Skip content

Innovation vs. Regulation

Building Bridges Between AWS Cloud Development and IT Security

Highlights, Tech // Oliver Goldich // Oct 13, 2025
ABC02916

A Personal Report from the AWS Community Day and IT-SA 2025

Unleashing innovation without compromising security — at Tallence, we believe that true digital transformation only succeeds when technology, security, and strategy go hand in hand. Our Cloud Security expert Oliver Goldich attended the AWS Community Day and IT-SA 2025 to explore the latest trends between cloud innovation and IT security. In this report, he shows how companies can balance innovation speed with compliance through clear strategy and the right cloud architecture — and how Tallence makes the decisive difference.

Two Worlds, One Challenge

In early October, I had the opportunity to immerse myself in two worlds that form the heart of digital transformation — yet often beat to their own rhythm.
First, the AWS Community Day in Munich: a vibrant gathering of the “Builders” — cloud architects and developers — centered on boundless innovation, serverless architectures, and radically reduced time-to-market cycles.
Immediately after came IT-SA in Nuremberg — Europe’s epicenter of the “Protectors,” where CISOs and IT leaders discussed the pressing issues of compliance, risk management, and digital sovereignty.

Two days, two conferences, two perspectives — and at the center, one key challenge that drives every IT decision-maker today:
How do we build the bridge between the speed of innovation demanded by the business and the level of security required by regulation?

For me, this week was not only enlightening — thanks to insightful conversations with the BSI about the evolution of the C5 catalog, or with AWS on the EU Sovereign Cloud — but also a clear confirmation:
Success doesn’t come from choosing one side, but from intelligently connecting both.

The Pulse of Innovation: Insights from AWS Community Day

In Munich, the energy was palpable — it was all about breaking barriers.
One quote from Matthias Patzak’s keynote stuck with me:

„Done means someone’s need was met.”

This strong focus on customer value, combined with approaches such as hypothesis-driven experimentation, is the engine that reduces development cycles from months to weeks.
Technically, this was reinforced by sessions like Lisa Mischer’s “MCP Servers – Minus the Servers”, demonstrating how fully serverless implementations can massively reduce complexity.

Yet even in the heart of the “Builder” community, one thing was clear: innovation does not happen in a vacuum.
Discussions around the AWS European Sovereign Cloud and compliance frameworks such as the BSI C5 attestationshowed that strategic guardrails must be built into architecture from the start.
The question is no longer if we can innovate securely — but how.

The Mandate of Security: Top Trends from IT-SA 2025

In Nuremberg, this question took center stage. The exhibition halls were defined by three unmistakable trends shaping the pressure on IT decision-makers:

  1. The AI arms race is real.
    Attackers are using AI to automate and scale their attacks. The defense can no longer rely solely on human response — it must also become autonomous.
    Concepts like Agentic Security and integrated platforms are no longer futuristic — they’re a necessity to secure organizational resilience.
  2. Compliance as a driver of innovation.
    The regulatory triad of NIS2, the Cyber Resilience Act (CRA), and DORA has become the strongest market force.
    Direct management liability and strict 24-hour reporting obligations have made cybersecurity a true boardroom issue.
    This compels companies to treat security not as a brake but as a design principle — Security by Design.
  3. Consolidation beats complexity.
    The era of fragmented security tools is over.
    The market is moving decisively toward consolidated platforms (e.g., CNAPP) that provide transparency across hybrid and multi-cloud environments.
    The foundation of this transformation is a consistently implemented Zero Trust approach — one that places trust not in the network, but in identity.

The Synthesis: How to Build the Bridge Between Innovation and Security

The true challenge for IT leaders lies in synchronizing these two worlds.
It’s about aligning the agile culture of the “Builders” with the governance demands of the “Protectors.”
From my conversations and sessions during the week, I’ve distilled three key action areas:

  1. Lay a holistic cloud strategy as the foundation.
    Moving to the cloud is not merely a technical decision — it’s a strategic one.
    Before a single line of code is written, the pillars of governance, security, and compliance must be established.
    This means designing a secure and compliant platform architecture from the outset, aligned with regulatory requirements such as BSI C5 or NIS2.
    A “Strategy-First” approach ensures that cloud adoption supports your business goals — not the other way around.
  2. Make “Security by Design” a lived practice.
    The Cyber Resilience Act (CRA) formalizes what should already be standard practice: security must be integrated into development from day one.
    This demands close collaboration between development and security teams, as well as tools for code analysis and vulnerability management directly embedded in the CI/CD pipeline.
    Only then can the desired innovation speed be maintained without introducing new risks.
  3. Focus on resilience, not just prevention.
    The question is no longer if an attack will succeed, but when.
    Strategic objectives are shifting from pure defense to resilience — the ability to detect, respond to, and recover from an attack while maintaining operations.
    This requires modern, integrated security platforms and a robust identity and access management approach based on Zero Trust principles.

Your Partner in Building the Bridge

The insights from Munich and Nuremberg make one thing clear:
Digital transformation requires experts fluent in both languages — that of agile cloud innovation and that of strategic cybersecurity.
You need a partner who not only implements technology but accompanies you throughout the entire journey.

At Tallence, we specialize in building precisely this bridge for our clients.
With our Digital Platform Services, we create robust, secure, and scalable architectures ready for the future.
Our Cloud Security Consulting helps you make the right decisions — from strategy to implementation — ensuring compliance with standards such as BSI C5 and sustainably securing your cloud environments.

This week of conferences was a complete success for me — combining professional exchange with valuable personal connections.
Let’s continue this dialogue.

About the Author

Oliver Goldich is Senior Cloud Security Architect and AWS Alliance Lead at Tallence AG.
With over a decade of experience at the intersection of technology leadership and deep cloud expertise, he translates complex business requirements into secure, scalable, and cost-efficient cloud solutions.
His mission is to help organizations harness the full power of the cloud securely — shaping the future of cloud innovation strategically.

Facing similar challenges?

Let’s talk about how we can build the bridge for your organization.