Cloud Assurance

We take your IT infrastructure securely to the cloud

Embed governance, security, and compliance into your cloud transformation

The cloud offers many benefits: greater efficiency, new digital revenue streams, rapid business synergies, improved customer experiences and smarter ways of working. It is essential for companies to automate, innovate and digitise their business. But while many organisations are making the move, few are positioned to fully realise the extraordinary promise of the cloud. Why is this?

Cloud is the driving force powering digital transformation today. The pace of change enabled by the cloud is far faster than with other technologies. But when you move your IT infrastructure to the cloud, you are handing over some of your security and responsibility to a third party. You need a clear strategy for governance, security, data access and compliance. We help you build trust in your strategy and get the most out of your digital transformation by enabling you to secure your cloud environment and meet your regulatory and/or statutory compliance requirements.

Contact us

PwC's 2023 Cloud Business Survey

78% of executives told us that their companies have implemented cloud technology across most or all areas of their business.

But moving to the cloud or running parts of your business in the cloud is not the same as being cloud-powered. Learn more about what this means in PwC’s 2023 Cloud Business Survey

What is Cloud assurance?

Cloud assurance is the process of ensuring that cloud-based systems and services are reliable, secure and compliant – and meet the needs of their users. Moving to the cloud changes the risk profile of an organisation, requiring them to reassess their environment to identify shifts in risks and define controls in response. It's not enough to rely on the cloud service provider to be solely responsible for controls. Any organisation consuming cloud services must consider how responsibilities are shared, based on the nature of the cloud services they consume, what risks are relevant to their environment and what residual risk needs to be addressed internally after considering the controls of the cloud service provider.

Aspects of cloud assurance include providing trust in the reliability, integrity, compliance, quality and effectiveness of controls of the cloud platforms and services used by an organisation. 

"What if Cloud Assurance wasn't a constraint, but a key enabler to accelerate your transformation?"

Narcisse VieiraDirector, Cloud Assurance, PwC Switzerland

What we offer you: Cloud security from data migration to third-party assurance

Whatever the stage of your cloud transformation – from preparation to implementation  to completion – and regardless of the cloud operating model you use, you are responsible for controlling the risks related to data handling, operations and identity and access management on the cloud. We can help you ensure your cloud solutions are secure and fit to operate in compliance with statutory and regulatory requirements. We deliver the trust you need concerning governance, compliance, security and resilience.

Getting assurance that cloud services are operating securely and in compliance with all statutory and regulatory requirements is essential to the successful use of cloud services 

Our three levers for cloud security are:

Are you ready for the cloud?

Get ready for the cloud.

Migrating your processes and data to the cloud presents many challenges. You need to look at the regulatory hurdles and ensure your provider is prepared. Statutory and regulatory requirements (e.g. ICS, Sarbanes-Oxley, GDPR ) need to be considered, as does the integration of legacy systems. Financial operations (FinOps) in the cloud require special attention to ensure your cloud spending aligns with your business objectives . Identifying and understanding the dependencies between all your application is key to identifying vulnerabilities and preventing disruptions in operations. Finally, new ways of working – strongly supported by the cloud – mean new security and operational requirements.

We assist you by:

  • assessing your governance and compliance readiness
  • assessing risks and recommending controls based on PwC’s cloud risk and compliance framework and other leading industry frameworks (e.g. SOX, NIST CSF, CSA CCM, ISO 27001, GDPR)
  • assessing your controls over records management and the data related to legacy systems
  • providing assurance over your cloud spendings (FinOps) (e.g. subscription deals, cloud usage)
  • assessing the dependencies between your applications and the related controls to protect you from critical business systems failures

How secure is your cloud environment? Are your controls designed to operate effectively?

Make sure your cloud environment is stable and compliant.

Once you operate in a cloud environment, hundreds of configurations affect your security posture. Misconfiguration can have serious consequences for a company. But checking these configurations and ensuring their safety is often very complex. You also need effectiveness reviews of automated and regular cloud controls as well as licence audits for your FinOps.

We support you:

  • by benchmarking and verifying compliance with various standards and best practices (NIST, CIS, ISO, etc.).
  • in standardising your controls and risks management, with the help of PwC’s uniform scoring system
  • in evaluating the security of your cloud environment and assessing third party (providers) risks management.
  • in gaining insights through our proprietary tool by continuously monitoring compliance with standards and requirements
  • in managing effectively privileges and access rights
  • in performing authorisation audits and providing recommendations for improvements

Are you managing all your third-party risks effectively?

Take charge of your cloud risks.

Moving to the cloud requires trust in the partner and platform hosting your solution – and puts third-party risks in the spotlight. Your partner may manage your data, but you are still responsible for any actions. You need to know. Has the provider installed the right level of controls and security? Do you have sufficient oversight of these controls? Is there a fit-for-purpose third-party risk management (TPRM) programme in place to protect your company's operations, brand and reputation?

