As enterprises race to modernise their digital cores amid rising cyber risk, regulatory scrutiny, and cost pressures, cloud strategy has become a boardroom priority. In this wide-ranging conversation with CISO Forum, EhsanEsteki, Founder of EETECH Cloud Services, shares a practitioner’s view shaped by hands-on work across Europe and India. From balancing intelligent automation with infrastructure modernisation to navigating hybrid and multi-cloud security, AI governance, and BFSI compliance, Esteki outlines why cloud success today is as much about skills, architecture, and discipline as it is about technology. His message is clear: sustainable transformation demands pragmatism, not hype.
Founder
EETECH Cloud Services
CISO Forum: From your experience across Europe and India, where do you see the most significant efficiency gains coming from—modernized infrastructure or intelligent automation?
EhsanEsteki: Both are important because, from my experience, each company and each reality has different needs. This is normal. Till now, we have been managing both requests. For some parts of a company, automation is essential everywhere. Why? Because companies now want to allocate their human resources differently.
Having resources only for click, click, click, or for controlling some part of procedures or daily IT infrastructure activities is not a positive aspect. The correct way today is to adopt different procedures and create quality time for employees to study, learn, and understand how they can bring positive improvements to existing IT processes.
For this reason, many companies ask us for support. Through this approach, employees can have quality time to invest in activities that bring real effort and positive outcomes for the company.
The second part is modernization. Some customers approach us because they are starting to face very high costs. Over time, previous managers or teams created cloud resources without proper documentation, indexing, or structure. As a result, cloud costs increased significantly. These customers ask us to help reduce their cloud infrastructure costs. In parallel, when we identify issues, problems, or areas of improvement, we introduce modernization initiatives.
Modernization is a critical topic in IT worldwide. Many existing applications have been built using a monolithic architecture.
What does monolithic mean? It means that all application components — business logic, web server, and often the database as well — are tightly coupled and deployed as a single unit, often running on a single virtual machine.
This model makes application evolution, scalability, and management more complex.
Monolithic architecture is not well suited for the cloud. Cloud environments require agility, speed, and flexible architectures, often based on cloud-native services and, where possible, serverless models.
When we modernize these environments, we decompose a single machine into multiple independent services. This approach helps reduce costs, simplifies application management, and significantly improves security.
From a security perspective, if one part of the application has a vulnerability, it is segregated from the rest of the application. The issue does not impact the entire application stack. This isolation significantly improves resilience and security posture.
CISO Forum: As hybrid and multi-cloud become the norm, what new architectural or security challenges are emerging?
EhsanEsteki: Yes, the security aspect comes after clearly understanding what multi-cloud really means. At the same time, you can create your infrastructure not only with one cloud provider, but across multiple cloud providers. In this scenario, security becomes crucial, and we are already implementing this approach for some customers.
This is where DevSecOps comes in. DevSecOps is the process E-Tech provides to customers to enable continuous integration and continuous delivery—not only on the application side but also on the infrastructure side. This means that if someone wants to interact with four or five cloud providers, they must follow the DevSecOps process.
When a person wants to release a new version of the platform or application, the code needs to be reviewed. This significantly increases the security level. How do we review the code? There are many cloud services available, depending on the cloud provider or on-premise environment used, that can control these calls. If someone mistakenly leaves a bug, automation helps developers or cloud engineers identify and fix it.
This increases security further. After this stage, when the code is deployed on the cloud, we can use native cloud services to validate the results. For example, when a new service is created in the cloud, it helps verify its security. This represents another level of protection.
The third level of security is monitoring. We already implement monitoring systems for our customers so that every part of the application and infrastructure deployed on the cloud is continuously monitored. If something goes wrong, we can detect it early, prevent escalation, and fix the issue before it impacts operations.
CISO Forum: How is AI changing the way organizations approach cloud cost, performance, and governance?
EhsanEsteki: In 2025 and 2026, the word AI is used every day and is associated with many different areas because it is growing very fast, extremely fast. Every second, we see progress. At this moment, I can share my idea and my vision with you on how AI can help companies.
AI helps companies significantly, especially from a consulting perspective, by enabling us to access large amounts of information across many areas quickly. It can help us design infrastructure, write code, and perform many other activities. AI can help us in many ways, but I hope you understand my point when I say it should.
By this, I mean AI should become our friend, not our substitute. This is very important. This technology is still very new, and at this stage, it is better to have fewer employees with stronger skills—people who know how to use the correct language to communicate effectively with AI.
This is not the right moment to discuss replacing employees with AI. Maybe in the future—I don’t know, because I don’t have a crystal ball. But at this moment, it is better to collaborate with AI to advance the development of infrastructure, platforms, code, applications, and more.
At the same time, organizations should invest in human resources so that people develop high-level skills to manage AI, for example, understanding algorithms or finding the best and fastest way to communicate with AI technologies.
CISO Forum: Many BFSI firms still hesitate to complete a cloud migration due to compliance concerns. What’s your take on balancing innovation with regulation in such high-stakes environments?
EhsanEsteki: The first point we need to keep in mind is complete migration. It is better to have an intermediate level rather than moving completely at once. From my point of view, the right approach is a hybrid infrastructure—a correct hybrid infrastructure.
With the proper hybrid setup, during our engagement process, customers usually start with on-prem infrastructure. The final goal can be a fully integrated cloud environment, but in between, there is a phase where customers begin to understand and work with the cloud while still keeping their primary resources on-prem. After some months, as customers become familiar with the cloud, we introduce a specific program called the “journey to the cloud.”
This program is not only about moving infrastructure to the cloud, but also about giving customers the right skills. One essential keyword here is training. At EETECH, we focus on providing training to the customer’s internal teams and working together with them. In this way, customers not only gain the benefits of cloud infrastructure, security, automation, and so on, but also learn how the cloud really works.
These are two critical points that EETECH has consistently followed and shared with customers, and so far, we have received positive feedback.
In terms of regulation and legal aspects—sorry, I did not fully address this earlier—regulation varies by region. We work in Europe and India. In Europe, as you know, GDPR is very strong. Because of this, cloud providers have adapted by creating regional data centers to comply with local laws.
Regulations often require data territoriality. This means data must remain within a specific geographic region. For example, if a customer in Italy wants to run an application with sensitive data, we deploy it in the local AWS data center in Italy. Similarly, in India, cloud providers such as AWS, Google, and Oracle operate local data centers to meet local regulatory requirements.
In this way, we help customers manage sensitive data while complying with regulatory constraints. At the same time, we introduce encryption. This means that when data is moved to the cloud, customers can use their own keys to encrypt the data. As a result, no one can read or interact with the data without authorization. Data is encrypted not only at rest but also in transit.
For these reasons, organizations can be compliant while still moving forward confidently.
CISO Forum: Looking ahead, what emerging technology—quantum, sovereign cloud, AI agents—do you believe will most disrupt digital transformation in the next five years?
EhsanEsteki:In the future, AI technology will grow rapidly, along with robotics, IoT, and computer vision. These four technologies can have a significant impact on business. At this moment, the key question is whether AI can substitute human resources.
Globally, these technologies—AI, robotics, IoT, and computer vision—offer immense possibilities. They can automate various tasks, enhance efficiency, and decrease the reliance on human involvement across numerous operational sectors.
However, it is vital to strike a balance between technological innovation and ethical considerations to ensure a seamless coexistence between humans and machines.
