Frequently Asked Questions (FAQs): Everything You Need to Know

General Questions

What does skyquest do?

Skyquest is a specialized end-to-end Managed Cloud & AI partner, not just another provider. We design, migrate, and optimize infrastructure and applications using IaC, CI/CD, and AI-driven automation for speed and efficiency. Beyond infrastructure, we build and manage custom AI solutions on secure, compliant platforms, ensuring reliability, scalability, and governance.

Costs are transparent and predictable with FinOps optimization, while compliance and security are built-in (ISO27001, data sovereignty and US Cloud Act protection using CH or EU data centers, FADP/GDPR, AI Act). Our 24/7 team ensures high availability, fast incident response, and predictable releases.

What makes skyquest different from other providers?

• Full Scope, Not Just Infrastructure: We manage both infrastructure and applications, plus deliver custom AI solutions on top if needed; all under one roof. This means faster releases, smarter automation, and AI-driven optimization.
• Super-Fast Delivery Using Modern Tech: We leverage IaC, CI/CD, and AI automation to design, migrate, and implement infrastructure at record speed; so you launch features 35% faster and cut MTTR by up to 90%.
• Transparent, Predictable Costs: No hidden margins. Cloud costs are passed through 1:1, paired with a subscription model for stability and FinOps optimization to keep expenses low.
• Compliance & Trust Built-In: ISO27001-compliant, Swiss and EU data centers, bullet-proof security, and business continuity with disaster recovery, backups, and high availability.
• Independent & Unbiased: We select the optimal cloud provider and tools for your needs, not ours; always with performance and cost-efficiency in mind.
• Dedicated 24/7 Expertise: Our team monitors both infrastructure and apps, integrates with your tools, and even helps resolve app issues; delivering 219% ROI through outsourcing.

Where is skyquest based?

We operate from Switzerland; our offices are located in the economic and technological hub of Zug.

Do you work with international clients?

Yes, we support global businesses, operate 24/7 while guaranteeing compliance with local regulation and data protection requirements.

What is included in CloudOps Complete?

We handle the design, build, migration, and full lifecycle management of the infrastructure running your application. You focus on shipping code; we ensure the platform running is resilient, secure, and controlled.

Our service deliverables cover the entire stack:

• Infrastructure design: We embrace Well-Architected Framework reviews to eliminate single points of failure, and we tailor the architecture to your application requirements, balancing performance and cost while prioritizing cloud agnostic tools and services to prevent vendor lock-in and ensure portability.
• Security: Your infrastructure runs in an ISO 27001 certified environment, where we go above and beyond by implementing hardening configurations for operating systems and cloud services, implement Zero Trust network architectures, force encryption at rest and in transit and include SAST, DAST and SCA in a shift-left approach.
• Release Engineering: We implement automated rollout strategies to reduce deployment friction and the “blast radius” of failed updates through our CI/CD pipelines.
• Advanced observability & self-healing: We can integrate with your monitoring stack or leverage our own to get a single pane view on your application health. Beyond basic alerts, we implement automated remediation for common application errors and help you keep up with your KPIs and SLO.
• Day-2 Operations: We handle the heavy lifting of maintenance, including automated patch management, certificates of rotation, capacity planning, system maintenance, while adhering to agreed-upon SLAs.
• Financial Optimisation: We implement FinOps best practices from day one and regularly monitor cost, orphaned resources and right-sizing instances, as well as set up budget and anomaly detections to ensure you keep your costs controlled without compromising on performance.

Which cloud platforms do you support?

We support the major public hyperscalers: AWS, Azure, and Google Cloud, as well as specialized Swiss sovereign clouds for strict data residency requirements in Switzerland and Europe.

Our solutions are designed to tackle specific complexities of air-gapped environments or restricted internet egress scenarios to ensure full data residency compliance without sacrificing automation capabilities.

Do you support hybrid and multi-cloud setups?

Yes, we can help your on-premise infrastructure leverage the power of cloud (e.g. bursting workloads during peak demand), as well as select best in class services from multiple cloud providers to design hybrid and multi-cloud solutions.

How do you handle application deployments?

We take the burden of “deployment day” off your shoulders by managing rollouts and ensuring quick rollbacks if issues arise. We range from simple script deployments to GitOps methodologies using modern tools and frameworks following the latest trends in DevOps. We implement progressive delivery strategies, such as rolling updates, canary and green-blue deployments, and adapt them to the application needs and requirements.

