Cloud Transformation for Switzerland Your cloud, under your control

Digitalization is transforming the way Swiss government agencies, financial service providers, and healthcare organizations operate. Cloud computing is accelerating this transformation, enabling new business models, and providing the technological foundation for the use of artificial intelligence. Yet cloud decisions are now among the most critical architectural decisions any organization faces. They impact infrastructure, cost structures, security models, and long-term manageability in equal measure.

For you as a decision-maker, this raises questions that go far beyond technology: Where is your data stored? Who has access to it? And how do you ensure that your organization can still act independently tomorrow?

The revised Data Protection Act (DSG), the requirements of the Swiss Government Cloud, and industry-specific guidelines - such as circulars from the Swiss Financial Market Supervisory Authority (FINMA) or the Federal Act on the Surveillance of Postal and Telecommunications Traffic (BÜPF) - set the framework. Added to this is the U.S. Cloud Act: It requires U.S. providers to grant authorities access to data upon request - even if that data is stored in Switzerland. For organizations that handle particularly sensitive personal data or regulated information, digital sovereignty thus becomes a strategic necessity.

Ironforge helps you not only stay within these parameters but also turn them into a strategic advantage. A successful transformation can only be achieved by closely aligning your cloud strategy with your business and IT strategies.

What "digital sovereignty" means

“Digital sovereignty” is more than just a buzzword. For you, it means having full control over where your data is processed, who accesses it, and the legal framework governing your infrastructure. In practice, this means: no dependence on providers subject to the U.S. Cloud Act or similar extraterritorial access rights. No contracts that deprive you of an exit option in an emergency. And no architectural decisions that tie you to a single provider in the long term.

For public sector organizations—such as cantons, federal agencies, or state-affiliated entities—this is a matter of obligation: The Swiss Government Cloud defines clear guidelines for handling particularly sensitive data. In principle, particularly sensitive personal data and classified information may not be processed in public clouds within the public administration.

For regulated companies in the financial or healthcare sectors, it is a matter of both compliance and competitiveness: those who establish their infrastructure independently build trust with customers and reduce regulatory risks. Data processing across different jurisdictions requires transparency and consistent adherence to the respective data protection requirements.

Challenges Beyond Technology

You may be familiar with this scenario: Your organization uses cloud services, but no one has a complete overview of costs, contracts, and dependencies. The IT department works with one hyperscaler, while the business unit uses another. Governance issues are renegotiated on a project-by-project basis instead of being clearly defined once and for all.

This situation is not unique. Cloud adoption has evolved gradually in many Swiss organizations: individual applications were migrated, new solutions were built directly in the cloud, while existing systems continued to run. The result is hybrid landscapes with unclear objectives and increasing complexity. Regulatory requirements, outsourcing mandates, and internal control mechanisms all influence every decision.

Specifically, many organizations face the same questions:

• Architecture: Do you have a clear vision for your cloud landscape—or has it evolved incrementally without an overarching strategy?
• Dependencies: Do you know which applications depend on one another—and what a migration actually entails?
• Data sovereignty: Where exactly is your data processed—and can you verify this at any time?
• Regulatory Compliance: Does your current infrastructure meet the requirements of the DSG, FINMA, or BÜPF—not just on paper, but in actual operation?
• Vendor Lock-in: How difficult would it be to switch providers? Do you have a realistic exit strategy?
• Cost Control: Do you know what your cloud usage actually costs—and where there is potential for savings?
• Governance: Are there binding rules for managing cloud resources that apply across all departments?
• Cybersecurity: The increasing interconnection of IT systems and cloud services expands the attack surface - are your security measures designed to address this?

Cloud transformation isn’t just changing technology. It’s changing responsibilities, financing models, and security approaches. Investments are shifting toward ongoing operational and usage costs. Implementing the cloud requires a cultural shift to foster acceptance and understanding of new processes. Without clear architectural principles, the result is added complexity rather than relief. You need a partner who takes a holistic approach to infrastructure, governance, and operations.

Here's how Ironforge supports you

Ironforge structures cloud transformation in areas where complexity is high and tolerance for error is low. We don’t start with technology, but with clarity: transparency regarding business-critical systems, regulatory requirements, and existing dependencies and vendor structures.

Based on this, we define a realistic target vision with clear architectural principles. We systematically organize data classification, access control, contract models, and exit scenarios from the very beginning. We prioritize migration paths based on business relevance and translate them into manageable programs.

Our approach combines three levels:

Infrastructure

We design and operate cloud environments tailored to your regulatory and operational requirements—whether hybrid cloud architecture, private cloud for sensitive data, or public cloud services for scalability and AI applications. Data processing takes place in Switzerland or within the European legal jurisdiction—without the risk of extraterritorial access. On-premises infrastructure remains relevant for certain applications and is integrated into the overall architecture.

Governance

We work with you to develop a governance model that clearly defines roles, responsibilities, and processes. Who decides which cloud providers to select? Who monitors compliance with security and data protection requirements? Who is responsible for controlling cloud costs? This ensures that cloud decisions are not made in silos but are consistent across the organization. This includes transparent processes for evaluating and selecting cloud services, as well as policies that ensure secure and compliant use—from data classification and access rights to compliance with regulatory requirements.

FinOps

We provide transparency into your cloud costs and establish management mechanisms that allow you to control and optimize spending—without compromising performance. Continuous monitoring of cloud usage enables you to allocate resources optimally and ensure the cost-effectiveness of your cloud infrastructure.

Our transformation process follows a proven phased model:

• Assess & Plan – Analysis of the existing landscape, application assessment, and development of a business case to serve as a technical and commercial basis for decision-making
• Setup & Prepare – Definition of the target architecture, platform setup, and organizational preparation
• Build & Adopt – Migration and implementation along prioritized migration paths, supported by change management
• Manage, Optimize & Innovate – Ongoing operations, continuous optimization, and exploration of new opportunities

We focus on four key areas: technology, processes, organization, and product. Core competencies such as governance, platform, security, and operations form the foundation of every transformation. Our consultants are specifically trained in cloud transformation and work according to consistent methodological standards. This allows us to combine technical architecture with organizational accountability and economic viability.

Solutions for every type of organization

Not every organization has the same needs. That is why we tailor our approach to your specific context:

Public sector (federal government, cantons, municipalities)

You are subject to the requirements of the Swiss Government Cloud and must process sensitive personal data in accordance with the Swiss Data Protection Act (DSG) in a controlled environment. For you, sovereignty means: infrastructure that is fully governed by Swiss law, with verifiable data locality and no access by foreign authorities. Cloud transformation enables you to design your IT infrastructure to be flexible and scalable, respond quickly to changing requirements, and lay the technological foundation for AI and automation. By eliminating media breaks, processes become faster, wait times shorter, and administration more citizen-centric. The shared use of standardized services across government agencies creates synergies and avoids redundancies. Ironforge supports you in translating these requirements—including the operating model and exit strategy - into a viable architecture.

Financial sector (banks, insurance companies, asset managers)

FINMA sets clear requirements for outsourcing and cloud usage. You must demonstrate that your data is protected, that you actively manage risks, and that you retain control over outsourced functions at all times. Cloud-native technologies shorten your development cycles and enable rapid responses to market changes. Compliance requirements such as the Swiss Data Protection Act (DSG), the General Data Protection Regulation (GDPR), or ISO 27001 can be met in a structured manner with the right architecture. Ironforge helps you build cloud infrastructures with documented control mechanisms and a contractual model that satisfies your regulatory authority.

Healthcare sector (hospitals, health insurers, research institutions)

Patient data is among the most sensitive information there is. The Data Protection Act (DSG), the Human Research Act, and cantonal health laws set strict limits. Private clouds offer advantages in terms of security and data protection. It is crucial for you that your cloud environment is not only technically secure but also meets the specific requirements for processing health data. Ironforge has the experience to translate these requirements into a functional operating model.

On the ]init[ network: IONOS and STACKIT as partners

A sovereign cloud infrastructure requires sovereign providers. That is why Ironforge, through our parent company ]init[, works with IONOS and STACKIT—two European cloud platforms that consciously distinguish themselves from U.S. hyperscalers. Ironforge acts as the integrator: We align the infrastructure of IONOS and STACKIT with your specific technical, regulatory, and organizational requirements.

What this partnership means for you in Switzerland:

Our Cloud Transformation Services

Ironforge is part of the ]init[ Group and brings the expertise of a European digital services provider to the Swiss market. Our work in Switzerland includes:

• Consulting and design of robust cloud architectures for organizations in the public sector and regulated industries
• Deployment and operation of cloud environments that meet Swiss data protection and compliance requirements
• IT Service Management in accordance with ISO 20000, ITIL-based and tool-supported
• Application Management: Support and further development of business applications, including legacy systems
• Cloud services and data center transformation: Migration and operation in a certified data center
• Legacy modernization: Further development and replacement of legacy systems
• Governance development for organizations adopting cloud usage for the first time or restructuring their cloud infrastructure
• FinOps implementation for transparent management of cloud costs

We are familiar with the Swiss regulatory framework—not in theory, but through hands-on project work with government agencies, financial service providers, and healthcare organizations. This knowledge is incorporated into every project: from the initial architectural sketch through to day-to-day operations.

Your next step: Assessing your current situation

A structured assessment provides clarity on architecture, dependencies, regulatory requirements, and issues of digital sovereignty. Whether you want to evaluate your existing cloud infrastructure for sovereignty, build a new environment, or implement governance and FinOps - Ironforge is here to support you.

We would be happy to discuss with you how your cloud transformation can be developed in a controlled and economically viable manner within your existing organizational and regulatory framework.

Request a Cloud Transformation Assessment