SureCloud - Experts & Thought Leaders

SureCloud, the pioneer of Dynamic Information Security and a leading Governance, Risk, and Compliance (GRC) company, has announced the appointment of Tom Obermaier as Chief Executive Officer. Work experience Over a 30-year career, Mr. Obermaier has established himself as a transformative leader, driving growth and innovation across multiple organisations, most notably SurePoint Technologies and RDC DataCorp Inc. He played a pivotal role in the creation of the legal industry’s first SaaS (Software as a Service) ERP solution at SurePoint Technologies, increasing annual recurring revenue (ARR) by a factor of ten in less than three years.  Similarly, as the CEO of RDC DataCorp Inc, he is renowned for creating the leading “Customer Risk Diligence” standard and for expanding the company's footprint internationally before it was sold to Moody’s Analytics. Risk management and legal tech experience His proven ability to build and grow teams, strategic vision, and understanding of SaaS makes him the perfect fit" John Hawkins, Chairman of SureCloud, said, “Tom brings a wealth of knowledge and insights to our team, drawn from his extensive risk management and legal tech career." "His proven ability to build and grow teams, strategic vision, and deep understanding of the SaaS landscape make him the perfect fit for our organisation. We are extremely excited to welcome Tom to the SureCloud family.” Technology, innovation, expertise "I am honoured to lead the SureCloud Community, a truly unmatched team of extraordinary customers united in the fight against cyber criminality,” said Mr. Obermaier. “I, along with hundreds of talented industry experts who run SureCloud, am humbled and honoured with the responsibility of materially assisting our community in this mutual challenge. Our technology, spirit of innovation, expertise, and operational delivery, place SureCloud at the forefront of protecting our community and society at large from this unrelenting menace.” Risk management expert Mr. Obermaier is globally recognised as a risk management expert, advising prestigious governmental bodies throughout the world.  He has served as a Chief Risk Officer at Citibank and Deutsche Bank, overseeing thousands of employees and trillions in risk limits. His contributions to the industry have earned him numerous awards, including an eight-time Deloitte Fast 500 Technology Company designation and a nomination by Goldman Sachs as one of the “Most Intriguing Entrepreneurs in the World,” in 2015.

SureCloud, a globally renowned provider of Governance, Risk, and Compliance (GRC) solutions and cyber security services, has announced the launch of its Internal Audit Management solution. Combined with its tools for managing enterprise risk, IT risk and compliance, SureCloud now offers customers the ability to implement the full ‘three lines of defence’ as recommended in the Institute of Internal Auditors’ model for effective and efficient governance, risk management and control. This widely used model is designed to coordinate risk and control management across the organisation, by mapping out responsibilities for day-to-day management (the ‘first line’), monitoring and oversight (the ‘second line’), and independent assurance (internal audit; the ‘third line’). Internal Audit Management cloud-based solution Internal Audit Management is a cloud-based solution designed to help organisations manage the audit process Internal Audit Management is a cloud-based solution designed to help organisations efficiently manage the entire audit process, from planning, risk assessments, and fieldwork to findings, issue management, and reporting. With Internal Audit Management, organisations gain total oversight and visibility. Utilising pre-built work papers, workflow, and notifications, Internal Audit Management streamlines and accelerates audit engagements, removing the need for manual and repetitive tasks. Real-time reporting, with built-in business logic, helps organisations identify which areas are at risk so they can act quickly to mitigate them. Effective management of audit workload “We worked with our clients to understand their needs and designed a solution that will help any organisation become more effective at managing its audit workload. Organisations face an audit burden that is increasingly difficult to implement, execute and evidence, to ensure they meet their regulatory requirements,” said Alex Brown, the Vice President (VP) of Product at SureCloud. Alex Brown adds, “Too many still manage their processes inefficiently, using documents, spreadsheets, and email chains. Now, more than ever, it’s vital that organisations take an agile and streamlined approach to internal audit management that is fully scalable and flexible, enables accurate and comprehensive reporting and ultimately, will support the business now and into the future.”

SureCloud, a provider of IT governance, risk, and compliance (IT GRC) cloud-based solutions, has launched an innovative go-to-market approach for its customers to help simplify and de-risk their investment in IT GRC. The new approach has been devised as a response to typical industry pain points, such as failed implementations and additional, unforeseen services costs, that make investments in GRC technology risk for customers who find it almost impossible to ‘futureproof’ their solution of choice. Ongoing configuration changes SureCloud, which has served the IT GRC market since 2014, has opted to completely remove the heavy up-front costs usually associated with GRC software implementation and ongoing configuration changes. Instead, customers will have the freedom to focus on what they want their solution to do rather than worry about how many professional service days to purchase. Typically, a GRC software provider will charge an annual license fee and layer implementation and ongoing configuration services on top as an additional cost, often partnering with a third party to implement their solutions. This approach can put pressure on customers to get the implementation right ‘first time’, leading to a tendency to overload the initial project with functionality that ‘might’ be needed in the future. This can result in overcomplicated designs, which can have a high risk of failure in an operational environment. Changing business environment GRC solutions often need adapting over time to meet the changing business environment Moreover, GRC solutions often need adapting over time to meet the changing business environment, and the requirement for ongoing configuration changes after the initial implementation can present unexpected and unbudgeted costs to the customer. Recognising these challenges, SureCloud, which has its own in-house team of implementation experts, has opted to no longer charge customers for its implementation and ongoing configuration services. Over the course of their subscription, customers benefit from a fully configurable solution without having to secure budget increases or be blindsided by unexpected costs. And they get a fully aligned GRC technology partner incentivised to ensure a smooth and successful implementation.  Making right decisions “Feedback from customers reveals that our new approach gives them the certainty of running costs, enabling them to demonstrate what a continual run rate looks like without unpredictable spikes in additional services,” says Nick Rafferty, SureCloud’s COO and Co-Founder. “And by not charging for implementation services, customers can be driven by timescales that are closely aligned with the delivery of outcomes, rather than resource costs and a tendency to over-scope the initial implementation. This means that they can focus on the end game and make the right decisions for their business.” 

