Is the sovereign cloud just a fantasy?

Announcements around data sovereignty have been on the rise in recent months, such as the one made by eight French companies on October 18, 2021. Atolia, Jalios, Jamespot, Netframe, Talkspirit, Twake, Whaller and WIMI claim to be able to offer “a credible alternative” to Microsoft 365, Microsoft’s cloud-hosted office suite (formerly Office 365).

Exit Microsoft 365
This announcement is a response to the ban (with exceptions) on the use of Microsoft 365 by government departments. A decision made by the inter-ministerial digital director, Nadi Bou Hanna, in a circular published on September 15, 2021.

With the announcement of a new solution by these eight companies, which is really just a rebranding of various competitor solutions, these companies take pride in responding to the “sovereign cloud” problem. “We have heard speeches about the importance of creating a sovereign cloud for almost a year. Now we must take action,” Alain Garnier, Jamespot president and group spokesman, said in a press release. It refers to the government strategy “The cloud in the center” presented by the Minister of Economy, Bruno Le Maire, in May 2021.

The cloud, yes … but not just any
The objective of this doctrine is to make the cloud “the default mode of hosting and production of state digital services, for any new digital product and for products in the process of substantial change”, we can read on the website of the interministerial digital department (Dinum ). .

Consequently, government services must now be hosted in “one of the two inter-ministerial clouds within the State or in the cloud offerings offered by manufacturers that meet strict security criteria”, that is, the “SecNumCloud” repository of the National Information Systems. Security Agency (Anssi). Currently, only three companies – Oodrive, 3DS Outscale, OVHcloud – have received this precious sesame for some of their activities.

Therefore, with this new regulation, the government is particularly targeting the cloud as an infrastructure. The services stored in clouds that comply with this doctrine are really only secondary, and the choice of an office suite for administrations is not an important strategic issue. In fact, if Whaller can boast of offering a sovereign communication platform, it is because it is hosted on the Hosted Private Cloud, SecNumCloud’s private cloud certified by OVHcloud.

The cloud market captured by AWS, Azure and Google
However, in the cloud market, the French players are completely at stake against the giants Amazon (Amazon Web Service), Microsoft (Azure) and Google (Google Cloud Platform). The figures are not misleading: they capture 69% of the European market alone, according to a study by Synergy Research Group, the results of which were published on September 21, 2021. And their market shares continue to grow thanks to colossal investments. Nearly € 14 billion has been invested in the last four quarters to upgrade and expand its regional network of hyperscale data centers.

Among European players, Deutsche Telekom leads the way with 2% of the market share. Germany is followed by companies like OVHcloud and Orange, but their market shares fell between the first quarter of 2017 and the second quarter of 2021. To be successful anyway, these companies must “remain focused on use cases that have sovereignty stricter data and privacy requirements, “said John Dinsdale, chief analyst at Synergy Research Group. This positioning is all the more strategic since the invalidation of the Privacy Shield by the Court of Justice of the European Union in July 2020.

This text, which allowed the transfer of data to the United States, was cut because the judge considered that the US law did not comply with the requirements of the General Data Protection Regulation (GDPR). It is the ability of US authorities to access the data of European citizens if it is hosted on a US cloud provider that was at the center of the dispute. Without a major change in US law, the completion of a new Privacy Shield appears totally compromised.

The consequences of invalidating this text are not yet clear. For some experts, the use of US providers is borderline legal. For others, particularly large US companies (the first to be affected), the implementation of technical safeguards, such as end-to-end encryption, is sufficient to protect data and comply with European legislation.

Licensed Marketing: A Trojan Horse?
The French government chose not to decide between these two visions, proposing a third way that leaves the door open to US companies. They can offer their services under licenses granted to French companies. This is how Google Cloud signed an agreement with OVHcloud (about which we are still awaiting news), then with Thales in October 2021. Microsoft for its part has approached Orange and Capgemini through a dedicated entity called “Blue”, whose release date is still unknown to this day. Only Amazon has yet to announce a partnership.

These companies promise that their hybrid solutions will have the famous “SecNumCloud” label. Provided that the data is really out of the reach of the United States, Anssi recalls in a new version of its reference system published in September 2021. It contains details on “the clarification of the criteria for immunity against non-EU laws.” This covers in particular “technical requirements aimed at limiting access to the technical infrastructure of the service by third parties and uncontrolled transfers and the precise legal requirements related to the service provider and its links with third parties”. In short: after the announcement effect, real guarantees will have to be put in place for these solutions to be viable.

The Health Data Hub scandal
But, pending these hypothetical labels, the position of the government and the specialized authorities is far from clear. The Health Data Hub affair is one such example. The hosting of this huge health database was entrusted to Microsoft Azure without a tender. A choice challenged by the invalidation of the Privacy Shield. “I fully share your concerns regarding the risk of disclosure of the data hosted by the platform to the US authorities with the choice of the Microsoft company,” wrote Health and Solidarity Minister Olivier Véran in a letter in November 2020. “new technical solution “should then be adopted in” a period that is, as far as possible, between 12 and 18 months “.

