Governance requires tools, at many levels. Business GRC, Continuous Controls Monitoring (CCM), Access Governance, SIEM, and other supporting tools have to be deployed. The obvious question is: Can an organization rely on cloud services for Governance? Governance as a Service? There are first offerings out there and we expect to see more. But will that really work? What has to be done internally, what can be externalized? Is it only the tool or will we have specialized people analyzing information and raising alerts, like it is the case with several other security services, especially around threat management? And won’t we end up with compliance issues when externalizing our governance somewhere to the cloud, having masses of sensitive and risk management-related data out there? The panel will discuss what we have today and how to make this work. It will talk about the requirements and borders of GaaS.