Cloud environments consist of various cloud services and cloud-native resources, which are partly managed by the cloud service provider. These cloud services differ from each other in level of control, customer responsibility, and costs. For hosting a SaaS product, the SaaS vendor needs to go through the tasks of identifying, combining and deploying the services and resources to create a cloud infrastructure, that fulfils the application's requirements and is information secure.

Designing and building an information-secure cloud environment requires acknowledging the security aspects related to cloud infrastructure. This master’s thesis goes through a case study about Evitec’s product hosted currently in AWS, aiming to create a suitable and information-secure environment for it in Azure. The transfer considers identifying the key services on the current cloud platform and identifying the corresponding services in Azure. Given the application processes personal data, it is crucial to take infrastructure security into account. This requires researching the security aspects of the cloud services and resources in question. The SaaS vendor is responsible for configuring the resource-specific configurations to be information secure.

The information security of the case study's environment is based on the theory about security in cloud environments and the specifications from Azure-native services and resources used. The evaluation of information security for the case study's environment was done with Microsoft Cloud Security Benchmark (MCSB), a list of security controls for Azure and AWS. MCSB consists of controls, which provide prescriptive best practices and recommendations for security in the cloud. Azure also offers automatic evaluation of MCSB compliance based on automated checks, which were useful in the study. With automatic evaluation, the environment's information security can also be upheld in the future. In the study, MCSB was limited to controls regarding infrastructure security and a single project level, which also means that they could be implemented in the Bicep scripts.

Azure Bicep is a cloud-native IaC tool for infrastructure management. Bicep is built on top of its predecessor, ARM templates, and thus works with the same ARM API. Bicep was used for deploying the cloud infrastructure of the case study. In addition, an open-source module library, called CARML, was used in the deployment scripts. Bicep was of great assistance, especially through the use of Microsoft Visual Code's extension for Bicep, which in practice described the resource declaration from the ARM API to the script developer. The extension also listed the compulsory and optional configurations and validated their values.