Develop a cloud strategy in 3 steps

1. How do I define clear goals for the cloud?
2. What steps are involved in analysing the IT landscape?
3. How can you ensure a smooth cloud migration?
4. What security standards does a cloud strategy need?
5. What Misconceptions should you avoid when using the cloud?
6. Conclusion

The cloud is far more than an IT trend today. It is firmly part of corporate strategy. 

A clever cloud strategy makes teams more flexible, cuts costs, and helps respond quickly to changes. Because resources are used and paid for only when needed, IT remains lean. At the same time, the cloud enables cross-location collaboration, making it the ideal solution for hybrid and international teams. Those who use the cloud wisely become faster, more efficient, and more competitive.

According to the Lünendonk Study (2024), however, only 27 percent of companies consider themselves well positioned to carry out cloud-sourcing projects. Even though the benefits of the cloud are now hardly disputed, implementation in practice often varies widely. According to the Lünendonk study, IT landscapes are becoming increasingly diverse and complex. Depending on maturity level and objectives, companies choose very different strategies.

Thus, one in four companies now follows a cloud-only strategy. That means: IT infrastructure is consistently moved to the cloud. New applications are developed directly in the cloud, and existing systems are gradually migrated. Local data centers play hardly any role anymore. The goal is maximum flexibility and efficiency through a fully cloud‑based IT.

The cloud-first approach—the one currently pursued by around 34 percent of companies—is a bit more broadly positioned. Here, the rule is: for new projects, first check whether a cloud solution makes sense. The cloud is the preferred option but not the only one. If there are good reasons to continue operating certain systems locally or in a hybrid manner, that remains possible. This cloud‑first strategy combines innovation capability with pragmatism.

Almost as many companies—around 35 percent—follow a Cloud‑Too strategy. In this case, the existing IT landscape remains largely intact, with cloud services only added selectively, such as for specific applications, data analysis, or collaboration in distributed teams. This approach is well suited for companies that are still hesitant or cannot outsource everything due to regulatory requirements but still want to leverage the advantages of the cloud, such as through a multi‑cloud strategy, hybrid‑cloud strategy, or even a leading cloud‑native strategy.

Infobox:

• Multi‑Cloud Strategy: A company uses several different cloud providers at the same time, so it remains flexible and not dependent on just one.

• Hybrid‑Cloud Strategy: A company combines its own technology (e.g. servers in the office) with cloud services to get the best of both worlds.

• Cloud‑Native Strategy: Applications are built specifically for the cloud from the start so they run especially well, quickly and flexibly there.

Preferences in the enterprise landscape are therefore consistently heterogeneous, which can make developing your own cloud strategy more difficult. This is why a dedicated plan—a so-called cloud transformation strategy—is needed to help your company make meaningful use of cloud services. This plan should define which data and applications will be migrated to the cloud, which providers will be used (e.g. Microsoft for a Microsoft cloud strategy or SAP with an SAP cloud strategy), and how security, costs and data protection will be guaranteed.

How do I define clear goals for the cloud?

To define the goals of a cloud strategy, your company must systematically analyze which specific needs exist and how the cloud can contribute to achieving the overarching business objectives. The starting point is the company’s strategic orientation: Does it want to grow, digitize processes, expand internationally or respond faster to market changes? Next, operational pain points are identified, such as high IT costs, lack of scalability, outdated infrastructure or inefficient collaboration. Particularly valuable is the exchange with business units to find out where the need for cloud solutions is concrete. This results in a tailored plan to develop a cloud strategy and a concrete cloud migration strategy. To concretize the goals, it helps you to look at typical cloud applications that many companies already use.

• Google Workspace (with Gmail, Google Drive, Docs, Meet etc.) enables, for example, collaborative document work in real time, regardless of where employees are located.

• Microsoft OneDrive for Business is a cloud solution for storing, sharing, and editing files that is closely integrated with Microsoft 365 (Word, Excel, Teams).