Do you offer observability tools?

Yes, if you don’t have an existing monitoring stack that you would like us to integrate with, we offer a monitoring solution based on Datadog. We instrument the infrastructure and application to send metrics that help you quickly diagnose and troubleshoot problems and have a clear picture of the overall health of the service, as well as SLO measurements in
real time.

How do you handle disaster recovery and backups?

Your business continuity is paramount, and we design your infrastructure with resilience as a core pillar. We define strict RTO and RPO SLAs in contracts and make sure to test our strategies regularly, to ensure that a failover is never an issue. Our approach relies on distributing backups across different regions within the same cloud provider, as well as within multiple cloud providers where needed.

How do you help with cost optimization and FinOps?

We continuously monitor your infrastructure costs and set budget alerts to avoid overspending, while following FinOps practices that allow you to understand where costs are generated from, as well as our insight into how to get rid of them.

Do you provide penetration testing and vulnerability management?

An external security provider conducts regular penetration testing on all infrastructure, and we make sure to keep things secure by running SAST, DAST and SCA in our CI/CD pipelines, with a strict requirement that security testing passes before promoting changes to production. We implement vulnerability assessment tools (e.g. Microsoft Defender for Containers) which help detect vulnerabilities in your workloads, so that you get alerted on new CVEs found in your application and can act on them as needed.

Do you support compliance audits?

Yes, by leveraging our continuous GRC tool, we make sure to stay compliant with relevant certifications and standards such as ISO 27001 24/7 by mapping cloud controls to compliance frameworks through deep integrations with our providers. We can provide an “auditor view” of our tool to your auditors, so that they can verify compliance.

What does AI Complete cover?

We custom design and build AI systems tailored to your business needs, hosted in secure, compliant environments.

This includes:

• End-to-End AI Development: From concept to deployment, we handle model design, training, and integration.
• Secure AI Hosting: Your AI runs on infrastructure engineered for data privacy and regulatory compliance.
• Full Lifecycle Management: Just like with CloudOps, we manage updates, monitoring, and scaling, so your AI solution stays reliable and future-proof.

What types of AI solutions do you build?

We build both classical machine learning and modern GenAI solutions, including:

• Custom AI agents: Chat- or workflow-driven assistants that can act on your systems (e.g. support, operations, and internal tooling), powered by self-hosted or hosted LLMs.
• Document Q&A and search: Retrieval-augmented systems that answer questions using your internal documents, wikis, and knowledge bases.
• Predictive analytics & forecasting: Demand, churn, risk, and anomaly detection models.
• Generative AI use cases: Text generation, summarization, classification, content enrichment, and more.

Our solutions are built on secure, governed platforms and integrated with your existing tools and APIs.

Do you support large language models (LLMs) and GenAI?

Yes. We support LLMs and GenAI in multiple ways:

• Deployment of open-source and commercial LLMs in Swiss/EU data centers or your own hardware.
• Private LLM setups where your data stays isolated and is not used to train shared models.
• Connectivity to hosted LLM APIs where this fits your security, privacy, and compliance requirements.
• Optimization for latency, cost, and quality (prompt design, caching, routing, and model selection).
• Guardrails and safety filters to control what AI can and cannot answer or do in your environment.

We work with you to choose the ideal architecture for each use case, balancing data sensitivity, regulatory and risk profile, performance, and cost, whether that means fully data-sovereign deployments, trusted hosted LLMs, or a hybrid approach.

Can you deploy AI models on-prem or in private cloud?

Yes. AI Complete supports on-prem, private cloud, sovereign cloud, and public cloud deployments.

You can run AI workloads:

• In Swiss data centers, EU regions, or your own racks.
• In private or sovereign clouds operated by you or trusted partners.
• In hybrid setups where sensitive data stays in your environment while less critical workloads run in the cloud.

All deployments use our CloudOps Complete foundation (IaC, CI/CD, observability). This gives you consistent security, monitoring, and backups across environments, letting you move workloads later with minimal changes.

Do you provide MLOps pipelines for AI lifecycle management?

Yes. We provide MLOps and LLMOps pipelines for the entire AI lifecycle, including:

• Versioning and CI/CD for models, prompts, and agents.
• Automated evaluation and regression checks before releasing new models.
• Monitoring of performance and drift (data, model, and prompt).
• Rollback capabilities so you can revert to a previous stable model or configuration quickly.

