3 keys to building a robust hybrid cloud risk strategy