Free Cloud Security Spotlight helps organisations manage the threat upsurge

Nordcloud – the European leader in cloud services – has launched a new assessment to help companies address unidentified information security vulnerabilities in the cloud. 

The new assessment is a free service for IT and data security leaders. 

The assessment answers 2 fundamental questions facing IT leaders and their teams:

  • “How do we know if we’re doing enough on cloud information security?”
  • “What aren’t we doing that we should be?”

It has 3 components that address these issues and help secure investment for enhanced security:

  • Validating your public cloud information security controls against a best-practice framework covering technical, operations, architecture and governance considerations
  • Showing holistically where your blind spots are
  • Providing you with a short business case presentation you can take to stakeholders – summarising your position, what it means from a risk perspective and what those risks could cost the business if not addressed

The coronavirus pandemic has exacerbated information security risks

Nordcloud has launched this service in light of increased threats during the coronavirus pandemic.

Jan Kritz, Nordcloud CEO, said: “People tend to assume their information is secure, but breaches can happen to anyone. There’s been a 400%+ uplift in attacks since the start of the pandemic, with risks increasing due to remote working and other changes.” 

“As risks and risk models change, companies must ensure their information security models have evolved appropriately. But the problem with validating that is: you don’t know what you don’t know. This new assessment shows you the blind spots with your cloud security and gives you tools for negotiating the resources needed to address them,” Jan continued.

Organic cloud adoption means many organisations are more vulnerable than they think

Ilja Summala, Nordcloud CTO, said: “With so many companies, cloud adoption has been organic. Information security protocols are in place, but a small security and governance team ends up fighting to maintain control as the rest of the organisation leverages the agility and flexibility you get with the cloud. Faster public cloud adoption, partially driven by coronavirus-related changes to working practices, has made control more complex. 

“The Cloud Security Spotlight helps you seize the control you need – and gives you a business case for embedding more automated and principle-based approaches to information security risk management.”

The Cloud Security Spotlight is a springboard for enabling innovation while maintaining the right controls

Ilja added: “Companies are having to shift to an approach that considers security by design with a cloud-native mindset. This enables you to innovate quickly with peace of mind the right controls are in place. The assessment is a springboard for enabling this.”

“For example, your cloud data foundation can centralise access and privacy controls for data integrations. A managed DevOps tooling service makes it easy to integrate security tools, with DevSecOps enabling secure development pipelines. A cloud landing zone enables secure delegation of authority and infrastructure to developer teams. And automation and tooling take the pressure off of teams while reducing the risk of human error. That way, as you leverage the cloud, you’re integrating security into your entire digitalisation lifecycle and journey,” Ilja continued.

The Cloud Security Spotlight is an assessment designed for business at all levels of cloud maturity – from initial migrations and cloud foundations through to application development and multi-cloud deployments. The output presentation is designed to help IT leaders secure investment for enhanced information security.

Book your free Cloud Security Spotlight

Notes for Editors

Nordcloud is a European leader in cloud migration, application modernisation, managed services and training. We’re recognised by Gartner and are one of the few providers triple-certified across Microsoft Azure, Google Cloud Platform and Amazon Web Services. With a 100% cloud heritage, we’re known for tools and methodologies that empower teams and help businesses get better, faster results from the cloud.

Learn more at

Get in Touch.

Let’s discuss how we can help with your cloud journey. Our experts are standing by to talk about your migration, modernisation, development and skills challenges.

    Managed Cloud Migration – Where fast IT means even faster time to value

    As a leader in the industry we get approached with a really wide variety of RFP requests for cloud migrations and management. Yet there’s a real trend appearing in cloud computing migration strategy. While a simple lift and shift of existing infrastructure and the current operating model remain at the core, many of these businesses are now putting a premium on building  speed, agility and new capabilities into customers’ IT environment. I believe that IT leaders in many ‘traditional’ – (e.g. not pure software/technology) companies –  have now realised how their more agile peers are leveraging cloud for operational speed and application modernization. Understandably they want to see the same benefits for their businesses too.

    So what does this mean in practice? 

    IT speed is fundamentally delivered by delegated decision authority, automation of operations, effective controls and the ability to leverage PaaS offerings from the public cloud vendor.

