We find it essential to have risk decisions made collaboratively among technical security experts (us), general risk and control experts and business- and function-aligned non-specialists.
My POV: Cloud projects will not be judged on their technical merits or on hitting their go-live dates, but rather by how deeply they impact essential business-transformation initiatives, and by how much business value and opportunity they unlocked.