At the start of the millennium, GRC was still very much in its infancy. Fast forward to 2022 and it is no longer seen as a siloed process. Now it is an organisation-wide concern that permeates every decision from C-suite to the shop floor. And its evolution shows no sign of slowing down as modern solutions are changing the way that GRC processes are delivered and embedded into day-to-day operations within organisations. So, what does the future look like? In an era where risk is accelerating, we need to look back to the past in order to understand the challenges that will shape tomorrow’s landscape. The past Historically the GRC market has been underserved. If you look back to the turn of the century when the market first began to form, everyone was doing things differently and there was no standardisation or best practice for companies to follow. What you’d find is that different companies were doing things in different ways, performing certain aspects of the wider GRC framework while ignoring others. Instead, it formed out of a collection of various concerns ranging from the 2001 Enron scandal This is largely due to how GRC came into operation. It never started from a clean slate, nor went in a single direction. Instead, it formed out of a collection of various concerns ranging from the 2001 Enron scandal and the introduction of SOX to the 2008 financial crisis, to concerns over financial controls and the assurances over the filing of listed companies. Providing quantitative outputs Since then, there has been a huge amount of evolution in the GRC market as risk management methodologies and processes become increasingly more sophisticated to provide quantitative outputs. There’s far less ambiguity today than there was in the past thanks in no small part to the software solutions that have sprung up to help companies manage their GRC processes. Yet there is still a misalignment between GRC needs and much of the software that is being used to help address them. While organisations are crying out for functionality and flexibility, many are still left wrangling incredibly complex platforms that aren’t delivering the business quantifiable and measurable outcomes they need today. The present The good news is that there is now significant investment in GRC within organisations The good news is that there is now significant investment in GRC within organisations. Companies are adopting software, implementing policies, and putting the resources in place to implement effective GRC systems. Clearly, much of that has been driven by compliance and contractual requirements. But businesses have also started to realise the value of GRC to their bottom lines. Nevertheless, in the current landscape, many organisations still face challenges when it comes to utilising their GRC system effectively. Part of the problem is that GRC is increasingly siloed. At best it’s integrated across an organisation, but at worst it’s treated as little more than a tick-box exercise - in other words, just doing enough to ensure the company doesn’t get in trouble instead of adding business value like being secure or quicker to onboard suppliers. Ineffective risk management This can lead to ineffective risk management as organisations only have individual pieces of the jigsaw rather than the whole puzzle, and ultimately this means that they can't fully appreciate the full spectrum of risks that they face. The siloed nature of GRC processes also creates unnecessary complexity The siloed nature of GRC processes also creates unnecessary complexity. If each team or sector has its own risk management processes, it can create a confusion of mismatched systems and frameworks. That’s why many organisations turn to software in the hope that it can help to bring everything together in one place. However, software alone cannot solve this problem. Without first addressing the root cause of an organisation’s issues, implementing software only exacerbates it - becoming a huge cost center in the process. The future Technology is helping to shape the future of GRC. Increased automation means that organisations can not only see the bigger risk and compliance picture but respond to issues in real-time. AI will be a huge driver for change and looks set to become an increasingly prominent part of the GRC landscape. It’s critical because it has the potential to truly automate the GRC process and apply learning or past behavior to future threats. Perhaps most interestingly, AI also frees up people to stop working reactively. Typically, at the moment, we see that organisations aren’t using GRC to solve any tangible business problems but are instead looking to tick a box for auditors or regulators. All too often that means that their highly skilled experts are being reduced to mundane admin tasks that center around reviews and checking. Specific business challenges However, more needs to be done to contextualise GRC and its value to the business But by using the latest advancements in AI and machine learning, we can free these experts to work proactively, using data and insight to solve specific business challenges. To truly harness the potential for the next generation of technology, however, more needs to be done to contextualise GRC and its value to the business. We need to see a shift toward outcome-driven metrics that translate risk management into tangible operational impacts. Ensuring long-term success The idea is that by understanding the impact that certain risks might have on your bottom line, you can better understand where to invest your resources and what your security priorities should be. This way of thinking also creates a much clearer business case for GRC, one that embeds it within decision-making across the entire organisation. One thing that’s clear is that the future of GRC exists at the intersection between technology and expertise. In order to achieve desired outcomes faster, and with greater confidence, organisations will need to combine the automation and AI capabilities of the latest software with world-class insight in order to make decisions that ensure long-term success.