In the second episode of Cloud Meets Hybrid | Automation Talks, XOAP’s podcast series exploring real-world automation challenges and solutions, Mario Istuk sits down with Norbert Ponak, founder of Clourity, to discuss security, compliance and automation in today’s hybrid IT environments.
With over three decades of experience at companies like Citrix, Nutanix and Microsoft partner Aero ECS, Norbert now leads Clourity, a consultancy that helps organizations transition to the cloud securely and strategically.
Tackling compliance in hybrid environments
Norbert highlights how modern IT environments are a mix of legacy, on-premises and cloud systems, often managed through different tools like GPO, Intune or even unmanaged. This fragmentation makes compliance harder to track and enforce.
He explains that compliance automation is about creating a unified environment that supports various requirements across platforms. The real bottleneck, Norbert says, isn’t identifying issues—it’s remediating them quickly with limited time and resources.
Key benchmarks and regulations
Norbert points to two regulatory frameworks shaping compliance efforts today:
• NIS2: New EU cybersecurity regulation.
• DORA (Digital Operational Resilience Act): Especially relevant in the financial sector, where strict timelines and documentation are required.
He emphasizes that automation supports both technical remediation and the reporting processes auditors expect.
Automation Talks #02
This video may not load due to your cookie preferences. Adjust your cookie settings or watch it directly on YouTube.
The role of automation—and XOAP
While automation plays a critical role, Norbert stresses that it doesn’t fully replace manual auditing. Instead, it becomes part of a hybrid approach, providing granular system-level data that supports compliance reporting.
Tools like XOAP are central to this strategy. Norbert describes XOAP as a modular, flexible platform that adapts to the unique needs of each project. It’s seen by Clourity as a solution to:
• Define and enforce configuration baselines
• Manage infrastructure across platforms (on-prem, cloud, hypervisors)
• Automate application rollouts and patching
• Respond quickly to compliance issues flagged by SOC teams
XOAP’s modularity lets users focus only on the components they need, without forcing a one-size-fits-all approach.
The importance of planning
Norbert’s biggest tip for organizations beginning their compliance journey: “Plan before you do.”
He observes that many teams dive into cloud projects or security initiatives without proper structure, leading to disorganized systems that require rework. Starting with clear baselines and automation helps teams avoid costly mistakes.
What’s ahead in 2025
Looking to the second half of 2025, Norbert expects a rise in AI-driven projects, especially in security and business operations. He believes this will accelerate cloud transitions, as organizations need scalable infrastructure to fully leverage AI services.
As cloud adoption increases, so will demand for desktop virtualization, platform services and standardized automation frameworks like XOAP.
Watch the full episode of Automation Talks to hear the complete conversation with Norbert Ponak. For more insights into compliance, automation and hybrid cloud strategy, subscribe to the podcast and follow XOAP for future updates.
The podcast is also available on Spotify.
Featured image by slidesgo on Freepik