This makes AI changes as reliable and auditable as regular software releases.

How do you ensure AI model security and data privacy?

We design AI systems with security, privacy, and data sovereignty by default:

• Encryption of data in transit and at rest, network isolation, and hardened access paths.
• Strict IAM and RBAC, with separation of environments (dev/test/prod) and audit logging.
• Data residency controls (e.g. Swiss-only or EU-only storage and processing) to meet your sovereignty requirements.
• No cross-customer training: your data is not used to train shared models.

These controls build on our ISO27001-aligned security baseline and CloudOps foundations.

Do you help with AI compliance (EU AI Act)?

Yes. We support you in aligning your AI solutions with the EU AI Act, GDPR, and Swiss DPA, including:

• Risk classification of AI systems and documentation of intended use.
• Governance frameworks for high-risk use cases (policies, human-in-the-loop, approvals).
• Technical and organizational controls (logging, access control, data minimization).
• Ongoing review of your AI landscape as regulations and guidance evolve.¨

Where is my data stored?

We give you full control over data residency to satisfy both legal obligations and latency requirements. You can choose to host your workloads in public cloud regions globally or in European and Swiss data centers owned by a Swiss cloud provider for strict data sovereignty. For high availability setups, we ensure data is replicated across multiple physically separated locations within the same region, in order to survive data center failures without crossing borders.

How do you guarantee security?

We embrace a defense-in-depth strategy by designing your solutions to be protected against attacks on both infrastructure and application. Our strategy includes: Zero trust architecture, continuous vulnerability scanning, CSPM tools, runtime security scanning, suspicious activity detection, data loss prevention strategies and tooling, strong RBAC policies following the least privilege principle, firewalls and state of the art encryption standards, application firewalls with WAF policies and DDoS protection.

Do you offer Zero-Trust architectures?

We implement Zero-Trust principles as we are aware that most attacks come from within an organization’s perimeters, our strategy includes:

• Users are granted exclusively read only on resources, with the option to escalate privileges in a controlled and approved way (e.g. PIM)
• Microsegmentation of the network to reduce the blast radius of a security breach and prevent lateral movement.
• End to end encryption, all data at rest and in transit is always encrypted.
• Continuous monitoring and analytics via our SIEM tools for threat detection.

How do you handle identity and access management (IAM)?

Our IAM strategy relies on the principle of least privilege across our internal and customer facing infrastructure.
To reduce risks, we implement:

• Mandatory MFA for all employees.
• Read-only privileges by default.
• Safe and controlled way to escalate privileges via Just-in-Time (JIT) access, requiring approvals and a justification with clear time limits.
• Workload identity federation to ensure controlled access for service accounts.
• Alert on suspicious activity, lateral movement detection and escalation to privileged roles.

Do you provide encryption for data in transit and at rest?

Encryption is always enabled by default for both data in transit and at rest following the latest reports on secure algorithms by multiple sources, such as NIST, and regular monitoring of encryption standards in use across the infrastructure and applications.

Are your solutions compliant with EU AI Act and GDPR?

Yes, we ensure compliance with all relevant regulations.

For GDPR: We implement architecture that supports “Right to be Forgotten” via data lifecycle policies and ensure strict PII segregation

For the EU AI Act: We implement logging for bias detection and model explainability, providing the technical audit trails required for high-risk AI system classifications

How is pricing structured?

Our pricing is subscription-based with transparent SLAs, plus a one-time fee for initial development and implementation. Here’s how it works:

For CloudOps Complete:

Your subscription includes:

• Infrastructure & Cloud Costs: passed through at cost, with no margin
• Tooling Costs: also passed through at cost, with no margin
• Managing & Operating Fee: for ongoing operations, releases and optimization
• 24/7 Monitoring & Alerting: for infrastructure and application errors

For AI Complete:

• Project to build your AI solution leveraging skyquest’s expertise and blueprints
• A subscription that includes:
  o Infrastructure & Cloud Costs: passed through at cost, with no margin
  o Tooling Costs: passed through at cost, with no margin
  o Operating, Monitoring & Support: recurring fee for lifecycle management

Do you offer pay-as-you-go pricing?

Not exactly, we offer a subscription model to ensure predictable costs and stable budgeting. Cloud and tooling pass-through costs may include pay-as-you-go components. However, these will be closely monitored to keep expenses low and prevent any unexpected charges.