Unsurprisingly, as of October 2021, Azure is still hosting the Health Data Hub. “In a data center located in the Paris region”, no longer in the Netherlands, he tried to reassure Stéphanie Combes, director of the Health Data Hub, in February 2021. However, as a reminder, the application of the American CLOUD Act does not depend on the geolocation of the data but on the nationality of the service provider. A Microsoft data center, even if it were hosted on the Elysee, would be subject to it.

Doctolib uses AWS to host data
Public services are not the only ones affected. Doctolib has experienced a similar problem. As part of the vaccination campaign against Covid-19, the Ministry of Health has entrusted the management of vaccination appointments on the Internet to several providers, including Doctolib. For the purposes of hosting your data, you use the company AWS Sarl, which is a subsidiary of Amazon Web Services.

Given this fact, the health professional associations and the unions asked the judge of the Council of State to suspend the alliance concluded between the Ministry of Health and Doctolib. They considered that the hosting of the data by a subsidiary of a US company carried risks in the face of possible requests for access by the US authorities.

The administrative judge refused to terminate the association, stating that Doctolib and AWS have concluded “an additional addendum” that establishes a precise procedure in case of requests for access to data by a public authority.

Gaia-X or the European false cloud
To compete with major US providers, European initiatives such as Gaia-X have also emerged. This project aims to establish a coherent European cloud computing offering by identifying existing infrastructures and services around very specific criteria.

However, the association has many foreign companies among its members, such as Salesforce, Huawei, Palantir, Oracle … Their membership “says nothing about the registration” of their services “in the catalog of services labeled as Gaia-X”, Jean-Luc Beylat, president of the Systematic Paris-Region competitiveness cluster, Bernard Duverneuil, president of Cigref and Gérard Roucairol, honorary president of the Academy of Technologies, explained in a forum.

Therefore, it is quite possible that in the future US and Chinese suppliers will remain members of Gaia-X but will not have any of their offerings in the catalog. “They will be a bit to listen to what is happening and feel the wind,” said Hubert Tardieu, president of the board of directors of Gaia-X.

A detachment that underlines that these large companies do not need Gaia-X to continue their activity in the European market. In fact, Gaia-X is not an entry into this market, but an incentive to use European solutions. If public entities and companies do not play the game, by choosing them over foreign services, Gaia-X will be of no use.

A remake of Andromeda?
Therefore, the situation is quite cacophonous. And remember the “Andromède” project that aimed to develop a sovereign cloud “à la française” and that Prime Minister François Fillon wanted in 2009. “It is absolutely necessary to be able to develop a French and European alternative in this area, which is experiencing a exponential development, which is currently dominated by Americans, ”he said at the time, proof that the issue has been a cause for concern for a long time.

Financed with an endowment of 150 million euros, a company would be formed around Orange, Thales and Dassault Systèmes. Following a disagreement, the initial project was split into two new projects: Cloudwatt (Orange / Thales) and Numergy (SFR / Bull replaced Dassault Systèmes). This reorganization was not enough as in 2014, Cloudwatt had generated only two million euros in revenue and Numergy six million euros. The first, wholly acquired by Orange, finally closed its doors on February 1, 2020. The second disappeared during the review of SFR’s cloud activities in 2017.

No investment, no sovereign cloud
It remains to be hoped that the Andromeda failure does not happen again. On the other hand, one thing is certain: the so-called “sovereign” cloud is not for tomorrow, according to the President of the Republic, Emmanuel Macron, who is definitely quite lucid about the current situation.

“Will we have a totally sovereign cloud at 5 years? There are more experts than me in the room, I think it is not true to say that to ourselves, because it takes us a long time and because the difference in investment between the European and the American sheet is a factor of 10 today among private players, “he declared during the presentation of the” France 2030 “plan on October 12, 2021. However, it is imperative to” secure the most sensitive bricks “and” invest in the most sensitive “. sovereign elements to ensure our ecosystems ”, added the Head of State.

Woodmart Theme Nulled, WP Reset Pro, Newspaper 11.2, Newspaper – News & WooCommerce WordPress Theme, Premium Addons for Elementor, Rank Math Seo Pro Weadown, WeaPlay, WordPress Theme, Plugins, PHP Script, Jannah Nulled, Elementor Pro Weadown, Woocommerce Custom Product Ad, Business Consulting Nulled, Jnews 8.1.0 Nulled, Avada 7.4 Nulled, Nulledfire, Dokan Pro Nulled, Yoast Nulled, Flatsome Nulled, PW WooCommerce Gift Cards Pro Nulled, Astra Pro Nulled, Woodmart Theme Nulled, Slider Revolution Nulled, Wordfence Premium Nulled, Elementor Pro Weadown, Wpml Nulled, Consulting 6.1.4 Nulled, Fs Poster Plugin Nulled

Back to top button