
trellix-dlp-buyers-guide.pdf
trellix-dlp-buyers-guide.pdftrellix-dlp-buyers-guide.pdf
trellix-dlp-buyers-guide.pdf
 
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015
 

Mais de Sarah Fane

3 Ways Covid-19 Changed Shared Services and how to Prepare for What's Next
3 Ways Covid-19 Changed Shared Services and how to Prepare for What's Next3 Ways Covid-19 Changed Shared Services and how to Prepare for What's Next
3 Ways Covid-19 Changed Shared Services and how to Prepare for What's NextSarah Fane
 
Building a VAT Roadmap for 2021 and Beyond
Building a VAT Roadmap for 2021 and BeyondBuilding a VAT Roadmap for 2021 and Beyond
Building a VAT Roadmap for 2021 and BeyondSarah Fane
 
3 Key Differentiators of P2P Top Performers
3 Key Differentiators of P2P Top Performers 3 Key Differentiators of P2P Top Performers
3 Key Differentiators of P2P Top Performers Sarah Fane
 
Measure and improve the strength of your shared services' foundation
Measure and improve the strength of your shared services' foundationMeasure and improve the strength of your shared services' foundation
Measure and improve the strength of your shared services' foundationSarah Fane
 
Benchmark your financial close infographic
Benchmark your financial close infographicBenchmark your financial close infographic
Benchmark your financial close infographicSarah Fane
 
Working Capital Management: The Missing Link in Payables and P2P
Working Capital Management: The Missing Link in Payables and P2PWorking Capital Management: The Missing Link in Payables and P2P
Working Capital Management: The Missing Link in Payables and P2PSarah Fane
 
Global Business Services - what are they and how do they differ from shared s...
Global Business Services - what are they and how do they differ from shared s...Global Business Services - what are they and how do they differ from shared s...
Global Business Services - what are they and how do they differ from shared s...Sarah Fane
 
How to Get Proactive about your Vendor Master Data: 4 tips for success
How to Get Proactive about your Vendor Master Data: 4 tips for successHow to Get Proactive about your Vendor Master Data: 4 tips for success
How to Get Proactive about your Vendor Master Data: 4 tips for successSarah Fane
 
3 Pillars of Performance in Finance Shared Services
3 Pillars of Performance in Finance Shared Services3 Pillars of Performance in Finance Shared Services
3 Pillars of Performance in Finance Shared ServicesSarah Fane
 
Deliver savings in increase profit: Top working capital management strategies
Deliver savings in increase profit: Top working capital management strategiesDeliver savings in increase profit: Top working capital management strategies
Deliver savings in increase profit: Top working capital management strategiesSarah Fane
 
How do you measure the sucess of AP automation
How do you measure the sucess of AP automationHow do you measure the sucess of AP automation
How do you measure the sucess of AP automationSarah Fane
 
3 Tips to improve supplier information management
3 Tips to improve supplier information management3 Tips to improve supplier information management
3 Tips to improve supplier information managementSarah Fane
 
How to achieve process excellence with multiple ERPs - 3 Keys to success
How to achieve process excellence with multiple ERPs - 3 Keys to successHow to achieve process excellence with multiple ERPs - 3 Keys to success
How to achieve process excellence with multiple ERPs - 3 Keys to successSarah Fane
 
3 Procure to Pay zones that are overlooked and 3 sSolutions to get you in the...
3 Procure to Pay zones that are overlooked and 3 sSolutions to get you in the...3 Procure to Pay zones that are overlooked and 3 sSolutions to get you in the...
3 Procure to Pay zones that are overlooked and 3 sSolutions to get you in the...Sarah Fane
 
How to take Procure-to-Pay (P2P) from tactical to value-adding
How to take Procure-to-Pay (P2P) from tactical to value-addingHow to take Procure-to-Pay (P2P) from tactical to value-adding
How to take Procure-to-Pay (P2P) from tactical to value-addingSarah Fane
 
Global business services infographic
Global business services infographicGlobal business services infographic
Global business services infographicSarah Fane
 
P2P GPO infographic
P2P GPO infographicP2P GPO infographic
P2P GPO infographicSarah Fane
 

Mais de Sarah Fane (17)

3 Ways Covid-19 Changed Shared Services and how to Prepare for What's Next
3 Ways Covid-19 Changed Shared Services and how to Prepare for What's Next3 Ways Covid-19 Changed Shared Services and how to Prepare for What's Next
3 Ways Covid-19 Changed Shared Services and how to Prepare for What's Next
 
Building a VAT Roadmap for 2021 and Beyond
Building a VAT Roadmap for 2021 and BeyondBuilding a VAT Roadmap for 2021 and Beyond
Building a VAT Roadmap for 2021 and Beyond
 
3 Key Differentiators of P2P Top Performers
3 Key Differentiators of P2P Top Performers 3 Key Differentiators of P2P Top Performers
3 Key Differentiators of P2P Top Performers
 
Measure and improve the strength of your shared services' foundation
Measure and improve the strength of your shared services' foundationMeasure and improve the strength of your shared services' foundation
Measure and improve the strength of your shared services' foundation
 
Benchmark your financial close infographic
Benchmark your financial close infographicBenchmark your financial close infographic
Benchmark your financial close infographic
 
Working Capital Management: The Missing Link in Payables and P2P
Working Capital Management: The Missing Link in Payables and P2PWorking Capital Management: The Missing Link in Payables and P2P
Working Capital Management: The Missing Link in Payables and P2P
 
Global Business Services - what are they and how do they differ from shared s...
Global Business Services - what are they and how do they differ from shared s...Global Business Services - what are they and how do they differ from shared s...
Global Business Services - what are they and how do they differ from shared s...
 
How to Get Proactive about your Vendor Master Data: 4 tips for success
How to Get Proactive about your Vendor Master Data: 4 tips for successHow to Get Proactive about your Vendor Master Data: 4 tips for success
How to Get Proactive about your Vendor Master Data: 4 tips for success
 
3 Pillars of Performance in Finance Shared Services
3 Pillars of Performance in Finance Shared Services3 Pillars of Performance in Finance Shared Services
3 Pillars of Performance in Finance Shared Services
 
Deliver savings in increase profit: Top working capital management strategies
Deliver savings in increase profit: Top working capital management strategiesDeliver savings in increase profit: Top working capital management strategies
Deliver savings in increase profit: Top working capital management strategies
 
How do you measure the sucess of AP automation
How do you measure the sucess of AP automationHow do you measure the sucess of AP automation
How do you measure the sucess of AP automation
 
3 Tips to improve supplier information management
3 Tips to improve supplier information management3 Tips to improve supplier information management
3 Tips to improve supplier information management
 
How to achieve process excellence with multiple ERPs - 3 Keys to success
How to achieve process excellence with multiple ERPs - 3 Keys to successHow to achieve process excellence with multiple ERPs - 3 Keys to success
How to achieve process excellence with multiple ERPs - 3 Keys to success
 
3 Procure to Pay zones that are overlooked and 3 sSolutions to get you in the...
3 Procure to Pay zones that are overlooked and 3 sSolutions to get you in the...3 Procure to Pay zones that are overlooked and 3 sSolutions to get you in the...
3 Procure to Pay zones that are overlooked and 3 sSolutions to get you in the...
 
How to take Procure-to-Pay (P2P) from tactical to value-adding
How to take Procure-to-Pay (P2P) from tactical to value-addingHow to take Procure-to-Pay (P2P) from tactical to value-adding
How to take Procure-to-Pay (P2P) from tactical to value-adding
 
Global business services infographic
Global business services infographicGlobal business services infographic
Global business services infographic
 
P2P GPO infographic
P2P GPO infographicP2P GPO infographic
P2P GPO infographic
 

Último

Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 

Último (20)

Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 

Master Data in the Cloud: 5 Security Fundamentals

  • 1. W H I T E PA P E R Your master data is essential to the smooth operation of your business. But it is also valuable to others. Master data is vulnerable to both internal and external attacks. As the future of business and data is increasingly cloud-based, we explore five fundamentals to ensure the security of your data. © sharedserviceslink and JPD Financial 2017 Master Data in the Cloud: 5 Security Fundamentals
  • 2. 1 One of the most important assets in your business is your data. Data, including your master vendor data, contains information essential to the day-to-day running of your organization. Without it, operations would come to a grinding halt. However it’s not just valuable to you. Master data can be a target, and it can be compromised in breaches, hacks, or data leaks (intentional or unintentional). In the wrong hands, this information could expose you to fraud; it could compromise sensitive business information; and it could seriously damage your reputation with current and future customers, as well as with shareholders and the business market at large. As automation becomes more common in business in the form of cloud-based technology, opportunities for data access increase. Thankfully, there are a number of precautions and preparations well worth considering before putting your sensitive master data into the cloud, which will help to make your transition much more secure. There are many valid concerns when it comes to data security Master data contains a huge amount of information that ensures your business is able to operate. But in the wrong hands, the possibilities are terrifying. Your master data contains commercially sensitive information about your business and your suppliers. It includes which suppliers you use, how much you spend with them, when their contracts are up for renewal and what their bank details are. The information in your master data can also lay the foundation for fraud that may happen in downstream processes in, for example, purchasing or payments. Given the relatively easy access to this sensitive data, it is surprising how infrequently this data gets the protection it needs. A 2016 sharedserviceslink survey shows that over one-third, 34% of respondents, had an incident of fraud in the last 5 years that could have been prevented with better vendor master data control. Regular checks and audits of your master data can go a long way to mitigate these risks. However many companies aren’t resourced to review and audit master data and supplier vendor data on a regular basis. Keeping on top of your supplier base for irregularities or credits that may be owed to you is a time-consuming task that often falls onto the shoulders of an over-worked accounts payable team who have other more pressing priorities. In the wrong hands, master data can be exploited: • Exposing which suppliers you use, and the exact amount you spend with them could reveal commercially sensitive or secret information. • Fraudsters (internal or external) could mimic existing suppliers, invoicing you with realistic-looking, fake invoices. • Bank details suppliers could be changed to re-direct payments to a fraudster. • Employee expenses can contain sensitive and private information. Have you had an incident of fraud that could have been prevented by better vendor master control? 34% 9% 57% No Yes, within the last 10 years Yes, within the last 5 years sharedserviceslink report: Get Proactive About your Vendor Data, 2016
  • 3. 2 The General Data Protection Regulation (GDPR) comes into effect on May 25th 2018. While it is a European Union (EU) regulation, if you process data about individuals in the context of selling goods or services to citizens in EU countries, then you will need to comply. Key compliance elements include: • Responding to data subjects’ requests about how their data is being used and requests to remove data • Notifying those affected by data breaches within 72 hours • Clarified data consent policies Non-compliance fines can be up to 4% of annual global turnover or 20 Million Euros, whichever is greater. To remain compliant, organizations must demonstrate compliance, and that can be done through enhancing data protection policies, staff training, internal audits and creating and improving security features on an ongoing basis. Third parties who specialize in auditing suppliers can help you manage these risks, and help you drive credit recovery, but a critical success factor is understanding the level to which these third parties will protect that data. The future of data is in the cloud In finance, as in businesses in general, the future is in the cloud. Any organization of a certain scale will have some of their business-critical data in online tools and in the cloud. Most finance automation tools today are much less likely to be installed on-premise. Rather, they will be online and cloud-based. Cloud-based applications not only save on the capital expenditure of installation, they are generally much easier to upgrade and deploy across your global business. Lastly, they provide best in class security features. Engage IT early in your search for providers Even very traditional companies are entrusting their data to cloud-based providers. As with any technology deployment, it’s important to engage your IT team early in the process, so that you understand what they need to see from suppliers. “I was under the impression that we managed the vendor statements internally and did not miss any opportunities for recoveries. Once I started to review, I identified that 45% of the vendors did not provide their statements.” Ed Martinez, Former VP of Shared Services and Owner and Senior Advisor of EPM Services. Getting IT and Finance on board with cloud technology “Our IT team are inherently conservative, and understandably so, because we work with a lot of client data, and we come from a banking background. So the concept [of moving finance automation onto the cloud] was radical to some, but contemporary to others. What helped us was IT had gone through a previous cloud implementation of a completely different product outside of the finance arena, so that helped set the scene and set the comfort level. We also worked well with our provider about the IT diligence. We were able to satisfy their concerns and meet the thresholds our IT team were looking for. I’d be stunned if any organization didn’t have some form of data going in and out of the business somewhere in the processes they operate, so there has to be data standards to it.” - Robert Bloor, Group Financial Controller, Equiniti