• Those who place particular value on data protection and security often turn to Stackfield—a German platform for communication and project management strongly focused on data protection.

• Bitrix24 offers, on the other hand, a comprehensive solution with CRM, task management, and team communication—ideal for companies wanting to bundle their processes in one platform.

• For digital management of documents such as invoices, contracts or forms, d.velop sign—a cloud platform for modern document management—works well.

• Those who want particularly high control over their own data often use ownCloud—a flexible, often self-hosted solution that allows file sharing and storage in a private cloud.

Comparing these applications helps to recognize where the cloud can concretely support. From that should result clearly formulated and, if possible, measurable goals, such as reducing IT operating costs, shortening project timelines, increasing innovation speed or improving remote collaboration. These goals form the basis for all further decisions within your cloud strategy. If needed, a consulting firm or ERP consultancy can also be engaged. This can help you develop a customized cloud strategy tailored to your company’s goals and requirements.

What steps are involved in analysing the IT landscape?

In the next step, the existing IT landscape is examined in detail to determine which systems, data and business processes are suitable for cloud use. You check which applications are already cloud-capable and where adaptations may be necessary. Based on this analysis, clear requirements are then defined, for example how data protection regulations such as GDPR are to be complied with, which security measures are necessary, how flexible and scalable the solution must be, how well it integrates into existing systems, and how costs can be controlled. Then you select the appropriate cloud model:

• a public cloud, in which services are used via the Internet from an external provider.

• a private cloud operated exclusively for the company.

• a hybrid cloud strategy that combines both approaches.

• a multi‑cloud strategy in which multiple providers are used in parallel.

Another decisive factor is choosing a reliable cloud provider who is technologically cutting-edge and economically stable in the long term. Relationships with providers are, in addition to the strategy itself, a critical factor from technical support to long‑term collaboration. You never really know how things will develop (analogous to “new neighbors”). I recommend that, based on the developed strategy, you carefully weigh which provider is most likely to meet your own requirements in the long run. It helps to consider public reviews and ask for personal experiences.

Equally important is developing a comprehensive security and compliance concept that protects access to data, encrypts data and meets all legal requirements in order to minimize risks and build trust. Those who think about security and compliance from the first moment on develop a highly adaptive cloud strategy, through which internal corporate challenges can be addressed immediately and solution‑oriented.

How can you ensure a smooth cloud migration?

The subsequent cloud migration, i.e. the transfer of data, applications and processes to the cloud, should be carried out carefully and well planned, ideally step by step within the framework of a cloud transformation strategy, to minimize risks and ensure a smooth transition. It is important to define exactly which systems are moved first and how operations continue during the transition. But migration is not the end: the ongoing operation of the cloud environment requires continuous monitoring, to check performance and security, as well as ongoing optimizations to reduce costs and make use more efficient. Another decisive success factor is the involvement and training of employees. Only when your employees understand and can effectively use the new tools and processes does the cloud unfold its full potential. Through this holistic approach, your cloud becomes a real strategic advantage that sustainably strengthens innovation, flexibility and competitiveness in your company.

What security standards does a cloud strategy need?

A cloud strategy offers companies many advantages, including greater flexibility, scalability and cost efficiency, since IT resources can be used on demand and expensive in-house infrastructure can be avoided. It also facilitates location‑independent access to data and improves collaboration, while high security and compliance standards support the fulfillment of legal requirements. As great as the opportunities offered by the cloud are, it also brings risks that companies should keep in mind.

On one hand, there are legal challenges: If you work with sensitive data, you need to know exactly where it is stored and how it is protected. GDPR can become problematic if data ends up in regions that are not compliant with data protection. Also, the question of who actually has access to the data and who holds responsibility in case of an emergency should be clearly regulated in contracts. In heavily regulated industries—such as finance or healthcare—additional strict rules apply that must also be observed in the cloud.

