From sovereign cloud to trusted cloud
Digital sovereignty is a subject that is now widely discussed in the UK, and in Europe. It is a major concern for governments and the European Commission. This is reflected through various initiatives, such as the GAIA-X project, which promotes Europe’s strategic independence with regards to data and cloud infrastructures. States, territorial organisations and private companies must be able to rely on trusted solutions. What would a sovereign European cloud look like? How do the various projects launched in Europe play a part in fostering a climate of trust in the world of data?
The sovereign cloud, as defined in previous national projects, has now been replaced by an open, reversible and transparent cloud. OVHcloud is one of its strongest advocates.
Definition of a sovereign cloud
Digital transformation is accelerating every day. It is driven by new needs brought about by the COVID-19 crisis, across Europe and globally. Our use of IT tools and the internet is reflected in every aspect of society. Today, these uses need to be organised — particularly when managing the infrastructures and platforms on which they are based. When a cloud provider offers sovereign solutions, it ensures that its infrastructure and processing operations are carried out in strict compliance with the rules in effect. This is to protect freedom of choice for its users, as well as data confidentiality and sovereignty. These rules are enforced in whichever countries the provider operates and offers its services in. In other words, the provider complies with regulations, and ensures that data is protected from any interventions other than what the customer carries out. Being a trusted cloud player involves ensuring that no extraterritorial rights apply to data, and that the data is not used by third parties — whether it is to power AI algorithms, or contribute to the enrichment of monolithic platforms.
Why is the concept of a trusted cloud important?
Companies, organisations and governments alike should provide users with a trusted service. By relying on a trusted cloud, you can ensure compliance with local and international laws when processing individual data. Whether the data is stored for or generated by the users, it should never be subject to external interference. To achieve this in the digital world, providers need to control the scope of use, and master the most widely-used IT technologies. Preserving freedom of choice, strengthening the control of digital tools and protecting reversibility within states are becoming crucial challenges.
By fully exercising sovereignty, we can guarantee the ability to act in an increasingly complex digital world. It is all the more important for some organisations. This is the case for Operators of Vital Importance (OVI) and Operators of Essential Services (OES), for whom transparency and security are paramount in data processing. It is also a growing expectation for users. Public institutions — as well as healthcare or banking establishments — must play a vital part in protecting the data entrusted to them. Specific cloud certifications, such as HDS (healthcare data hosting) and PCI DSS (payment card data processing) are also required.
What are the trusted cloud initiatives in France and Europe?
Europe’s digital ecosystem is buzzing, with the emergence of various initiatives in recent years.
The cloud in France benefits from the advantages of the state, which accelerates its use within institutions. To guide this transition, it has developed a doctrine on the use of cloud computing by public administrations. The National Agency for Information Systems Security (ANSSI) has created the SecNumCloud label, which aims to identify trusted cloud service providers. This includes Infrastructure as-a-Service (IaaS), Platform as-a-Service (PaaS) and Software as-a-Service (SaaS) providers.
Different cloud providers are also involved in different projects. Among them, the Cloud Infrastructure Services Providers in Europe (CISPE) association brings together several European providers. Its aim is to bring a framework and standards to the cloud computing sector. In accordance with the CISPE code of conduct, IaaS providers then offer services that meet the standards in effect — which means customers can rest assured that their data will be processed in compliance with the General Data Protection Regulation (GDPR), for example.
OVHcloud is also a founding member of another European initiative: GAIA-X. This project works to build a secure and sovereign digital ecosystem. The passion for adopting trusted cloud solutions is also gaining momentum in several countries — with the C5 standard in Germany, the AgID certification in Italy, and the G-Cloud initiative in the UK as examples of this.
How does OVHcloud act as a cloud provider?
Data protection: OVHcloud is a signatory of the CISPE code of conduct, approved by the European Commission. It should facilitate GDPR compliance for cloud service providers, by offering methods and solutions.
Security: We do everything we can to ensure maximum protection for the services we offer. Our solutions comply with all applicable regulations, and meet a range of certifications. These include SecNumCloud (cloud industry certification), HDS and PCI DSS (sector-specific certifications).
Reversibility: We are truly committed to reversibility, which is essential for our open ecosystem. Users must have the freedom to migrate their current services without any obstacles. This is why OVHcloud is a signatory of the SWIPO Codes of Conduct, which aim to simplify the process of changing cloud providers for customers. They also offer users total freedom to orchestrate multi-cloud or hybrid-cloud strategies.
Transparency: Transparency is at the heart of our projects, and is an important value for us. For example, our Open Trusted Cloud program offers clarity, accessibility and privacy for data. Similarly, transparency is part of the rules for GAIA-X, of which OVHcloud is a founding member. As such, our customers are always informed of the location of the datacentre where their data is hosted, as well as the legal status applicable to it.
Providing a secure and trusted cloud for all organisations
OVHcloud’s public and private cloud solutions represent a real advantage for organisations undergoing digital transformation. Customers can pick options ranging from additional IT resource deployment to hybrid cloud and fully-managed infrastructures. Cloud hosting is a great opportunity for companies seeking to develop a powerful infrastructure, without having to increase their budget. We also offer data storage for the public sector.
There are many advantages to using a cloud service, and its strength lies in the flexibility it offers. For example, users can modulate computing power and add storage without the need for manual interventions to be performed on the hardware. Cloud products also come with a range of additional services, such as automated backup and disaster recovery plans.
A secure infrastructure, transparent billing and high-performance storage services are all major assets for a successful project with targeted uses, such as big data environments. This is the case whether the customer is looking to adopt a cloud-native approach, or deploy the first building blocks of their cloud migration. This is how cloud technologies — and virtualisation in general — facilitate workloads.
Open-source cloud data storage - the key to unlimited innovation
Our Public Cloud solutions are based on open-source standards. We ensure that our users have full reversibility for the data transferred on their servers, so that they can use a familiar infrastructure and cloud environment. There is also a reduction in costs, since the tools and software that can be deployed are free of charge. Scalability is encouraged, and hybrid architecture is greatly facilitated. With open standards and documented APIs, you can operate in a trusted product universe with no risk of vendor lock-in. Your freedom of choice remains intact.