Home Content Hub Hybrid cloud: How to balance risk, compliance and innovation

Hybrid cloud: How to balance risk, compliance and innovation.

18 December 2025 6 min read Blog Post
Table of Contents
  1. What Is hybrid? 
  2. When do you need hybrid? 
  3. How does hybrid affect the organisation? 
  4. Get the Digital Sovereignty Roadmap
  5. Is hybrid expensive? 
  6. How to get hybrid right 
  7. Bottom line: Hybrid isn’t a one-size-fits-all solution 

Hybrid is more than a buzzword, it’s a strategic approach to IT that helps organisations balance flexibility, security and innovation. But what does ‘hybrid’ really mean, and why should you care? 

What Is hybrid? 

In simple terms, a hybrid environment is a computing environment that integrates more than one infrastructure service. In practice, this means using 2 or more distinct ecosystems to deliver value. These ecosystems can include: 

  • Private data centre 
  • Co-location data centre 
  • Shared data centre capacity 
  • Sovereign cloud 
  • One or more cloud providers 

Any combination of these is hybrid. When multiple cloud service providers (CSPs) are involved, it’s called hybrid cloud. In some cases like when not all services are available in all regions, even using multiple regions within the same CSP can be considered hybrid. 

When do you need hybrid? 

There are both push and pull factors driving the need for hybrid. Risk mitigation often triggers the need for hybrid, whether it’s about mitigating security, compliance, operational or commercial risks. As the organisation looks to new markets, partners, innovations and data, hybrid can help enable growth.  

  • Cloud-native businesses: Many new companies can go all-in on cloud if regulations and security policies allow. They might still choose multiple vendors for functionality, resilience or to avoid vendor lock-in, and this is regarded as hybrid. 
  • Established enterprises: Years of ICT evolution mean mixed technologies and a complex landscape. There may be technical debt that needs to be minimised in a controlled way, where not everything can be moved to a single tech stack. This  requires a hybrid set-up to manage underlying requirements and reduce operational risk. 
  • Regulated industries: Organisations responsible for regulated data should consider hybrid set-ups because the portion of applications and services that handle, store or transfer regulated data need distinct controls and security measures from other elements of the ecosystem. Handling sensitive data often requires strict controls – from physical security to encryption and key management. Hybrid enables compliance without sacrificing agility. 

How does hybrid affect the organisation? 

Let’s look at this across 3 levels: 

  • Strategic level: This requires accounting for the requirements and possibilities for all "platforms" in use. It’s worth defining architectural guidelines, security requirements, budgets and procurement principles in alignment with the business strategy and available partners/tech. 
  • Tactical level: The main function is to organise and guide strategic-level decisions, including providing a feedback loop between the strategic and operational levels. So it's about translating the strategy into actionable plans, including security guardrails, architecture standards, training, management, FinOps and governance in line with the chosen platforms and tech. 
  • Operational level: This level is about keeping systems running smoothly. It requires clear definitions from the tactical level, along with the capability to run a hybrid environment. Usually existing teams are used, upskilled and extended to meet requirements.  

It’s worth noting that not everything across these 3 levels needs to be handled in-house as long as the organisation maintains strategic ownership. Many outsource elements of this capability stack, with partners brought in to support with different elements of transformation, operating model definition, operations and management. 

Get the Digital Sovereignty Roadmap.

From uncertainty to control – a best-practice approach to planning your sovereignty journey.

Is hybrid expensive? 

The short answer: it depends. Hybrid is usually more costly than a single tech stack, but that cost must be weighed against the risks you’re mitigating. Hybrid can also be a vehicle to reduce cost, moving from an on-premises data centre to a native pay-as-you-go cloud solution. Establishing FinOps will help you control costs. 

You should never choose technologies, architectures or partners without an evidence-based risk analysis.  Without it, you risk overspending or falling short on compliance. 

How to get hybrid right 

1. Define the principles 

To define principles at a strategic level 

  • Define the needs from a strategic point of view, because everything should be based on needs, not wants 
  • Understand the roadmap for your existing landscape and upcoming changes  
  • Find out what you don't know 

2. Build architecture to support the principles 

You need the ability to translate principles and roadmaps into a ‘bank’ of solutions and roadmaps that are recommended (or enforced) for use. 

Architecture is key here. With standardised solutions, you can simplify the landscape, making it easier and cheaper to manage and operate – all this while being able to support the strategic-level requirements.  

3. Evolve the operating model 

You need a foundation that includes architecture, security, operational tools and management. Then, you should take an iterative approach to developing the operating model, because you don't need every function from the start.  

It's important to understand that the operating model will never be finished. Think of it like software. Version 1.0 is functional and based on requirements at that time. Over time, it evolves. As long as the foundation is modular (functions have clear interfaces and roles), evolution doesn't require revamping the entire model. 

4. Choose the right organisational setup 

We recommend an iterative mapping process that involves the following steps: 

  • Map the outcomes that have to be delivered and when. 
  • Map the outcomes to functions 
  • Map the capabilities needed within each function to deliver the outcomes 
  • Identify the capability gaps within the organisation and partner landscape  

This helps you plan the future set-up and how to get there, based on needs and evidence.  

Bottom line: Hybrid isn’t a one-size-fits-all solution 

It’s a tailored approach that must balance risk, compliance and innovation. Done right, it gives you the flexibility to adapt and thrive in a fast-changing digital landscape. Contact us using the form below for more insight on refining a hybrid approach. 

Jari LietzenLinkedInSenior Cloud Advisor
Related topics
BlogDigital SovereigntyDigital TransformationManaged CloudMigration and ModernisationSecurityTransformation Strategy
Related content
Share

Related content.

Sovereign cloud: Should you consider it (and for what use cases)?
Blog • 5 min read

Sovereign cloud: Should you consider it (and for what use cases)?

Sovereign cloud is a fast-moving area in light of the current policy environment. Get tips on when to consider it in your hybrid decision making.

More details
Navigating EU AI Act compliance: Which scenario(s) are you?
Blog • 7 min read

Navigating EU AI Act compliance: Which scenario(s) are you?

Get an overview of what’s required to comply with EU AI requirements, along with roadmap steps.

More details
From Infrastructure to AI: Webinar
Video • 0:44 runtime

From Infrastructure to AI: Webinar

This webinar dives into real-world examples, so you’ll see exactly what’s possible when modernisation’s done right, and the practical benefits it can bring. 

More details
Delivering GenAI at scale across an organisation: FAQs
Infographic • 5 min read

Delivering GenAI at scale across an organisation: FAQs

Learn how to overcome common scaling challenges when adopting GenAI at enterprise level – courtesy of NIBC Bank, Microsoft and Nordcloud experts.

More details
3 trench stories from the front line of IT support model transformation
Blog • 3 min read

3 trench stories from the front line of IT support model transformation

We’ve been writing a lot recently about Day 2 digital transformation challenges and how they create ops headaches for IT....

More details

Let’s discuss how we can help with your cloud journey.

Our experts are standing by to talk about your migration, modernisation, development and skills challenges.

Jari has a 30+ year experience in holistically managing & transforming tactical, critical and strategic customers. He has practical experience from multiple industries, advising on business continuity, sovereignty, security of supply, target operating models, migrations, consolidations.
Jari Lietzen LinkedIn
Senior Cloud Advisor
Scroll to top