Cloud Risk Governance Consulting Rolf A. Becker
Controlling Information Security

Cloud Risk Governance
Consulting by Rolf A. Becker

Deliver your Cloud Risk Governance Framework

Hands-on experience and expertise in defining, implementing, applying and performing cloud risk governance for internal and external cloud adoption for global institutions.

I can effectively support you to establish cloud risk governance.

Industry Leading Experience

More than 30 years of experience in the Financial Industry

More than 12 years of experience as Information Security Specialist

Head (retired) of Cloud Governance for large global institution

Co-founder and Co-Chair of the European User Group Entreprise & Cloud Data Protection
Co-Chair of Cloud Security Alliance Switzerland Chapter

Chair of Entreprise Authority to Operate Working Group of the Cloud Security Alliance

Cloud Security Alliance Financial Services Leadership Committee Member

 

Rolf A. Becker has designed, implemented, executed and performed Cloud Risk Governance for global adoption of cloud for a large global Financial Institution. This included the definition of a risk control governance and management framework for cloud based infrastructure and platform services, and the delivery of a comprehensive supply chain cloud control assessment, remediation and control framework.

 

With the European User Group Entreprise & Cloud Data Protection, Rolf A. Becker has driven and steered a regulatory and controls compliant design of cloud implementation for one of the large scale Cloud Service Providers, enabling adoption of cloud based platform services by corporations processing also restricted jurisdiction regulated data.

 

With his contribution to the Cloud Security Alliance, Rolf A. Becker is shaping the development of cloud controls and the respective control framework for the benefit of transparency over and improvement of controls compliance for cloud based services.

Cloud Risk Governance

Business always involves risk.

Some of these risks you may be aware of, others may be hidden.

Even doing nothing will entail risk.

You must control the risks you incur.

 

 

 

Controlling risks means:

  • Identifying

  • Assessing

  • Mitigating

  • Remediating

  • Deciding

  • Monitoring

  • Supervising

  • Intervening

  • Reporting

any of the above, in cycles, and at any time

 

 

Governance means:

  • Defining and following a Cloud Strategy
  • With central ownership involving all relevant stakeholders
  • With binding executive enforcement power
  • Based on a defined set of Cloud Control Requirements
  • Which are linked to and enforced by a Control Framework
  • Implemented according to an agreed Shared Accountabilities Matrix Framework
  • Adherence to which can be monitored and measured at any point in time
  • Covering direct and indirect supply chain cloud adoption
  • Involving all relevant stakeholders
  • With the right level of authority
  • Including Interaction with Regulators

Supply Chain Risk Management Framework

imagine your supplier being hacked

Your company's data under ransom

Your customers grilling you

regulators questioning you

 

Your suppliers are often less secure than you would accept for yourself.

 

Your Supply Chain May be much deeper nested than you are even aware of.

 

 

The weakest link in the Chain is breaking

 

Believing is not good enough.

Zero Trust must be your approach

 

You must control the risks you incur.

 

 

 

Controlling risks means the same as for your own cloud adoption:

  • Identifying

  • Assessing

  • Mitigating

  • Remediating

  • Deciding

  • Monitoring

  • Supervising

  • Intervening

  • Reporting

any of the above, in cycles, and at any time.

 

Even worse: Applying even more scrutiny

  • Because these are service providers outside of your own organisation
  • To whom you entrust processing of your customers' or your own data
  • Affecting your company's most valuable assets: clients' trust and your reputation
  • But without you having direct control over the data protection throughout your supply chain

 

 

 

Your company remains accountable for the protection of your customers' and your own data. A data breach somewhere in your supply chain still puts your company on the spot for inappropriate risk management or neglect of data protection.

 

 

 

Governance means:

  • Defining and following a Cloud Strategy which includes the entire supply chain

  • With central ownership involving all relevant stakeholders
  • With binding executive enforcement power
  • Based on a defined set of Cloud Control Requirements
  • Including broader Information Security and Data Protection Requirements
  • Which are linked to and enforced by a Control Framework
  • Implemented according to an agreed Shared Accountabilities Matrix Framework
  • Which can be assessed for with audit proof evidence
  • For which non-compliance is effectively remediated
  • With contractually binding commitments
  • Adherence to controls and contract clauses can be monitored and measured at any point in time

  • Throughout the entire supply chain cloud adoption i.e. down to any nth level sub-contractor or sub-service provider, and including their processing of your data in any cloud based services

  • Involving all relevant stakeholders

  • With the right level of authority.