    So when application teams are able to test, select and implement the right technologies and solutions without excessive coordination with the infrastructure, network and architecture teams can then easily adapt technology to an agile, empowered way. This means they can be fully responsible for their deliveries.  When Nordcloud migrates customers to the public cloud we make sure automated guardrails are in place so that delegation and low coordination still keep costs in check and the environment secure. For example, In practical terms our fully automated landing zone solutions for AWS, Azure and GCP, enable delivery of standardised, secured, networked and identity integrated environments in hours not days. Instant access to a well designed cloud environment with necessary connectivity enables application teams to start working straight away.

    What role should automation play in your cloud migration methods?

    Environment automation is not enough. Smart IT leaders are demanding automation throughout  the entire lifecycle of an application. Building, testing and securing applications with tools like Azure DevOps or GitHub takes automation and hence repeatability and reliability to a new level. Containers are making automation available to legacy applications too. Nordcloud has built managed foundation solutions for both Azure DevOps and Kubernetes in order to significantly speed up and expand adoption of devops practices and application modernisation.

    Fast, distributed IT also requires that the managed services provider makes it easy to automate provisioning and configuration of their toolset to manage things like data protection, patching, monitoring and so on. If the application team deploys with automation they should be able to configure back-up automatically as well. This is how we built our managed services offering.

    Security remains a key consideration for a fast cloud computing migration strategy

    The public cloud now runs all workloads including the most critical ones at heart of companies operations and data. Enabling fast IT requires appropriate security controls are in place and that information security assurance does not hinder but enables applications. As a customer you will need a partner that can guide you in your security objectives and implement required security related services from securing code, kubernetes, PaaS, hosts, cloud networks and applications. This is a quickly developing area with a large 3rd party technology ecosystem. Nordcloud has built security framework that simplifies both governing and managing security in the cloud.

    Cloud migrations, especially lift and shift, are often seen as an act of changing the hosting arrangements but replicating the same operational mess you have on premise. This does need to be so if you choose the right partner. Enterprises can now build significant new capabilities in infrastructure automation, devops, software and application lifecycle automation, and security. When these capabilities are combined with powerful public cloud data tools, application modernisation also becomes cheaper and faster.

    How can you drive faster time to value with your cloud migration?

    Check out our latest Managed Cloud Migration Solution.

    Get in Touch.

    Let’s discuss how we can help with your cloud journey. Our experts are standing by to talk about your migration, modernisation, development and skills challenges.

      Migration Strategies Compared: Traditional System Integrator vs Cloud-native Partner

      In the current environment, IT projects need to tick 2 boxes: cost savings and value delivery. Cloud migration ticks both – when you have the right strategy and partner supporting your end-to-end cloud migration approach. Here, we analyse 3 elements driving cloud success:

      • Automation – which is key to achieving cost savings and agility with cloud
      • Operating models and governance – which are key to speeding up time to market and deriving long-term value with cloud
      • Cloud managed services – because your approach to managed services is key to maximise cost savings and innovation delivery post-migration

      In this article, we review the cost and value implications of working with a traditional SI vs a cloud-native provider, and how it affects these 3 elements of your cloud migration strategy.

      Automation – key to cost savings and agility

      Data centre migration to the cloud is often simplified into a binary choice. Either you lift-and-shift everything, retaining existing inefficiencies. Or you go through an expensive transformation initiative to untangle your complex digital and data estate. This is a false choice. It’s possible to achieve a fast data centre exit while future-proofing your architecture and reducing technical debt. But automation is crucial to this, so you must start by qualifying partners based on their ability to automate. 

      Traditional SI & automation

      A traditional SI typically has less than 10% public cloud workload penetration. This means their processes are optimised for manual, legacy data centre-type delivery (because they’re geared towards delivering for the 90% on-premises). There’s little to no established automation capability, and it can take months to get it in place. As a result, it’s easy to end up with a lengthy transformation consultancy initiative. Migration itself requires time-consuming customisation, and managed services are ticket-based. 

      Cloud-native provider & automation

      A cloud-native provider has 100% workloads in public cloud. They have established, automation-driven tools and processes to speed up migration, host operations and managed services. This includes everything from mature automated landing zones to patch and back-up automation. 

      There’s no need for an expensive planning process because you can do a tool-driven review to develop the business case and roadmap. As a benchmark, we deliver a TCO assessment within 2 weeks and a recommended migration approach within 4 weeks, so there’s no analysis paralysis.

      Thanks to automation, you can have a fixed-price migration instead of a budget based on hourly cost (giving you more control and transparency). An experienced infrastructure automation person is 10x more productive than a legacy counterpart. And all this means you see savings and ROI faster.

      Operating models and governance – key to fast time-to-market and long-term value

      27.5% of companies say their number one modernisation challenge is accelerating development cycle times. And only 15% can push code into production weekly or more frequently.  Migrating to cloud can speed up time to market for new features and capabilities, thanks to flexible architecture and faster development cycles. But it has to be more than just a hosting change. 

      Cloud is a foundation for new ways of working (agile/DevOps). Without cloud-enabled operating and governance models in place, you won’t maximise the cost and value benefits from migration.

      The traditional SI approach

      Too often, the SI migration approach is focused on a lift and shift, cloud migration strategy, retaining legacy inefficiencies. You end up using cloud primarily for capacity, with teams continuing with old ways of working. This means you’re missing opportunities for cost savings and value creation. As a result:

      • You’re not fully optimising consumption, which drives up TCO
      • Your application and data estate haven’t been optimised for cloud, which can lead to higher ongoing management costs
      • You don’t have the culture and processes in place to speed up development cycles, which means you have the opportunity cost associated with slower times to market

      The cloud-native approach

      A cloud-native provider helps you migrate to modernise, with the right operating and governance models embedded from the beginning. You exit your data centre in the way that’s right for your business, with an efficient roadmap for refactoring and replatforming to maximise cloud benefits for your infrastructure, application and data estate. 

      Knowledge transfer and upskilling are built into the process, so your organisation can quickly prepare for cloud and benefit from a Cloud Centre of Excellence. Teams are engaged with and nurtured through the transformation, creating a bridge for your traditional infra people and giving you a foundation for driving sustainable value. 

      Because you have this robust foundation of operating model and governance, you can scale out quickly and cost-effectively, as well as respond flexibly to changing customer requirements.

      Cloud managed services – key to cost savings and innovation velocity

      Once you’re up and running on cloud, you face 3 different cost types:

      • The cost of use – the cost to run the systems, incorporating capacity, development and support
      • The cost of unavailability – from service instability to security breaches, these are costs of not running systems as desired
      • The cost of inflexibility – the real and opportunity costs incurred when systems can’t keep up with changing needs

      Traditional SI managed services approach

      An on-premises managed services approach doesn’t translate to the cloud when it comes to managing these costs. The traditional SI managed service model penalises downtime, which effectively disincentivises changes and stifles innovation. It’s ticket-based and generally involves outsourcing, which means teams don’t have enough control to deliver true innovation ongoing. 

      A cloud managed services approach

      Cloud-native managed services are designed to minimise costs of use, unavailability and inflexibility – and to free teams to focus on delivering customer value. 

      • There’s no vendor lock-in, long contracts, enforced software or minimum requirements beyond the service
      • You benefit from scalability on demand, so your service model reflects the way you use cloud – optimising capacity and performance
      • By maximising use of PaaS and automation, you reduce support costs, increase resilience and boost development
      • There’s partner integration with your internal teams – using DevOps and agile to accelerate innovation velocity.
      Fig 1: How do the 2 approaches match up

      Be recognised for driving a successful cost saving and value creation initiative

      When you have the right approach to automation, operating models, governance and managed services, your cloud migration will maximise savings, future-proof your architecture, reduce ongoing technical debt and drive business value.

      The key: having a cloud-native partner that’s the right fit for your objectives, digital maturity and culture. That way, you have a compass guiding you through the migration journey, helping you avoid pitfalls that cause unnecessary cost, delay and risk.

      The result: a cloud migration that delivers the cost savings, agility, speed and innovation velocity the business needs – over the short and long term.

      What next?

      Download our Data centre migration guide: 7 false assumptions that cause unnecessary cost, delay and risk.

      Get in Touch.

      Let’s discuss how we can help with your cloud journey. Our experts are standing by to talk about your migration, modernisation, development and skills challenges.

        On the right track in Gartner’s Magic Quadrant for the MSP Journey



        Some good news this week to warm the heart in this (still chilly) springtime; Gartner, the international research and advisory firm, has placed Nordcloud in its Magic Quadrant for MSP for the second year running.

        It’s something that my very talented colleagues can take pride in. Many dedicated and hard-working Nordcloud people have brought us to this point, we’re blessed with a wealth of specialist expertise, and this is a good moment to express my thanks and admiration for all that they do.

