In this article, I propose a guide to all those who are looking for a trusted sovereign cloud solution. The objective is to lay down the fundamentals, and to get out of the false pretenses, which give the advantage to the American entryism. What I’m going to share are some basic and clear elements to help you in your choices.
Sovereign cloud, trusted cloud, what are we talking about?
Industrial and especially digital sovereignty was a topic that was present in low tones during 2019. The subject has become a major economic and political issue, following the covid-19 pandemic, which has undermined the concept of happy globalization.
One of the emblematic events of this problem of digital sovereignty, which led to the birth of the PlayFranceDigital collective, was the choice of Microsoft Azure to host our health data (Health Data Hub (HDH) / Data Hub Santé) (Effisyn – 21 mai 20).
Faced with the uproar caused by this affair, the government first put forward the idea of creating a sovereign cloud. At the same time, a similar initiative was launched at the European level with Gaia-X, even if this last initiative was already carrying the seeds of its failure!
Then, faced with the entry of the #MAGAF (Microsoft Apple Google Amazon), and under the pressure of the big French ESN (Effisyn SDS – 06 Dec 21), the government has opted for the vague concept of a trusted cloud, where French players (the big ESNs and some telecom operators) could operate a “sovereign” cloud with American technologies… It is enough to make you wonder! We are walking on our heads.
The subject of digital sovereignty, although simple, has difficulty in “percolating” in the minds of our ruling classes. This is partly due to the hegemony of American actors, who thanks to their huge cash reserves, can lobby, which I find at the limit of corruption, within the various French or European structures. The conclusion is that if we do not drastically redress the balance, we will destroy the possibility of seeing a large player emerge at the European level. However, we have a great opportunity in France because we have three national players in whom we can have full confidence: #Scaleway, #Outscale or #OVHCloud.
What are the points that allow us to define if a cloud is untrusted?
For me, and like many French digital players, this is in fact the key issue. The simplest thing is to define the criteria that make the proposed cloud solution untrustworthy.
This approach, which seems relevant to me, was discussed by Yann Lechelle, CEO of Scaleway in my video interview of November 24, 2021. So, what are these famous criteria?
1.The data is physically hosted in France (or in Europe). This allows the data to be protected from American extraterritorial laws such as the Cloud Act, the Patriot Act or the FISA.
2.Cloud solution providers are not themselves subject to these extraterritorial regulations.
3.The software solutions implemented by the Cloud Providers are not at risk from U.S. technology embargoes or any other foreign entity.
4.The software solutions offered by the provider are auditable, so that it can be ensured that there is no intentional or unintentional backdoor in these software solutions
5.The vendor’s corporate assets are sovereign.
Here are 5 criteria to define whether the Cloud is trusted or not. When reviewing these, we can see that none of the American or Chinese players meet these criteria. And I’m not getting ahead of myself by saying that the future project of Cloud Blue (Orange – Cap Gemini) will not meet the criteria.
We can imagine a score ranging from 0 to 5, with 0 for players who have no trust/sovereignty criteria and 5 where all the criteria are met.
This terse proposal is, I think, well-founded. If all the players in the French cloud or hosting industry would play the game and agree to create a recognized label based on these 5 main criteria, it would be a big step towards a real clarity on the positioning of each.
It is time to stand up against the hegemony of the #MAGAF, and to give clarity to customers who are looking for cloud solutions and want to have a clear visibility on the risks taken in legal or geopolitical terms (risk of embargo). We must impose this label, to avoid the government to continue its mistakes.