Process Trumps eGRC Software
Looking back at each of the cloud "fails" described here, there's not much argument that what they all share a common "root cause": a misalignment between Process-People-Technology-Culture. Cloud providers can overcome the challenges of scaling up to meet demand, the engineering expertise to grow massive cloud infrastructure is no longer a pioneering the frontier undertaking. But inherently, "scalling up" processes to a similar degree lags well behind engineering. The large eGRC vendors have all done a superb job of using the 'shinny new toy' trick on cloud service providers, lulling them into the false and dangerous miapprehension that 'data management" is the same thing as 'process maturity'. The rude awakening that AWS, Microsoft, IBM, and Verizon have coming is you can't 'scale up' process the way you scale up hardware and software infrastructure.
For example, take a core cloud service - Identity and Access Management. This is by far one of the most critical cloud services providers MUST get right. Yet eGRC tools, without exception, regardless of their dashboards, managment consoles, incident triggers, policy enforcement, and event monitoring solutions which are trumpeted loudly by eGRC vendors fail to mention there's nothing in their offering that can 'scale' this service in a engineering way because it depends exclusively on how a gievn organization's organic processes for identity and access works. Sidestepping the issue by shoe horning an organization's people down a NIST SP800-53 control baseline works only as a 'one size fits all' solution.