What are the best technology and infrastructure options for companies to build and preserve their digital sovereignty? Various options exist, from so-called “on-premises” infrastructure to datacentre hosting and public or private cloud. But what is the right choice?
In February 2022, twelve European Union member states expressed their willingness to allocate €7 billion to an Important Project of Common European Interest (IPCEI) to develop a European sovereign cloud.
Following the suspension of the Cloudwatt and Numergy sovereign cloud projects, other initiatives are emerging to provide a trusted cloud offer, like project “Blue” from Orange and Capgemini, which provides services to public administrations and essential service providers.
Digital sovereignty has become a strategic issue for countries, but also for companies, enabling them to operate in an environment where the value chain is entirely under their control. This requires computing tools that are not critically dependent on third parties where there is potential for conflicts of loyalty.
For the company, digital sovereignty guarantees independence from providers outside Europe, control over data ownership and compliance with data regulations (personal data, health data, etc.).
The issue is all the more pressing because the Cloud Act poses a serious threat to digital sovereignty. This new American law adopted in 2018 essentially enables the United States administration to secretly seize all digital data stored on American servers overseas.
“The hybrid cloud guarantees a company’s digital sovereignty without restricting its activity.”
Of course, the main cloud providers worldwide are American: Azure, AWS, GCP, etc. Data sovereignty thus becomes a particularly complex equation to solve, as compliance with European laws imposes limits on the transfer of personal data outside the European Union.
Different technology options
In response to this double bind, European businesses have access to various technological options. The first is to create their own proprietary on-premises infrastructure. This has the advantage of total control over the infrastructure and costs. On the other hand, the space allocated to IT cannot be extended ad infinitum. This requires physical space, a standards-compliant facility, and maintenance of all the additional non-IT equipment (climate control, inverters, fire safety, etc.).
However, one variant does remove the need to operate an internal computer room, the physical space constraints, sizing, redundancy and non-IT infrastructure maintenance: hosting in an external datacentre.
This simply means relocating the infrastructure to a hosting company that will provide the physical space, climate control and power supply, and maintain all non-IT equipment. In other words, a choice that poses no problem in terms of digital sovereignty.
A second solution involves using private cloud infrastructure hosted in a datacentre where a third party provides computing solutions, storage and related services. This can be a dedicated or shared solution depending on customer constraints and needs.
In this case, the hosting company’s processes must be carefully studied to ensure that they meet security requirements (certifications, compartmentalisation, compliance, etc.). The shared option offers more dynamic resource management: in the event that its activity increases sharply, the business with a dedicated solution will have greater difficulty in mobilising new resources quickly.
Advantages of the hybrid cloud
To enjoy an improved level of security, there is the possibility of subscribing to a sovereign cloud solution with the ANSSI (French national information systems security agency) “Trusted Cloud” label. This “SecNumCloud” label and guidelines make it possible to identify the providers best placed to meet requirements for a sovereign cloud. However, the list of providers so far remains relatively short.
The public cloud can offer real advantages. Its power and availability make it possible to respond quickly to sudden increases in workload. It also allows rapid application deployment. However, given its current limited protection, it is realistically more suited to non-critical applications.
Of course, it may be beneficial to mix the different options – e.g. to outsource IT infrastructure but keep it on-site or hosted – depending on specific requirements. This is where the hybrid cloud excels, guaranteeing a company’s digital sovereignty without restricting its activity.