        No judgement from Gartner is ever an endorsement but it is a sign that shows Nordcloud is on the right track. Such recognition isn’t the destination, but it is a way-marker on the road; one of those things we make a note of as we continue on our path.

        So what is the destination?

        There are plenty of companies that trumpet that they want to be the world’s greatest, and of course we all have our dreams. But you can’t chart a course by dreams. I prefer to look to the horizon, however far, and make for a destination that is real and realisable.

        Nordcloud is already the go-to company for native cloud services and application development right across the Nordic region. We’re the market leader. We want to extend that position throughout selected European countries. And we have a growing presence right across the continent. Last December, Deloitte ranked us the fastest growing company in our field in Europe, the Middle East and Africa.

        That is broadly the where, but equally important is the how. Without wishing to be either complacent or smug we have most of the how in place.

        Local knowledge, full stack-provision and proactive partnerships

        Firstly, as we expand, it means establishing skilled local teams in every territory in which we operate supported when applicable by experienced colleagues abroad. Of course, we might expand faster if we took shortcuts and just ran everything from a central support centre, but that’s not the Nordcloud way.

        Local knowledge is vital. It’s not just ensuring that customers can talk to someone in their own language, it means having local knowledge of the business and regulatory environment. It means being able to go and work alongside our customers whenever that will produce a better result. So our expansion will necessarily be measured and deliberate so that every Nordcloud customer knows that we’re there for them.

        Secondly, it’s about full-stack provision. Not only do we help businesses move to the cloud, we help them make a success of it. We can offer a full range of options from making their existing apps cloudy to building native: new, better ones that take full advantage of the cloud.

        Lastly, it’s about partnership; proactive partnership. Whether that’s deploying our expertise to guide customers through the range of cloud options on offer, single or multi-, or looking for ways to improve on software, or keeping our eyes peeled for business opportunities for them, we want to be a formidable ally for everyone we work with, including our partners Microsoft, AWS and Google.

        Our goal must be to help all our customers and partners to be their best selves and to help them beat the competition, through new and better apps. And in helping them reach their destinations, we’ll reach ours.

        Get in Touch.

        Let’s discuss how we can help with your cloud journey. Our experts are standing by to talk about your migration, modernisation, development and skills challenges.

          How the cloud is changing the IT sourcing game



          Five years ago, the cloud was comprised of three components; compute, network, and storage. Hence, when you compared the cloud to legacy hosting arrangements the main difference was that cloud operated a pay-per-use/pay-as-you-go model with instant capacity. From a services perspective, it was essentially the same as a virtual environment. Today, the cloud means value added services on top of the IaaS layer, and there are only three players with a complete offering: Amazon Web Services, Google Cloud Platform, and Microsoft Azure.

          The big three cloud players are all solving horizontal IT problems with services ranging from databases, data warehousing, mobile push notifications, and IoT solutions. Companies leverage these services to get their products to their customers faster and to reduce project and support costs. New services are also introduced each month – all with the same billing and security framework. Today, all hosting providers are competing simultaneously with AWS, Azure and Google, which creates an element of risk in long-term hosting contracts.

          What implication does this have on cloud-sourcing?

          It is important to ensure that hosting and cloud sourcing arrangements do not prevent your ability to leverage the cloud to the maximum. Traditional outsourcing is often done in a way that creates a deep frozen environment that responds very slowly to changing business requests – that is why digital transformation quite often starts as shadow IT. Therefore, any cloud RFP should consider a breadth of cloud services, support for DevOps and self-service, separate cost models for capacity and support services, as well as proven capability to increase IT productivity with the cloud.

          Additionally, the delivery of commercial software is changing. Increasingly the software is delivered as service in IaaS, such as an MS SQL server in Azure and Amazon. Cloud vendors also have marketplaces which provide pay per hour licensing models for a growing number of ISV software as preconfigured images. This reduces the cost of buying as there is no license management and pricing negotiations to worry about, but it requires the IT organisation to ensure the necessary spend controls.

          The cloud is changing the IT sourcing game and we’ll be having a series of events that will explore this topic in more detail. If you would like to learn more on cloud-sourcing best practices or our future events, then please contact us and a member of the Nordcloud team will get back to you shortly.

          Get in Touch.

          Let’s discuss how we can help with your cloud journey. Our experts are standing by to talk about your migration, modernisation, development and skills challenges.