Sourcing Speak

Defying Data Gravity: Vertical Cloud Computing, Hybrid Tools and Usage Rights

Posted March 1, 2021

By Ash Masrani

Ash Masrani

The last decade saw explosive growth in enterprise migration to the cloud, a trend driven by the promise of lower overhead costs and greater scalability. Given this, many have made the leap and moved both non-mission-critical workloads and mission-critical functionality into the cloud.

This is where “data gravity,” a phrase coined by Dave McCrory comes into play. Data gravity is the “effect that attracts large sets of data or highly active applications/services to other large sets of data or highly active applications/services, the same way gravity attracts planets or stars.” So, in the simplest terms, data gravity is the idea that increasing volumes of data can cause data to function like an anchor, making it increasingly difficult to move as the data in question continues to increase.

U.S. Financial Regulators Propose Rule that Supervisory Guidance Does Not Equal Law

Posted November 2, 2020

By Andrew L. Caplan and Cassie Lentchner

Andrew L. Caplan

Cassie Lentchner

On October 20, 2020, a consortium of U.S. federal financial regulators (Regulators)[1], issued a proposed rule (Proposed Rule) that, if enacted, would codify that mere supervisory guidance that is not the product of notice and comment rulemaking—e.g., interagency statements, advisories, bulletins, policy statements, and FAQs—does not have the force of law. The Proposed Rule would further clarify that the Regulators will not take enforcement actions (including less draconian supervisory actions, like issuing “matters requiring attention”) based on violations of, or non-compliance with, such guidance.

Managing Security Risk: How COVID-19 Pandemic and Work-from-Home Arrangements Pose New Security Considerations

Posted May 11, 2020

By Meighan E. O'Reardon and Mia Rendar

Meighan E. O'Reardon

Mia Rendar

As if a global pandemic was not enough to trigger hypervigilance, cybercriminals have seized the COVID-19 crisis as an opportunity to exploit individuals’ and organizations’ cybersecurity vulnerabilities.

The FBI anticipates a rise in cyber-exploitation during this time, and has warned citizens of the various means of launching a cyberattack. In recent months, amid the precautions and stay-at-home orders to curb the spread of COVID-19, the global workforce has changed drastically to work-from-home environments. This shift poses its own unique risks to both personal cybersecurity, and that of third-party service providers. What’s more, cyber actors are capitalizing on panic and uncertainty by using insidious means to gain access to the personal information of businesses and individuals. Your organization should consider some of the following cyber risk factors as we continue to navigate this unprecedented COVID-19 crisis.

EU Publishes Privacy Guidance on the Use of Contact Tracing Technology in the Fight Against COVID-19

Posted April 24, 2020

By Steven P. Farmer, Rafi Azim-Khan and Joseph Devine

Steven P. Farmer

Rafi Azim-Khan

Joseph Devine

‘Contact tracing’ is a process used by public health officials to identify individuals who may have come into close proximity with a contagious virus, such as COVID-19. Traditionally, infected persons are asked to identify interactions with people whilst infected or in the days leading up to infection being diagnosed. Health practitioners can then contact those at risk to warn them of potential exposure, what steps to take and how to avoid infecting others.

As COVID-19 Affects a Wide Range of Business Functions, Scrutiny of BC/DR plans Is Essential

Posted March 27, 2020

By Pillsbury's Global Sourcing Team

Pillsbury's Global Sourcing Team

Business continuity and disaster recovery (BC/DR) plans are an essential element of your and your suppliers’ business—an increasingly apparent fact as we now face the uncertainty caused by COVID-19. Your agreements with suppliers and service providers likely account for exigent circumstances via force majeure and BC/DR provisions, and reviewing and updating those contingencies now is imperative. In “Time to Review Your (and Your Suppliers’) Business Continuity and Disaster Recovery Plans,” Aaron M. Oser, John L. Barton and Mia Rendar discuss in depth the scrutiny of BC/DR plans that could prove crucial during the pandemic.

Flexibility and Communication During COVID-19

Posted March 17, 2020

By Pillsbury's Global Sourcing Team

Pillsbury's Global Sourcing Team

In managing relationships with their suppliers during the pandemic, companies will find it in their interest to show some flexibility—but only within certain parameters. In “COVID-19: BCP and Remote Work Notifications from Suppliers,” colleagues Vipul N. Nishawala, Aaron M. Oser and Mario F. Dottori take a practical look at just what this means for often global networks of third-party suppliers and the companies that employ them.

European Banking Authority Outsourcing Guidelines: Time to Act

Posted September 30, 2019

By Lee Rubin

Lee Rubin

From September 30, 2019, new guidelines on outsourcing arrangements (Guidelines) issued by the European Banking Authority (EBA) will apply to all outsourcing arrangements entered into, reviewed or amended on or after this date. The Guidelines aim to establish a more harmonized framework for all financial institutions that are within the scope of the EBA’s mandate, including credit institutions, investment firms and payment institutions. All financial institutions must also update all existing outsourcing arrangements in line with the Guidelines by December 31, 2021.

The Guidelines will have an impact that is much wider than just European markets. As large scale outsourcing deals typically benefit global operations, even where deals are being led out of the United States they will need to take account of the Guidelines if European businesses are to be service recipients.

Financial institutions should act now to address the key considerations of the Guidelines:

Third-Party Supply Chains and Corporate Modern Slavery Compliance

Posted July 26, 2019

By Pillsbury's Global Sourcing Team

Pillsbury's Global Sourcing Team

Recently, third parties have been petitioning the U.S. Customs and Border Protection (CBP) to initiate investigations into forced labor violations involving specific manufacturers/exporters and specific merchandise. In “Slavery in Supply Chains: CBP Petitions Raise New Forced Labor Compliance Risks,” colleagues Nancy A. Fischer, Sahar J. Hafeez and Stephanie T. Rosenberg examine the role these petitions play in the growing fight against corporate modern slavery and how proactively engaging in corporate modern slavery compliance is necessary from both corporate social responsibility and risk management perspectives.

Data Breaches, Bankruptcy and the Importance of Cyber Insurance

Posted July 19, 2019

By Pillsbury's Global Sourcing Team

Pillsbury's Global Sourcing Team

A recent data breach and subsequent bankruptcy combine to form a cautionary tale on the importance of cyber insurance. On our Insurance & Recovery blog Policyholder Pulse, in “From Data Breach to Bankruptcy – A Cautionary Tale for Those Without Cyber Insurance,”colleagues Matthew G. Jeweler, Meighan E. O’Reardon, Curtis A. Simpson and Robert Shoemaker examine the data breach suffered by American Medical Collection Agency and how that forced its parent company, Retrieval-Master Creditors Bureau Inc., into Chapter 11.

The Fed May Increase Cybersecurity Standards for Large Financial Institutions and their Service Providers

Posted June 12, 2019

By Andrew L. Caplan, Meighan E. O'Reardon and Michelle Ki

Andrew L. Caplan

Meighan E. O'Reardon

Michelle Ki

The Board of Governors of the Federal Reserve System has recently indicated it may move forward with enhanced cybersecurity standards that had previously been floated by the Board, the Office of the Comptroller of the Currency (OCC) and the Federal Deposit Insurance Corporation (FDIC) back in 2016. Specifically, in October 2016, the Board, the three entities issued a joint advance notice of proposed rulemaking (ANPR) on enhanced cybersecurity standards before deprioritizing it in 2017. While the OCC and the FDIC withdrew their ANPRs earlier this Spring, the Board may revive the issue this coming Fall.

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this: