The multi-vendor cloud strategy is under the roof of the cloud house. The MVCS is based on three pillars, which represent the generally known services (IaaS, PaaS, SaaS) of classic cloud computing Depending on the company, further services can be listed, such as Security as a Service, Process as a Service, etc.
For all services used, minimum requirements should be defined overall and per service provider in order to meet external as well as internal expectations. In addition, suitable security measures should be implemented for the “generally known risks” (security risks; compliance risks; contract risks; performance risks). The security measures can be designed differently from company to company. The basis for the security measures implemented should always be the underlying risk analysis.
The foundation consists of the internal cloud competence team that controls all cloud providers and ensures that all systems are coordinated with each other. It also ensures effective business continuity management, taking into account all cloud providers and internal IT services.