Ormilon

An auditor gives you 48 hours. What does your team do first? A regulator, an enterprise prospect, or a new security partner sends this request on a Monday morning: > Where exactly is your customer data stored right now? > Who had admin access last month, and when? > Full access logs for the past 30 days. > Proof of active monitoring. > Your exit procedure, step by step. Most teams I know would start with a Slack message to the wrong person. You have the right certificate now where's the operational proof? If your setup cannot answer these four questions within 48 hours, supported with actual evidence, you need to find out now. Before someone else finds out first. Could your team pull this together today?

I've noticed something concerning in the cloud market recently and I think every CTO should pay attention. The big cloud providers are in a race. They're putting all their money, engineers, and resources into AI infrastructure and GPU power. Everything else is taking a back seat. The problem? Traditional cloud infrastructure is getting less attention. Maintenance takes longer. Support is harder to reach. Updates are slower. Forrester research shows we should expect at least two major, multi-day cloud outages this year. They call it "infrastructure fragility." Real digital independence is about staying online when others go down and about having options when things go wrong. That's why I created this simple framework (see below): > Assess what downtime really costs you > Distribute across multiple providers (including sovereign EU options like Ormilon) > Automate your failover processes > Test regularly > target: under 15 minutes recovery My question to you: Do you have a plan ready for when an outage like this occurs? Or are you just hoping for the best? Download the framework below and share it with your team. 👇

0.1 second can cost you your best customers Most product roadmaps list latency under "technical debt" or "nice to have optimizations." But here's what I've learned: every millisecond compounds into something far more expensive => user perception. When your app takes 200ms longer to respond, users don't think "slow server." They think "this feels clunky" or worse, "maybe I should try the competitor." Amazon found that every 100ms of delay cost them 1% in sales. Only because of lost trust. This is why I push my teams to reframe latency conversations: Luckily engineers love optimisation and shaving milliseconds. But It's also about respecting the user's time and gaining their trust. Cloud architecture is about product strategy too. It's brand positioning. The companies that win treat speed as a core pillar of user experience from day one. What's your take? Are you optimising for latency yet?

I read the new State of AI Infrastructure Report from DDN this week. One number jumped out: 54% of all organisations have delayed or cancelled AI projects in the past two years. Take a guess; Was it lack of talent or insufficient budget? Nope, it was because of infrastructure bottlenecks. Image how this happened. We're investing millions in GPUs and LLMs, but forgetting that the data motorway leading to them is blocked. It's like building a Formula 1 engine into a city car and then being surprised you're not going any faster. The Infrastructure Gap is Europe's biggest AI blocker Europe has set a clear course over the past few months with the Cloud and AI Development Act. We NEED to become independent from American hyperscalers. But sovereignty will only happen when we have infrastructure that can handle AI workloads. Deloitte calls it "Inference Economics": companies are now discovering that their current infrastructure isn't aligned with the unique demands of AI in production. Training is one thing. But real-time inference at scale? That requires a completely different architecture. Three pillars to bridge the gap: > Latency under control: AI applications demand sub-100ms response times. That doesn't work if your data travels through three continents. > Sovereign compute: European companies deserve European infrastructure. No dependency on jurisdictions that might change the rules tomorrow. > Energy efficiency: 93% of organisations are actively working to reduce their AI footprint. Modern cloud architecture can use up to 40% less energy at comparable performance. At Ormilon, we're building the foundation that European AI innovation can run on with no compromising on speed, control or sustainability. My question to you: If you take an honest look at your infrastructure today is it keeping up with your ambitions?

To online, or not to online your password manager? That is the question I've recently come by. Offline feels safer. Online is easier. But both left us indecisive. Offline gives control but It also gives you full responsibility for updates, backups and access. Online is convenient. And boy do we love convenience. But it adds more points where things can go wrong. So the real question is not offline or online. It is: who owns the risk, and who manages it well? The graphic below shows the trade-offs. There is no right answer, but in case you're curious, we went for self hosted/managed. How about you?

Imagine; You have 90 days to move your whole cloud infrastructure to another provider. An interesting thought experiment, right? This is what we call a “90-day exit”, and it is a great way to find hidden dependencies and possible obstacles in your current cloud architecture. Where would you get stuck? Here are some common problems we often see: > Data formats Are your data stored in open, universal formats, or do you depend on the specific formats of your current provider? Converting large datasets can be a huge task. > Proprietary services Do you use unique, cloud-specific services that do not exist at other providers? Think of some database services, AI/ML platforms or serverless functions. These are often hard to copy or replace. > IAM (Identity and Access Management) Moving user roles, permissions and authentication methods can be complex, especially in large organisations with many users and services. > Egress fees The costs for moving your data out of the cloud can be an unpleasant surprise. Egress fees can become very high, especially with large amounts of data. So how do you build an exit-friendly architecture? Here are a few key principles: > Use open standards and formats Where possible, choose open-source solutions, open data formats (such as Parquet, ORC, CSV) and APIs that are widely used. This reduces your dependence on specific cloud providers. > Modularity and loose coupling Design your applications and services so they can work on their own and communicate through clear, well-defined interfaces. This makes it easier to move or replace single components without affecting the whole stack. > Data portability and ownership Make sure you always stay in control of your data and can easily export or move it. Set up backup and disaster recovery strategies that do not depend on a single cloud provider. Be honest: which part of your stack is most “locked in” today?

The new European cyber laws (NIS2, DORA, CRA) are coming fast and they change everything. Not just for cloud providers or banks. For everyone in the digital chain. I get the feeling many companies see these laws as as bureaucracy. Extra paperwork. More audits. Another layer of “compliance theatre.” I personally don’t. I think digital security is a shared responsibility. We are the ecosystem. It's impossible to build a secure Europe when only a few take it seriously. At Snel.com and now at Ormilon too, this mindset is part of our core: - European-only data storage - Transparent processes - Full access control & logging - Continuous monitoring & reporting I'm not afraid of these laws slowing innovation, they are needed to make it sustainable. And that’s exactly how it should be. How is your organisation preparing for NIS2? Curious to hear how teams are adapting to regulation