Securing the cloud, unlocking potential

Interview with Narcisse Vieira
Partner and Cloud Assurance Lead at PwC Switzerland

Article overview

Narcisse, how does cloud assurance create value for clients?
While cloud assurance is often seen as a compliance measure, its value goes far beyond that. It can also deliver significant cost efficiencies. With cloud services operating on a pay-as-you-go model, poor planning and governance can lead to paying for unused resources. For cloud to be a driver of business growth, its impact should be both measurable and controllable. Cloud assurance helps clients optimise cloud usage, avoid waste and improve operational efficiency. This not only ensures compliance but also increases profitability and supports long-term business success.

Is cloud assurance therefore a critical component of cloud adoption?
Cloud assurance is essential because businesses today rely on the flexibility, scalability and agility of the cloud to stay competitive. It enables organisations to adopt new technologies and respond swiftly to market demands, all while ensuring that their cloud environments remain secure, compliant and reliable.

What makes the cloud such a game-changer?
The cloud is fundamentally transforming the way businesses manage IT by eliminating reliance on legacy infrastructure and the constraints of their own data centres. The cloud enables resource sharing and provides on-demand scalability, sufficient power for advanced technologies such as AI, and unmatched agility to adapt to changing needs. These capabilities make the cloud a cornerstone for innovation and growth.

What role does trust play in cloud adoption?
Trust is fundamental to cloud adoption, as businesses store critical digital assets – such as financial data, customer information, and manufacturing methods – beyond their own premises. This creates a dual need for assurance: internally, to protect and manage data responsibly, and externally, to meet regulatory requirements, especially in industries such as banking and insurance. Companies need guarantees from cloud providers about the security measures and controls in place, often backed up by external audits and reports. However, trust doesn’t end with the provider; under the shared responsibility model, businesses remain responsible for ensuring that their providers meet the required standards to manage their risks and verify compliance. Companies must clearly define responsibilities, understand which risks fall under their purview and verify that their providers are fulfilling their obligations.

Do Swiss businesses have special needs when it comes to cloud assurance?
In Switzerland, cloud assurance is crucial due to stringent data privacy laws, which for some industries require that data be stored either within Switzerland or the EU. This presents unique challenges, as many of the largest cloud providers, such as Amazon, Microsoft and Google, have their global headquarters in the United States. When using these services, it can be difficult for companies to verify exactly where their data – and its backups – are stored. While many US cloud providers have established data centres in Switzerland, concerns persist that data copies may be located outside Switzerland. This raises risks, such as the possibility of data being accessed by foreign governments due to legal obligations such as the US CLOUD Act – potentially in violation of banking secrecy or other regulatory requirements. These concerns are especially important for industries such as banking, pharma and biotech, which handle highly sensitive data.

How can these issues be addressed?
Swiss companies need to ensure that their use of the cloud complies with regulatory requirements and that there are no unauthorised copies of data outside permitted jurisdictions. Achieving this level of assurance often means relying on contracts with cloud providers and careful monitoring to maintain compliance and protect sensitive information.

How do your clients manage the challenges of cloud assurance?
Clients operating in highly regulated environments, such as FINMA-regulated banks, often rely on our assurance support to ensure compliance and manage risks effectively. For these organisations, meeting strict regulatory requirements is non-negotiable, and we help them to navigate these complexities with tailored solutions.

And what about clients who are not so strictly regulated?
For clients outside highly regulated sectors, the situation is different – they aren’t compelled by regulators to implement specific measures. However, they still face potential issues associated with using the cloud, such as data location, access controls, or shared responsibility models. Our role is to raise awareness of these risks and the need to manage them proactively. PwC Advisory supports clients in developing cloud strategies and implementing cloud solutions to enable them to achieve a seamless, risk-managed cloud transformation. Cloud assurance complements these ‘move to the cloud’ services by ensuring a secure, compliant and efficient transition.

Can you share success stories of how clients have benefited from cloud assurance?
One example is when audit clients involve us in their cloud transformation at an early stage. This proactive approach ensures that technical, regulatory and operational requirements are addressed upfront, providing early assurance and confidence ahead of the audit. For non-audit clients, we help to develop cloud strategies, select providers and software, and implement solutions. By ensuring that security, compliance and regulatory standards are met, clients can report confidently to stakeholders and achieve a smooth, trusted transition to the cloud. By ticking all these boxes, they build trust with their stakeholders.

Have you gained valuable insights from challenging situations?
Absolutely – in three words: listen, listen, listen. Every project comes with its own unique challenges and one of the key lessons learned is that there is no universal playbook for all clients. Each situation is different, as are the people and the specific needs of each organisation. The most important lesson is to put yourself in the client’s shoes. Walking alongside the client, listening carefully and taking the time to really understand their perspective and challenges is essential.

What is most important to you personally when it comes to cloud assurance?
For me, it’s not the cloud technology itself, but what it enables: efficiency, flexibility and convenience in everyday life. Whether it’s seamlessly streaming Netflix or buying a train ticket on the go, the cloud is an enabler. What truly matters is helping clients securely harness the potential of the cloud, ensuring trust, compliance and efficiency, while empowering them to innovate safely. Being part of that journey is what I find most rewarding.