Skip to Content

Sovereign cloud opens the door to transformation in the public sector

Marc Reinhardt
13 Oct 2022

The rise of sovereign cloud solutions brings new answers to longstanding data, technology, and operational concerns. In doing so, it allows public sector organizations to fully benefit from cloud while staying in control.

Now is the time for public sector organizations to adopt cloud technologies. The pandemic has pushed them to do even more for less, faster – digitalizing analog services while creating new services that are born digital.

This has led many to look at technologies that offer the agility and scale they need to transform, including cloud. Yet until now, compliance concerns have led to patchy adoption across the sector, particularly among governments in Europe.

Sovereign cloud solutions can address these concerns. How? By allowing public sector organizations to benefit from the efficiency and cost effectiveness of a cloud model, within the ring-fenced parameters of a national (or regional/organizational) jurisdiction. That’s why I believe all public sector organizations need a level of sovereignty, not just over their data but also over their operations and technology. Here, I look at what’s been keeping them away from cloud, and suggest some steps to consider on the path to sovereignty.

Protecting personal and politically sensitive data is key to public trust

Concerns around the security and sovereignty of data have been a barrier for many governments, and with good reason. Governments possess profoundly personal information on citizens’ lives, from their health records to data held by tax authorities, welfare agencies or law enforcement. They also hold data that’s vital for national security and defense.

The ability to protect this sensitive data is fundamentally connected to the public’s trust in government. Migrating it to the cloud is bound to be an unnerving concept. Once the data has moved, who has control of it? If it’s stored or processed in another jurisdiction, what laws is it subject to? Will persons or agencies in other jurisdictions be able to access the data? And how will transparency and accountability be guaranteed?

Sovereign cloud offers an effective Plan B

The war in Ukraine and its ongoing geopolitical repercussions have reinforced the need for governments to have sovereignty over their supply chains and IT. Eliminating the potential for surveillance or espionage is one imperative. Being able to switch to alternative providers for critical parts of the cloud and data value chain is another. Why? In case a country that’s home to a key technology provider decides to use that technology as way of exerting leverage.

This year’s Russia-European Union gas dispute has been a cautionary example of leverage in action – in that case, European reliance on Russian gas. Europe has applied sanctions and committed to reducing its demand for Russian gas, while Russia has lowered or suspended flows of gas westwards, driving up global energy prices. European policymakers want to avoid a similar scenario playing out in the digital domain. Sovereignty offers the Plan B they need to mitigate that risk, and governments are making it a key goal as they approach the cloud. For example, in 2020, the EU’s GAIA-X framework established an ecosystem that will enable users to share their data while retaining sovereignty over it. Our analysis also found that 76% of public sector organizations believe their organization will adopt cloud sovereignty to ensure compliance with regulations and standards.

Three potential steps on the path to sovereignty

Sovereignty makes you master of your own domain, able to control the decisions being made. It also offers a way to safeguard key values such as data privacy. But there are different levels of sovereignty, and no one solution fits all. These steps may help you consider the options.

Start by building a clear picture of your application and data landscapes

When defining a cloud strategy that could include sovereign cloud environments, carefully evaluate your workloads and data. Understand what needs to run where and when it’s OK to use an out-of-the-box solution, such as for open data that’s freely available. Different workloads can be allocated to different cloud environments as appropriate: your own virtualized datacenter, sovereign cloud, or public cloud.

This multi-cloud model looks set to be a feature going forward. In our analysis, 31% of public sector respondents felt the best option would see confidential data on a local sovereign cloud and the rest on a public cloud.

Decide the level of sovereignty you need (“none” is an option)

A sovereign cloud comes at a price and may have fewer capabilities. So, in some instances, a “vanilla” cloud solution from one of the global hyperscalers ­– with or without additional security features – will be enough.

For governments seeking a higher level of sovereignty, with more independence, a number of routes are now available. These include:

  • Investing in a homegrown public cloud, such as OVHcloud in France and IONOS in Germany. While these national suppliers might not offer all the features of the largest hyperscalers, they meet the criterion for technological sovereignty.
  • Opting for a “cloud de confiance” (trusted cloud) such as Bleu, the solution from Capgemini and Orange in France due to go live in 2024. This will be built on the leading cloud technology of a hyperscaler (Microsoft) but with the platform fully under French and European jurisdictions. Control of the cloud-based applications will be from within an isolated infrastructure that uses data centers located in France.

Encourage users to adopt the technologies

Whichever route you take, bringing a sovereign strategy to life demands hyperscaler-thinking when it comes to the user experience. Yet in some early public sector sovereignty initiatives, complex rules and cumbersome tools made access to systems or data less than intuitive.

The bottom line is that services on a sovereign cloud should be as easy to consume as those the hyperscalers provide, and similarly priced. Be vigilant about “cloudwashing”, though. Not all providers who say they offer cloud services really do, and virtualized data centers do not automatically bring cloud-like capabilities such as on-demand scalability.

Finally, where sovereignty is the goal, rules must be enforceable. That’s both to protect a person’s data and to empower them to use that data to achieve outcomes without compromising their privacy.

Realizing the potential of sovereign cloud

At Capgemini, our vendor-agnostic advisory approach enables us to consider all the avenues for incorporating sovereignty into broader government cloud transformations. We can identify where sovereignty is a requirement and identify the use cases for a sovereign cloud. Or we might recommend containerization and encryption for a certain workload to meet data privacy and sovereignty requirements. It can then run on the public cloud, but be portable enough to move to a sovereign cloud if needed.

It’s exciting to have these different bridges to the cloud at a time when governments and the wider public sector face many challenges. Cloud helps address those challenges, while sovereignty, as a component of a wider cloud solution, breaks down barriers to adoption.

To this end, we work with our clients to migrate them to the right cloud platforms for them. We evaluate the cloud vendor solutions against their needs in the three core sovereignty areas of data, operations, and technology, and we help to build a strong technology architecture. The result? With the right level of sovereignty (either fully sovereign or as part of a multi-cloud landscape), public sector organizations now have an opportunity to benefit from the cloud, without worrying about losing control of their digital futures.

Find out more

Author