We assist you by:

  • assessing and optimising your cloud security operations (CSOC)
  • providing governance, risk, and compliance (GRC) assessments
  • ensuring third-party resilience to cyber threats
  • delivering provider attestation readiness
  • developing business continuity, disaster recovery, and technical resilience solutions
  • increasing your resilience against common cloud threats to prevent disruptions and outages

Our strengths are your benefits

One-stop cloud service provider

Our broader Cloud Services team helps you define your cloud strategy, assists your cloud transformation or delivers independent assurance of your cloud security.

Tailored offerings across all industries

Our international PwC network allows us to pool all our technical, legal and business expertise and resources. Tools such as the 'Industry Cloud' accelerate your business outcomes with pre-built solutions. Cloud migration and cloud security, as part of your IaaS, PaaS and SaaS implementation, are among our core competencies.

Strong strategic alliance partners

Alliances with technology leaders enable us to bring platform-specific capabilities to the table. Hyperscalers, such as AWS, Microsoft and Google, provide cloud services and access at a global level.

Swiss Data protection compliance

Our partners also have data centres in Switzerland. This allows you to use cloud services that are fully compliant with Swiss data protection laws, for example in banking, insurance and pharma, where the protection of particularly sensitive personal data is especially strict.

Saving resources

New business drivers, such as sustainability, resource and capability constraints, may also be driving you to look for integrated cloud solutions. We can help you save resources, meet sustainability goals and improve your environmental footprint.

Reducing complexity

Cloud adaptation allows you to reduce the complexity of your processes and operations, and to create and implement new business models.

Frequently asked questions

Find the most commonly used terms and what they mean here:

SaaS – software applications over the internet

Software as a Service (SaaS) – or cloud application services – is the most widely used service in the cloud market. SaaS platforms make software available to users over the internet, usually for a monthly subscription fee. They are typically ready-to-use and accessible from any web browser, allowing businesses to skip any additional download or application installation – SaaS is delivered through the internet as a fully functional service. With SaaS, vendors manage the data, servers, and storage, ultimately streamlining business processes and reducing the need for IT review.

SaaS platforms are:

  • available over the internet
  • hosted by a third party on a remote server
  • ideal for small businesses or start-ups who cannot develop their own software applications
  • scalable, with different tiers for small, medium, and enterprise-level businesses
  • inclusive, offering security, compliance, and maintenance as part of the cost

PaaS – platform to build, deploy, and manage applications

Platform as a Service (PaaS) provides developers with a framework, software, and tools to build applications and software – all accessible over the internet. Often seen as a scaled-down version of IaaS, PaaS gives customers broader access to servers, storage, and networking, all managed by a third party. While PaaS delivery shares similarities with SaaS methods, the main difference is that customers access an online platform rather than online software. This platform allows software developers to focus on the software itself, rather than on external issues.

PaaS platforms are:

  • accessible by multiple users
  • scalable — customers can choose from different tiers of computing resources to suit the size of their business
  • built on virtualisation technology
  • easy to operate without extensive system administration skills

IaaS – virtualised computing resources

Infrastructure as a Service (IaaS) provides cloud-based computing resources to end-users as an alternative to on-premises infrastructure. This allows businesses to purchase resources on demand, rather than investing in costly hardware and managing it themselves. IaaS is scalable and offers greater flexibility than on-premises solutions. Typically, IaaS vendors deliver services such as pay-as-you-go storage, networking, and virtualisation, offering businesses cloud servers over the internet. This gives users full control of their computing infrastructure through an easy-to-use dashboard or API.

IaaS platforms are:

  • highly flexible and highly scalable
  • accessible by multiple users
  • cost-effective

Our strategic partnerships

We have established strategic partnerships with leading hyperscale cloud service providers to merge PwC's consulting, advisory, and assurance expertise with advanced cloud technology, empowering organisations to drive innovation, transformation, and growth. Together with our alliance partners we provide a wide range of services, including cloud strategy development, cloud migration, application modernisation, data analytics, cybersecurity, compliance, and assurance.

By leveraging advanced cloud capabilities such as artificial intelligence (AI), machine learning (ML), and Internet of Things (IoT), we help clients transform their businesses and unlock new opportunities for growth. Our deep industry knowledge and business acumen complement our partners’ technical expertise, enabling clients to adopt cloud-based solutions that are tailored to their specific business needs.

Start your cloud assurance journey with us today:

We look forward to hearing from you to discuss your specific challenges and needs.

Contact us

Narcisse Vieira

Director, Cloud Assurance, PwC Switzerland

+41 58 792 84 37