Can I scale services up or down easily?

Yes, our agreements include built-in flexibility, so you can scale our services up or down as needed.

Do you provide proof of concept (PoC) before full implementation?

Yes. Before moving to full implementation, we deliver a structured Proof of Concept to validate feasibility and performance. Our PoC process includes:

1. Architecture Assessment: We analyze your current infrastructure and identify gaps or opportunities for improvement.
2. App Requirements Definition: Together, we define the technical and business requirements your application needs to meet.
3. Amelioration Strategy: We outline how to enhance your architecture for scalability, security, and efficiency.
4. Sample Infrastructure Creation: We build a lightweight version of the proposed infrastructure using best practices (IaC, CI/CD).
5. Test Your App: Your application runs on the sample environment to validate performance, compatibility, and security.

Do you offer managed Kubernetes clusters?

Yes, we specialize in managing complex Kubernetes environments across all major providers (EKS, AKS, GKE) as well as vanilla distributions on bare metal. We handle the entire control plane and worker node lifecycle, including:

• Seamless Upgrades: We perform non-disruptive rolling upgrades of the clusters and node pools to keep you on supported versions without downtime.
• Hardening: We apply CIS Benchmark hardening to the cluster configuration and implement Policy-as-Code (e.g., OPA Gatekeeper or Kyverno) to enforce security standards at the admission controller level.

What support do you provide? 

We provide comprehensive 24/7 monitoring and support via ticketing globally. 

Our on-call rotation ensures that there is always an engineer available to respond to alerts and incidents 24/7/365, regardless of your time zone.  

Our key differentiator is that we do not use Level 1 support agents or external call centers. When you raise an incident, you are immediately connected to the Platform Engineers who designed and built your infrastructure. This eliminates the frustration of explaining your architecture to a generalist and drastically reduces the time to resolution. 

For critical (P1) incidents, we guarantee a 30-minute response time, though our average reaction time is significantly faster. During an incident, the on-call engineer takes full ownership of the communication loop, providing regular status updates until the service is restored. 

Internally, we will also conduct a postmortem with a clear root cause analysis and prioritize follow up tasks to prevent the issue from happening again. 

Can you integrate with my monitoring tools (Prometheus, Grafana, Datadog)? 

Yes, we are fully flexible with observability stacks.

• Open Source: We can manage the OTEL or compatible collector and forward logs, metrics and other traces needed to your stack. 
• SaaS Solutions: We have deep expertise integrating with cloud-based monitoring and analytics platforms such as Datadog. We will setup agent instrumentation to send you all the information you need to monitor your application health. 

Can you migrate my existing infrastructure? 

Yes. We manage the end-to-end migration process, from planning to execution and validation to ensure minimal business disruption and cost control. 

Our migration methodology follows industry best practices (the “6 Rs” framework) and includes an initial discovery & dependency mapping phase, where we map out exactly how your services talk to each other to prevent surprise outages during the move, as well as a strategic phase where we select which components to “lift and shift”, while looking for opportunities to re-platform to gain immediate manageability and cost benefits. 

Do you provide cloud readiness assessments? 

Yes. We analyze your current application to identify gaps, risks, and opportunities. 

Our assessment covers: 

• Application Analysis: We assess your workloads for cloud-native compatibility (e.g., state management, local filesystem dependencies) and identify opportunities for improvements. 
• Gap Analysis: We deliver a report highlighting technical debt that must be resolved to prevent carrying legacy problems into the new environment, according to Cloud Adoption Frameworks (CAF).

Can you help with legacy system migration? 

Yes. We specialize in modernization strategies that help you move away from brittle legacy systems without risking business continuity. We avoid high-risk “Big Bang” migrations. Instead, we employ strategies that allow you to start using the cloud as quickly as possible such as: 

• Strangler Fig Pattern: Move specific functionalities from a monolithic application to the cloud in multiple phases, eventually retiring the old system altogether. 
• Containerization: Wrapping legacy applications in Docker containers to gain immediate benefits in portability, deployment velocity, and orchestration, while planning for deeper refactoring later. 
• Software modernization project: We help you transform your legacy application to a cloud native architecture.

Do you offer cost optimization workshops? 

Yes. We provide interactive sessions designed not just to cut costs once, but to instill a FinOps culture within your engineering teams. 

