“I don’t see here what you call sovereign!” Quentin Adam, CEO of Clever Cloud, says of Bleu and S3NS, joint ventures founded by Microsoft, Orange and Capgemini on the one hand, and Thales and Google Cloud. with another.
Deadline set for 2024
These joint ventures, which have just been announced, promise to bring offerings called “SecNumCloud” to market in 2024 for Bleu and more specifically in the second half of 2024 for S3NS. These terms are widely criticized. “The masks are falling: promises of certainty oversold in 2021 will remain an illusion for a long time to come,” wrote Yann Leschel, CEO of Scaleway, in an email to L’Usine Digitale.
“There are a lot of ifs,” notes Quentin Adam. “There is a high risk of the proposal being non-functional.” Indeed, these companies are betting on obtaining a security visa from the National Information Systems Security Agency (Anssi) within a relatively short period of time. However, the label has special requirements, recalls David Chassan, director of strategy for 3DS Outscale, Dassault Systèmes’ cloud subsidiary, which is already certified. “It’s too arrogant to say, ‘We’ll be SecNumCloud,'” he says. You can’t buy it on the shelf in the supermarket! It is not enough to put the data in a data center in France.”
OVHcloud, which also has a security visa, has the same reaction. “Compared to our experience, it’s a bit presumptuous to brag about getting a certification that requires significant effort and investment over the long term,” explains a company spokesperson. “On our end, at least it has been almost two years since we made the decision to invest in these solutions,” he adds.
Companies to choose?
Now it’s all about the choice for David Chassan of 3DS Outscale. “The IT decision maker can make responsible choices. Where Leclerc plays on the proximity of its food suppliers, it can also play on the proximity of the digital technologies available on the premises,” he notes. The link was not chosen by chance, E.Leclerc is a Google Cloud client.
“Sovereignty is not only a matter of cybersecurity, but also of the market,” analyzes Quentin Adam from Clever Cloud. “Do we really want to destroy the entire sector of the economy, which every year doubles its mass?” he asks. It should be noted that today American providers – Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform – are significantly ahead of European and French players in the French cloud market.
In the European market alone, they account for 69%, according to a study by Synergy Research Group, the results of which were published on September 21, 2021. Among European players, Deutsche Telekom leads with… 2% market share. . The German is followed by companies such as OVHcloud and Orange, but their market shares fell between the first quarter of 2017 and the second quarter of 2021.
Opportunity to consolidate the French and European ecosystem
However, according to David Chassant, the French ecosystem “should not be ashamed.” Vice versa. “We’re just as good or even better at the same price as AWS,” he says. For OVHcloud, this is a great opportunity to consolidate the ecosystem on a European scale to “demonstrate that there are relevant, affordable and already available solutions”, while Bleu and S3NS receive the famous sesame from the National Information Systems Security Agency (Anssi).
Quentin Adam acknowledges that it is also a matter of political will. “Indeed, he lacks political enthusiasm,” he replies. “If we want Europe to have a technology industry, we will have to support it, and it would be good to stop enjoying information that is not good news.”
Proposals in line with state doctrine
Indeed, let’s not forget that future Franco-American proposals are in line with the “cloud in the center” doctrine introduced last year by the government. This allows “hybrid offerings” to be compatible with “trusted cloud,” a security label that includes compliance with the SecNumCloud repository.”
“Services can be licensed by companies around the world, allowing French companies and administrations to enjoy the most innovative services,” you can read on the website of the Inter-Ministerial Digital Authority (Dinum). These solutions will need to host their infrastructure and manage their systems in Europe. In addition, the operational and commercial support of the proposal must be provided by a European organization owned by European players.
Therefore, it remains to be seen whether Anssi will approve these proposals. The latter will also need to comply with the requirements of a future European cloud computing certification scheme to be adopted by the European Network and Information Security Agency (ENISA). The “high” level should include a commitment to immunity from extraterritorial laws. “All this must be preserved, even if the Americans are already maneuvering to distort this initiative,” says David Chassan.