On the other hand, there are technological risks that are often underestimated. If you rely too much on a single cloud provider, you become dependent and it may be very difficult to switch later. This can be costly and labor-intensive. Security is also central. Cloud systems must be well protected, otherwise there is a risk of data loss or external attacks. And even large cloud services can fail. Without backup or emergency plan, this can quickly cripple your operations. Likewise important is careful handling of data itself because even through misconfigurations or human errors a lot can go wrong.

In order to involve employees from the start, ensure successful migration, and establish and maintain security standards from the first minute, clear rules are needed. Whoever uses a cloud strategy—be it cloud-native strategy, multi-cloud strategy, hybrid-cloud strategy, or even in the context of a governmental cloud strategy—must be particularly aware of security aspects to protect corporate data and applications as best as possible. Technical measures should be combined with clear organizational processes to ensure a comprehensive level of security in the cloud. Six technical measures that you and your employees absolutely must know:

• Ensure access protection, meaning clear rules on who may access which data and systems, when and how—for example, through multi-factor authentication and role-based access rights.

• Pay attention to data encryption, both during transmission and storage, to protect data from unauthorized access. 

• Ensure that your cloud provider meets high security standards and conducts regular audits—for instance, in accordance with the requirements of the BSI C5 catalog.

• Take compliance requirements such as the GDPR into account to meet legal data protection obligations.

• Develop a backup and recovery plan to prevent data loss and to be able to act quickly in case of an emergency.

• Ensure continuous monitoring and attentive incident management to detect and address security incidents early.

Infobox:
The BSI C5 catalog is a kind of checklist from the German Federal Office for Information Security (BSI), specifying what cloud providers must consider to ensure their services are secure and trustworthy.

What Misconceptions should you avoid when using the cloud?

Whether startup or established company: avoiding typical mistakes in your cloud strategy not only saves time and money but also leads to more sustainable decisions! The following points show which misconceptions are particularly common and how you can do better yourself.

1. Different requirements of startups and established companies: Startups often want to get started quickly with lean teams and simple architectures and without compromising on security and compliance. They benefit from cloud-agnostic setups and managed services. Established companies, on the other hand, must analyze existing infrastructure, growth patterns and vulnerabilities, such as stability or legacy systems.

2. Cloud‑agnostic vs. vendor lock‑in: A cloud-agnostic setup offers flexibility when switching providers but brings complexity, higher resource requirements and limited access to specialized services. Managed services offer convenience and speed, but lead to dependency on the provider. Both can make sense—what matters is that you make a conscious choice.

3. Overengineering: teams often build for edge cases that never occur. Not every company needs maximum fail‑safety or extreme redundancy from day one.

4. Costs & hidden complexity: cloud pricing models are often detailed and sometimes opaque. For example, deploying highly available systems across multiple availability zones can quickly become expensive due to data transfer costs. Ask yourself always: Do we need this level of resilience just yet?

5. Ecological impact: large-scale cloud infrastructures consume enormous amounts of energy. Companies with sustainability goals may prefer providers with more eco-friendly data centers or lower CO₂ emissions.

Conclusion

The cloud is by no means a topic of the future anymore. It is an integral part of modern corporate reality. Many now recognize the potential: greater flexibility, better collaboration, lower costs. Yet the journey to the cloud is not always easy. Requirements are diverse, legal requirements must be met, and technological dependencies must be thoughtfully considered. In addition, organizational change—often accompanying the introduction of cloud solutions—is a major factor. Precisely for this reason, a clear, thoughtful strategy is necessary. Those who proceed step by step, define their own goals, honestly assess their IT landscape, and migrate purposefully lay the best foundation. Security and data protection issues should be included from the very start.

The cloud can provide much more than just computing power and storage. It enables new forms of collaboration, promotes innovation, and helps make business models future-proof. When used correctly, it turns from a technical tool into a strategic success factor.