Sourcing Speak

Head in the Clouds: Optimizing Your Multicloud Strategy

Posted March 23, 2022

By James W. McPhillips and S. Michelle Ki

James W. McPhillips

S. Michelle Ki

Modern cloud computing only came into existence about 20 years ago, but now virtually all enterprises (99%) are using cloud services. Cloud adoption accelerated further in the last two years because of the COVID pandemic as a result of an increase in remote work, the evolution of online business strategies (e.g., e-commerce), and the focus on business resilience. In addition, given budget uncertainties, moving technology tools, data and storage to the cloud usually results in significant cost savings to an organization, which is the top priority for organizations using cloud services six years in a row.

New EU Guidance Clarifies When Data Transfers Need to be “Safeguarded”

Posted November 30, 2021

By Steven P. Farmer, Scott Morton and Mark Booth

Steven P. Farmer

Scott Morton

Mark Booth

The European Data Protection Board (EDPB), the body which represents EU data protection authorities, has adopted guidelines (Guidelines) confirming when transfers need to be “safeguarded” in accordance with the GDPR (and importantly when they do not). In particular:

As European Regulators Take the Use of Cookies More Seriously, Here Are the Basics for Compliance

Posted September 29, 2021

By Steven P. Farmer and Scott Morton

Steven P. Farmer

Scott Morton

This week the European Data Protection Board (EDPB), a body that represents European data protection authorities, set up a new cookie banner taskforce. The new taskforce will coordinate the response to over 400 complaints concerning cookie banners filed by a nonprofit organization founded by Max Schrems, None of Your Business (NOYB).

Before You Sign—Options and Opportunity in IBM’s Latest Reinvention

Posted March 8, 2021

By Aaron M. Oser, Joseph E. Nash and Roger C. Roy Jr.

Aaron M. Oser

Joseph E. Nash

Roger C. Roy Jr.

Major mergers and spin-offs by IT service providers are rare, but when they occur (e.g., Xerox’s acquisition of ACS in 2010 and Atos’ subsequent acquisition in 2014, HPE’s 2017 spin-off of its Enterprise Services business and merger with CSC in the form of DXC), pause and consider your options. These are major corporate events that generally redirect a supplier’s focus and internal attention on change management, creating a new business model and developing a corporate culture—not easy stuff and in some cases can have a direct impact on “how” and “how well” services are provided to customers. At a minimum, important contracting work may preserve commitments and benefits of your existing deal.

Defying Data Gravity: Vertical Cloud Computing, Hybrid Tools and Usage Rights

Posted March 1, 2021

By Ash Masrani

Ash Masrani

The last decade saw explosive growth in enterprise migration to the cloud, a trend driven by the promise of lower overhead costs and greater scalability. Given this, many have made the leap and moved both non-mission-critical workloads and mission-critical functionality into the cloud.

This is where “data gravity,” a phrase coined by Dave McCrory comes into play. Data gravity is the “effect that attracts large sets of data or highly active applications/services to other large sets of data or highly active applications/services, the same way gravity attracts planets or stars.” So, in the simplest terms, data gravity is the idea that increasing volumes of data can cause data to function like an anchor, making it increasingly difficult to move as the data in question continues to increase.

U.S. Financial Regulators Propose Rule that Supervisory Guidance Does Not Equal Law

Posted November 2, 2020

By Andrew L. Caplan

Andrew L. Caplan

On October 20, 2020, a consortium of U.S. federal financial regulators (Regulators)[1], issued a proposed rule (Proposed Rule) that, if enacted, would codify that mere supervisory guidance that is not the product of notice and comment rulemaking—e.g., interagency statements, advisories, bulletins, policy statements, and FAQs—does not have the force of law. The Proposed Rule would further clarify that the Regulators will not take enforcement actions (including less draconian supervisory actions, like issuing “matters requiring attention”) based on violations of, or non-compliance with, such guidance.

Managing Security Risk: How COVID-19 Pandemic and Work-from-Home Arrangements Pose New Security Considerations

Posted May 11, 2020

By Meighan E. O'Reardon and Mia Rendar

Meighan E. O'Reardon

Mia Rendar

As if a global pandemic was not enough to trigger hypervigilance, cybercriminals have seized the COVID-19 crisis as an opportunity to exploit individuals’ and organizations’ cybersecurity vulnerabilities.

The FBI anticipates a rise in cyber-exploitation during this time, and has warned citizens of the various means of launching a cyberattack. In recent months, amid the precautions and stay-at-home orders to curb the spread of COVID-19, the global workforce has changed drastically to work-from-home environments. This shift poses its own unique risks to both personal cybersecurity, and that of third-party service providers. What’s more, cyber actors are capitalizing on panic and uncertainty by using insidious means to gain access to the personal information of businesses and individuals. Your organization should consider some of the following cyber risk factors as we continue to navigate this unprecedented COVID-19 crisis.

EU Publishes Privacy Guidance on the Use of Contact Tracing Technology in the Fight Against COVID-19

Posted April 24, 2020

By Steven P. Farmer and Rafi Azim-Khan

Steven P. Farmer

Rafi Azim-Khan

‘Contact tracing’ is a process used by public health officials to identify individuals who may have come into close proximity with a contagious virus, such as COVID-19. Traditionally, infected persons are asked to identify interactions with people whilst infected or in the days leading up to infection being diagnosed. Health practitioners can then contact those at risk to warn them of potential exposure, what steps to take and how to avoid infecting others.

As COVID-19 Affects a Wide Range of Business Functions, Scrutiny of BC/DR plans Is Essential

Posted March 27, 2020

By Pillsbury's Global Sourcing Team

Pillsbury's Global Sourcing Team

Business continuity and disaster recovery (BC/DR) plans are an essential element of your and your suppliers’ business—an increasingly apparent fact as we now face the uncertainty caused by COVID-19. Your agreements with suppliers and service providers likely account for exigent circumstances via force majeure and BC/DR provisions, and reviewing and updating those contingencies now is imperative. In “Time to Review Your (and Your Suppliers’) Business Continuity and Disaster Recovery Plans,” Aaron M. Oser, John L. Barton and Mia Rendar discuss in depth the scrutiny of BC/DR plans that could prove crucial during the pandemic.

Flexibility and Communication During COVID-19

Posted March 17, 2020

By Pillsbury's Global Sourcing Team

Pillsbury's Global Sourcing Team

In managing relationships with their suppliers during the pandemic, companies will find it in their interest to show some flexibility—but only within certain parameters. In “COVID-19: BCP and Remote Work Notifications from Suppliers,” colleagues Vipul N. Nishawala, Aaron M. Oser and Mario F. Dottori take a practical look at just what this means for often global networks of third-party suppliers and the companies that employ them.

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this: