Four F.U.Ds of the Cloud Discussed – Dissected – Debunked Technology Services Forum Event March 12, 2014 Event Sponsor Series Sponsor Gartner defines cloud computing as a style of computing in which scalable and elastic IT-enabled capabilities are delivered as a service using Internet technologies. Access Anywhere Power of Now Multiple Devices F.U.D. Cloud Data Redundancy Convenience Cost Savings ADOPTION OF THE CLOUD WHILE REMAINING SECURE Adam Shnider Vice President March 12, 2014 Adam A. Shnider, Vice President Profile Adam Shnider is a Vice President at Coalfire Systems. Adam has extensive experience in audit planning, enterprise risk management and information security. His experience includes serving clients in compliance efforts for a variety of technologies and cloud environments for HIPAA, PCI, FISMA, FedRAMP, FFIEC, GLBA, and SOX. Mr. Shnider has served hundreds of clients by delivering security implementations and audits utilizing PCI, CISP, SDP requirements, COBIT, ISO17799/27001, FFIEC, FISMA/FedRAMP NIST 800-53 and proprietary methodologies. Adam has also assisted clients in designing and implementing information security programs and architectures for a variety of industries, applications and platforms including emerging technologies such as mobile, virtualization and cloud computing. Mr. Shnider holds numerous industry certifications including Certified Information Systems Security Professional (CISSP), Certified Information Systems, Auditor (CISA) and Certified Information Security Manager (CISM). Adam is also a Payment Card Industry Qualified Security Assessor (QSA). He also has his Bachelor of Science degree from The Ohio State University. Certifications Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) Certified Information Systems Auditor (CISA) Payment Card Industry Qualified Security Assessor (QSA) Ten Security Considerations for Cloud Adoption 1. Determine use of the cloud and what data/functions you want to move 2. Be aware of applicable regulatory requirements 3. Know the risks with moving to the cloud specific to your organization 4. Understand the controls and security tools that the CSP offer for customers 5. Read contracts to understand data ownership and e-discovery protocol 6. Understand responsibilities ownership between your organization and CSP 7. Vendor management is important! 8. Risk Assessments and monitoring current trends is critical 9. Review the audits/certifications performed and determine alignment with requirements 10. PLAN FOR CHANGE!!! QUESTIONS? Adam A. Shnider CISSP, CISM, CISA, QSA Vice President [email protected] Cloud Financial Considerations Chris Wheaton March, 2014 Background • Currently, I run the Customer Success Operations group at Jive Software. • I have spent 30 years in services since graduating from the University of California, Los Angeles in 1985. • I earned Certified Public Account certificate will at Price Waterhouse. • I left Price Waterhouse to start a Professional Services firm with two PW colleagues in 1995. Through fortuitous timing and hard work that firm grew to 1000 employees and was purchased by Hewlett Packard in 2007. • I took three years off and then took a job with Success Factors the leader in Cloud solutions for the Human Capital Management market. I joined SF because I wanted to learn about how cloud companies ran differently than traditional on premise software models. Success Factors was purchased by SAP in 2013. • In July of 2013, I left SF and I began with Jive and I am embracing Social Collaboration in the workplace. 13 © Jive confidential Cloud Product Companies Valuations • Cloud product companies have extremely high valuations in today’s market 10x to 20x revenue is not uncommon. • Services company valuations are 1x to 3x revenue. • Key items that drive valuations for a product company are committed monthly revenue growth and cash flow. • This puts cloud product companies in a predicament as it relates to their services portfolio: – Services are key to protecting the recurring revenue stream; – If the services percentage of overall revenue actually grows valuation goes down. • This presents an opportunity for potential cloud partners 14 © Jive confidential External View Investment Bankers View of the Cloud 15 © Jive confidential Metrics in More Detail 16 © Jive confidential Internal View Cloud Company Revenue Revenue Components • Minimize PS to maximize overall margin Target Margin 45% Key to customer adoption and renewal of revenue stream Target Margin 55% Target Margin 80% Revenue Recognition Rules Make things worse • Current accounting rules require service revenue sold in conjunction with a subscription license must be recognized over the period of the subscription regardless of the implementation timeline. • Example: – We sell $100,000 of services with a 36 month subscription agreement/ – The implementation takes 5 months for a cost of $55,000 which results in a good project margin of 45%. – Issue: It takes 20 months to recoup just the cost of the implementation. 18 © Jive confidential So What? • Cloud companies need good implementation partners - Cloud companies are always seeking qualified partners because if they can move the implementation off their books it improves their valuation. • Same is true with support – Migrating support to partners where possible is also something more cloud companies are doing. • What makes a good partner: – They self enable – no negative cash outflow for cloud company – They stand behind the product and their work – the protect the recurring revenue stream. – They help in the sales cycle – The support identifying and closing net new deals 19 © Jive confidential 3 hubbub in the cloud why we chose it how we got there what it costs and saves what it means to us Photo by Keith Pomakis on 2005-07-05 2 Introduction Adam Lynch co-founder VP Product & Technology hubbub health [email protected] twitter: @adamlynch favorite challenge: 8,000 Steps. Every. Day. hubbubhealth.com/employers 4 hubbub was a green field opportunity http://stockarch.com/images/business-and-industry/farming/green-field-under-cloud-3934 4 All we had was the idea != http://www.chineselight.com/uploads/130107/1_114009_1.jpg http://www.hdwpapers.com/money_stacks_wallpaper-wallpapers.html 5 hubbub’s haves/have nots in 2010 have not have idea cash sense of urgency sense of certainty expertise / experience tons of people window of opportunity lots of time to make the perfect decision Corporate IT? No. 6 http://www.computersciencelab.com/ComputerHistory/HistoryPt4.htm 7 Traditional hosting? Better but still not right. http://www.webhostingbuzz.com/data-center.php 8 Cloud options? Maybe, but which one? 8 We needed to get started fast. http://eofdreams.com/cheetah.html 9 We needed to think big but begin small. http://i.dailymail.co.uk/i/pix/2010/12/03/article-1335369-0C54D99A000005DC-39_634x449.jpg 11 We needed the ability to grow on demand. http://www.inc.com/paul-spiegelman/company-culture-manage-growing-workforce.html What did we do? 13 Technical stack - Architecture Yeah but how much does it cost? 13 http://autorepairgreeley.com/car-care-club/ Doesn’t it add up fast though? 13 https://coolhub.imsa.edu/web/talent That seems like a lot. Is that a lot? 13 https://encyclopediadramatica.es/UNIX That guy costs 120k *per year*. And we’ve never employed that guy. 7 Not to mention, we’ve never bought any of this. http://www.webhostingbuzz.com/data-center.php Forget about money. What else does it give us? 11 work from anywhere 11 http://www.womenshealthmag.com/yoga/yoga-for-greater-flexibility 24 “Make your desk anywhere” Enough already. What’s the one thing I need to know? Don’t be afraid. 11 http://www.funelf.net/dont-be-afraid-my-friend/ 11 Adapt to fit the situation http://tidalseven.com/square-peg-round-hole-collaboration/ Questions? thank you! Adam Lynch @adamlynch [email protected]