These workshops cover: 

• Granular Cost Analysis: We dive deep into billing data to identify waste and opportunities to re-platform, retire or repurchase certain services. 
• Commitment Strategy: We analyze your stable baselines to recommend Savings Plans or Reserved Instances. 
• Lifecycle Management: Implementing automated policies for storage (e.g., moving data to Glacier/Archive tiers) and computing (suspending non-production environments off-hours). 
• Tagging & Allocation: Defining a robust tagging strategy to enable Chargeback/Showback models, so you know exactly which team or feature is driving costs. 
• Budgeting and alerting: Define budgets and alerts on infrastructure costs, so that you can be immediately notified when reaching certain thresholds. 

Do you provide AI strategy consulting?

Yes, including strategy workshops and compliance roadmaps. 

How long does onboarding take?

Usually the onboarding takes 6-8 weeks; a more accurate estimation can be done once the initial phase of requirements and gap analysis is complete. The actual downtime for your customers, however, can be estimated spanning from a few seconds to a few hours depending on your application complexity. 

Glossary of Key Terms 

IaC (Infrastructure as Code): 

Automating the provisioning and configuration of infrastructure using code for consistency, repeatability, and scalability. Enables version control and rapid deployments. 

CI/CD (Continuous Integration/Continuous Deployment): 

Pipeline practices that automate code integration, security scanning (SAST, DAST, SCA), testing, and deployment to reduce risk and accelerate releases. 

Zero-Trust: 

A security model based on the principle of “never trust, always verify,” enforcing strict identity checks, microsegmentation, and least-privilege access across all users and devices. 

Kubernetes: 

An open-source container orchestration platform that automates deployment, scaling, and management of containerized applications across clusters. 

Containerization: 

Packaging applications and their dependencies into portable containers for consistent execution across environments. 

Blue-Green Deployment: 

A zero-downtime release strategy using two environments (Blue = current, Green = new). Traffic switches to Green after validation, enabling instant rollback if needed. 

Rollback Strategy: 

A controlled process to revert to a previous stable version of an application or infrastructure after a failed deployment or incident. 

GPU Clusters: 

High-performance computing clusters optimized for AI and machine learning workloads, enabling parallel processing for model training and inference. 

Observability: 

A comprehensive approach to monitoring system health using logs, metrics, and traces, often integrated with automated remediation and SLO tracking. 

FinOps: 

Cloud financial operations focused on cost visibility, optimization, and governance—ensuring predictable budgets and eliminating waste. 

Penetration Testing: 

Simulated cyberattacks performed by security experts to identify vulnerabilities and validate the effectiveness of security controls. 

ISO 27001: 

An international standard for information security management systems (ISMS), defining best practices for risk management and data protection. 

GDPR & Swiss DPA: 

Regulations governing personal data protection and privacy in the EU (GDPR) and Switzerland (DPA), including rights like data deletion and strict PII handling. 

EU AI Act: 

A regulatory framework for AI systems in the EU, focusing on transparency, risk classification, and governance for high-risk use cases. 

MLOps: 

Operational practices for managing the lifecycle of machine learning models, including versioning, CI/CD, monitoring, and rollback. 

IAM (Identity and Access Management): 

A framework for managing user identities, roles, and permissions, enforcing least privilege, MFA, and secure access escalation. 

SAST, DAST, SCA: 

Security testing methods integrated into CI/CD pipelines: 

• SAST (Static Application Security Testing): Scans code for vulnerabilities before runtime. 
• DAST (Dynamic Application Security Testing): Tests running applications for security flaws. 
• SCA (Software Composition Analysis): Detects vulnerabilities in open-source dependencies. 

RBAC (Role-Based Access Control): 

Access control method assigning permissions based on roles, ensuring least privilege and compliance. 

Data Residency: 

The physical or legal location where data is stored and processed, critical for compliance with sovereignty laws. 

Disaster Recovery (RTO/RPO): 

 Strategies and SLAs for restoring services after failures: 

• RTO (Recovery Time Objective): Maximum acceptable downtime. 
• RPO (Recovery Point Objective): Maximum acceptable data loss. 

Policy-as-Code: 

Defining and enforcing security and compliance policies programmatically within Kubernetes and cloud environments. 

LLMOps: 

Operational practices for managing large language models, including prompt versioning, evaluation, and governance.