  • 4. 3 Nearly every company has, or will have, some data online, sitting in cloud-based tools. When it comes to implementation, it’s important to ensure the tools, access rules, controls, and procedures satisfy both IT and Finance’s requirements early in the process, before the tender has begun. The cloud may be more secure than on-premise. Many cloud-based service providers host data in secure, geographically separated, nondescript data centers. They use technology like biometrics and 24 hour video surveillance to prevent unauthorized access. On top of that, many leverage military-grade encryption of the data they host. These levels of security are impractical for most organizations on-premise. Many companies appreciate that they need to guarantee a level of physically secure encryption that is untenable for them to attain without partnering with a third party. A move to the cloud can be motivated by the need to increase data security levels, but optimum data security is not guaranteed or indeed offered by all third parties. Your master data is important, but it’s also vulnerable. When you are using third parties – particularly cloud-based third parties – what can you do to ensure it is secure? Master data security: 5 fundamentals There are some key requirements you should seek when it comes to protecting your master data. 1. Regularly audit your data and supplier information. No matter how rigorous your processes are, it’s always good to have a third party come and look over your shoulder every now and again. While good processes can mitigate many risks, and keep the quality of your master data high, auditing all of your supplier spend and looking for irregularities (such as duplicate payments) can be extremely time-consuming. This is where third parties can add real value. Audit recovery or vendor credit recovery firms can: • Check data against databases to verify existing records • Identify and red-flag any problematic suppliers • Alert you to credits owed to you (such as duplicate payments, credit notes or rebates) which can be a huge boost to your bottom line. 2. Have a strong user awareness program User awareness is a first line of defense, and a culture of security is important, both internally and with any third party you use. For you, or any provider who works with your master data, it’s essential to have a strong user awareness program in place for data security. Your IT team or subject matter experts may know where fraud is likely to occur, but not everyone who interacts with your data will know whether their actions are assisting or jeopardising your data controls. Users who interact with data should be aware of how fraud is likely to occur. Some will need education about the latest cyber threats, while others may need reminding not to trust an inbound call to change bank account details. Without a strong user awareness, data could be unknowingly compromised. It’s also important to have a culture of openness. If someone is worried they did something wrong,
  • 5. 4 or saw something suspicious, be sure to provide avenues for them to speak up, so you can catch issues early on. Ask any third party you use what user awareness programs they have, and if they can help you. 3. Ensure you and your providers have a security policy that keeps up with the changing landscape Your providers’ security policy should exceed your expectations. Data security doesn’t happen through chance. It’s a result of stringent policies and rigorous checks. Be sure to ask your service provider about their security policies and bring in your IT team early on in the process to make sure their policies meet, or exceed your own IT due- diligence testing. Some key elements to understand: • Who will be handling your information? Who from their organization has access to your data, and what checks have they undergone (for example do they sign Non- Disclosure Agreements?) • What security checks do they have in place? Do they use penetration testing (testing to find vulnerabilities and weaknesses in your security)? • What is their data loss prevention plan? 4.Askwhichdatastorageproviderstheyuse If you are using a Software-as-a-Service provider, they are only as secure as their partners. Most automation or SaaS providers will partner with large data warehouses. Many use companies like Amazon, Salesforce, Microsoft or Box to manage data securely. If you are evaluating providers, also evaluate who they partner with and what controls they have in place. • How will the data be encrypted? • What access controls are in place? • What back-up of data is done? 5. Data compliance checks: Compliance documents are essential to ensure data is being processed safely and securely, and that regulators’ requirements are met. Data compliance is a fast-moving landscape, and you will want to check that your supplier is up to the current standards.There is a huge amount of documentation needed to be compliant – some of the key certifications include SSAE-16 and US-EU Safe Harbor. Also, be sure to ask what they are doing to prepare for the General Data Protection Regulation (GDPR) and how they can help you prepare. Companies you can trust with your data will be proud of their compliance standards, and should share these with you openly. Will third parties keep your data safe? Key questions to ask: • What kind of penetration testing do you do? • Will you help us with our user awareness program? • Which storage providers do you use? And what level of security and encryption will there be? • What compliance checks do you use (i.e SSAE-16, US-EU Safe Harbor)? • What is your Data Loss Prevention Plan? • How are you preparing for the GDPR? • Who in your organization can access our data, and what checks have they undergone?
  • 6. 5 © sharedserviceslink and JPD Financial 2017 In Summary As data is valuable to your company, it’s also valuable to outsiders. As your information will almost inevitably sit within the cloud, there are a number of things you can start checking, to ensure that you remain secure. Third parties can bring significant benefit to the management of your vendor master data, but they can also bring risk. Engage IT early in the process, and don’t be afraid to ask some tough questions – based on the five fundamentals – about security. About JPD Financial As the audit landscape continues to evolve, JPD has become proficient in rebalancing expectations and offering a solution that is advantageous to our clients. Our advanced recovery credit services, together with quality communication processes, produce the best results. This personal approach strengthens the relationships of our customers and delivers the highest level of satisfaction and reward. To ensure that JPD achieves the most comprehensive data security for our clients, we have enlisted several industry-leading technology partners. Our partners include; Salesforce, Box, Microsoft, Rackspace Cloud, S-Net Communications and Informatica. All JPD employees must sign confidentiality agreements, and an independent third party is used to conduct random penetration testing. JPD’s On-Demand client portal is cloud based, leveraging the Salesforce platform. This solution will not require any physical deployment of software or hardware, thereby providing the flexibility of allowing credit management functions to be performed from anywhere our clients operate. JPD partners with Box so that our clients can securely transfer highly confidential and sensitive information. Box utilizes military grade encryption, customized Box shared links with passwords, expiration dates and restricted download access as security measures when our clients are transferring data. JPD Financial –“Helping you take the credit…. Securely” For more information email contact@jpdfinancial.com