Even though security often comes with restraints and digital resilience demands time and effort, having a highly secure, fully compliant cloud solution doesn’t have to slow you down. Schuberg Philis has built a new private cloud to bring you all the cloud can offer without compromising speed, security, or locality.
sbp.cloud is our revamped private cloud, built on the basis of the VMware Cloud Foundation (VCF) framework and ready to deliver the most advanced services to our customers. sbp.cloud is – like its predecessor, our private cloud known as MCC – 100% Dutch-owned and fully compliant with EU regulations and professional IT auditing standards. Its features ensure workloads stay secure within the tightly controlled privacy of our sovereign cloud. In addition, customers can incorporate it in a hybrid setup, using the public clouds of AWS, Azure, and Google to create the ideal combination of both worlds.
What customers wanted then and need now
MCC, an acronym for “mission-critical cloud,” was released over a decade ago to fulfill customers’ wishes for datacenters located exclusively in the Netherlands. To date, MCC lets us run the full stack for these customers, serving as a partner they can trust.
In spring 2022, we released sbp.cloud to succeed MCC. As always, we applied our highest security standards and criteria for compliance, robustness, and scalability. Built for demanding applications, high performance without the typical overbooking of resources that is so common in the marketplace.
For sbp.cloud, we also exclusively employ local datacenters, use our own hardware – all from A-brand vendors – and have a dedicated team to control the full stack, from cable to application. Datacenter resilience is built-in, as our availability zones spans multiple datacenters. It is architected with the best possible performance, availability, and reliability characteristics. This lets us give customers full control of their business so as to cope with, adjust to, and even excel in the face of nonstop change and global challenges.
No doubt as lives become ever more digitized and the internet increasingly decentralized, privacy and security regulations proliferate. Plus, their complexity thickens. The Digital Operational Resilience Act (DORA), for example, is due to go into force in early 2023, pushing financial institutions in Europe to adjust their setups and strategies around risk, cybersecurity, and third-party providers. Cyberattacks are now daily news, with ransomware causing physical-world effects and plenty of risk reassessment. But regardless of how rocky global affairs become, our service principle applies unwaveringly to sbp.cloud: 100% customer satisfaction.
Best-in-breed plus tailoring
sbp.cloud was designed with a best-of-breed approach and built according to VMware Cloud Foundation (VCF). The VCF framework, created by VMware, allows us to use more features to benefit our customers while securely running and protecting mission-critical applications. VCF integrates seamlessly with our backup- and data-management solution, which also prevents data loss from ransomware attacks, malicious intent, and/or human error.
Whatever our solution, we make sure it’s solidly constructed, maintains its desired state, and gets subjected to automated security checks and continuous updates. Even when we take a product such as VCF off the shelf, we do a lot of tailoring. Layer by layer, we add security measures and implement them across all systems. Default Schuberg Philis security standards incorporate those of the Center for Internet Security (CIS). While public clouds may permit less secure options as a tradeoff for easy management, sbp.cloud copes well with CIS standards without losing flexibility or functionality. Moreover, by implementing the widely known CIS standards, we can share the state of our systems against this framework with our customers.
But none of these best-in-breed products or tailored solutions would be possible without customer teams who bring them to life. It takes a multi-disciplinary group of committed experts to build digital resilience, which we see is as much a mindset as a matter of practice. Our customer teams are on call 24/7, as is the cloud team who created sbp.cloud and continues to transform best practices into better and better iterations.
Hybridity and connectivity
As a vendor-agnostic and therefore also cloud-agnostic company, we enthusiastically support multi-cloud and hybrid solutions. Being hybrid-ready, sbp.cloud has made private connections available between its platform and the public clouds. A setup like this could be appropriate for highly regulated companies seeking to leverage a public cloud’s scalable offerings. While preferring, or being required by regulators, to run mission-critical processes or store sensitive data on a private cloud.
For others, moving mission-critical IT to the public clouds at once might feel too great a leap. sbp.cloud also welcomes customers to take an intermediate step, making them comfortable with a partner who takes total responsibility for their platform while at the same time enabling a digital transformation. Along the way, our work together breeds trust. That, in turn, accelerates improvement as we focus on keeping the solution secure and compliant and thus predictable and auditable.
This brings the best of the cloud to the customer right away. Yet, by introducing hybrid features, we leave open possibilities for safely linking to and operating in other environments with speed, agility, and flexibility. These opportunities can shorten time to market, but also respond to growing mandatory rules, such as DORA’s requirement that financial intuitions have a viable cloud exit plan in place.
Experience and experts
Because a large share of our customers are financial institutions and bodies that comprise the vital infrastructure of the Netherlands, we’re used to meeting the highest-regulation demands for security and compliance. We finetune top-line security requirements to get them translated into standards and best practices that profit all our customers.
To illustrate, the Big Four accounting firms regularly perform ISAE 3402 audits on us, reporting on the assured quality of our controls. Auditing baselines we include in all our solutions consist of controls that we check automatedly on an hourly basis and report on. The same goes for third party-conducted penetration tests, to which Schuberg Philis also regularly subjects itself. So in partnering with us, customers necessarily benefit from our adherence to highest-level compliance.
After all, when it comes to securing cloud environments for mission-critical workloads, digital trust is largely determined by customers’ capacity to feel peace of mind. As such, we ensure that our solutions reflect the origins of the very word “security”: from Latin’s se for “without” and cura for “care” or “worry.” We like to think, then, of security as being a worry-free state. We invite you to get there using sbp.cloud, our new private cloud for securing mission-critical workloads while empowering your IT to make your business shine.
Want help managing your mission-critical assets? Read more content in our series about sbp.cloud or get in touch.