CloudGate – Compliance and Risk Management for Cloud Applications
RegTech solution for IT governance, risk & compliance, and third-party management
CloudGate is the innovative SaaS solution that enables you to efficiently and effectively fulfill your legal and regulatory obligations for your third-party ICT purchases.
With CloudGate, you can ensure your compliance in outsourcing management and in accordance with the Digital Operational Resilience Act (DORA) – whether it's managed services, cloud or AI services. CloudGate also allows you to perform assessments from an information security and data protection perspective in an audit-proof manner.
Product type: SaaS, Consulting
Provider: microfin Unternehmensberatung GmbH
Onboarding process for your third-party payments
The onboarding process covers risk assessment for various third-party procurement cases, whether they involve entire IaaS platforms, individual SaaS solutions, or managed services. In addition, aspects of information security, data protection, and compliance from other areas are also taken into account.
The process facilitates the identification, assessment, and management of risks in third-party procurement. CloudGate supports your company with automated workflows and predefined, easily customizable checklists. Use cases are managed and kept compliant during onboarding and throughout the entire life cycle.
Compliance & revision security
Third-party reference cases are checked using predefined checklists. As a customer, you can also store your own checklists or combine them with the predefined lists. microfin provides extensive checklists, e.g., BSI C5:2025 and, especially for banks and insurance companies, checklists according to DORA, AI Act, VAG, MaGo, EBA, KWG, and MaRisk. The checklists are regularly updated by microfin so that you always remain up to date.
CloudGate also ensures a complete history of case processing. The individual review and approval activities are continuously logged for each role. All cases and reports can be exported at any time. Recurring review tasks can be assigned a reminder function and are available at any time in the cockpit/dashboard.
Report important outsourcing or spin-offs via the integrated and audit-proof logged interface to the BaFin reporting and publication platform.
Risk management
Risk analyses with predefined checklists enable diligence and facilitate the identification of risks.
Identified risks are assigned mitigation measures, the implementation of which is tracked over time. These can range from technical measures to risk acceptances by management, which are assigned an expiration date.
A central service registry, case-related risk reports, and status overviews of mitigation measures guarantee an overview at all times. Customer-specific applications, e.g., for procurement processes, requirements management, or risk management, can be easily connected to CloudGate via a REST API. This avoids redundant data entry in different applications.
User concept
A role-based authorization concept enables efficient management of access permissions. User roles can be used to map (audit) tasks in individual areas of the company. Possible individual roles include product owner, cloud manager, legal, data protection, purchasing, information security, architecture, works council, and provider management, etc. Each user decides for themselves whether they want to work in German or English.
The need-to-know principle ensures that decisions on whether a resource can be accessed are made on the basis of assigned roles and organizational affiliation. Case-based directories provide easy access to third-party references. The implemented tagging system can be used to easily assign application areas, cost centers, or any other contexts.