The challenge
Between modernization pressure, data-sovereignty requirements and a misunderstood shared-responsibility model, many cloud migrations happen without a security architecture: over-privileged accounts, unencrypted sensitive data, missing logs. The risk doesn't come from the cloud — it comes from improvised migration.
The provider secures
You secure
The shared-responsibility model: nearly all cloud incidents happen in the right-hand column.
What we deliver
Cloud strategy aligned with your regulatory constraints (sovereignty, BCEAO, CDP)
Secure target architecture: landing zone, IAM, segmentation, encryption
Wave-based migration plan with cut-over and rollback criteria
Hardening and configuration review (cloud CIS benchmarks)
Cloud security monitoring: centralized logging, detection, alerting
Our method
Current-state assessment and data classification by sensitivity.
Secure landing-zone design before any workload moves.
Wave-based migration: non-critical first, measured cut-over for the rest.
Skills transfer and secure run (FinOps + SecOps).
Who it's for
West African banks, insurers, mid-size companies and public administrations migrating to AWS, Azure or a hybrid model — or wanting to regain control of an existing cloud estate.
Frequently asked questions
Is public cloud compatible with our sovereignty obligations?
Often yes, provided you choose the right regions, encrypt with your own keys and keep certain critical data on-premises (hybrid model). We qualify this data by data, not by dogma.
Who is responsible for security: us or the cloud provider?
Both — that's the shared-responsibility model. The provider secures the infrastructure; configuration, identities, data and encryption remain yours. That's where nearly all cloud incidents happen.
How do we avoid vendor lock-in?
By favouring open standards (containers, IaC), documenting an exit strategy from day one and keeping data in portable formats. Reversibility is designed at the start, not when you want to leave.
