Public, private or dedicated cloud, IaaS*, PaaS*, SaaS*, public cloud based in the US or China? behind the word "cloud" lies an array of very different value propositions.

With so many solutions available, the landscape is more complex than ever, but it also offers a wealth of opportunities for each organisation to build a cloud strategy that’s tailored to its exact needs and risks. The overarching objective is to make the most of the technology available while guaranteeing just the right levels of data security and independence for each organisation.

There’s a basic paradox in the relationship between the digital transformation and the cloud: information systems are increasingly open to the world and therefore potentially more vulnerable, while at the same time they’re generating ever greater volumes of data of ever increasing value.

Not all data is equal, and it doesn't all require the same level of protection. Some data is so important that it may be unwise to entrust it to a cloud provider at all. Let it be said that no encryption solution that exists today can fully protect data from the cloud provider itself.

Data sovereignty, i.e. an individual organisation's sovereignty over its data, is a major issue. The first step to take in developing a cloud strategy is to classify data according to its level of sensitivity. Based on that analysis, applications and data can be spread across a dedicated cloud, a private cloud and one or more public cloud providers, and technical and operational security measures can be put in place for each major category of data.

Adopting a multi-cloud strategy is a way to ensure data sovereignty and maintain a degree of independence with respect to the solutions available on the market.

Your move-to-cloud strategy in five steps

• Implement solutions that facilitate hybridisation between cloud environments and with legacy infrastructure.

• Strengthen network capabilities and security so that external cloud solutions can be integrated.

• Use multi-cloud management tools with the ability to manage the technical complexity and financial aspects of cloud consumption.

• Adopt a DevSecOps approach with a complete set of tools for automated development, functional tests, security, integration and release.

• Importantly, this kind of multi-cloud software factory must make it possible to develop applications independently of any single cloud provider.

• Above all, agility must never be achieved at the expense of cybersecurity, which should be natively integrated at application level.

The cloud is clearly one of the main drivers of the digital economy, but users must be able to trust the security and confidentiality of their data.

Because there can be no digital transformation without trust, no trust without security!