Migration to the Cloud of the public sector, or how to master the challenges of protecting sensitive data

Migration to the Cloud of the public sector, or how to master the challenges of protecting sensitive data

The Canton of Zurich gives the green light for moving to the cloud of Microsoft 365.

Positive Thinking Company Switzerland welcomes this decision, which is in line with the Federal Council’s “Cloud Strategy” and could inspire other cantons as well as public organizations concerned with the protection of sensitive data.

The strategy adopted by the Federal Council for the efficient and orderly use of cloud services allows the federal administration to access cloud services offered by the only referenced providers, namely: Amazon Web Services EMEA Sàrl, IBM Suisse SA, Microsoft Suisse Sàrl, Oracle Software Suisse Sàrl and Alibaba. In addition, the federal strategy introduces special precautions to address the challenges caused by the switch to the cloud (location of data storage, hosting of sensitive data, transfer of personal data abroad, access to data upon request by authorities, particularly American authorities, sovereignty, etc.).

Sommaire

What are the benefits of moving to the cloud for public sector organizations?

While everyone agrees on the traditional benefits of the cloud, we would also add that the cloud offers specific benefits to the public sector. In general, the cloud allows companies to:

On the other hand, several advantages of the cloud are particularly relevant to the public sector. When an administration moves to the cloud, it increases its attractiveness and ensures the continuity of its services by providing them to citizens online. This trend peaked during the Covid-19 period when many public services accelerated the dematerialization of their administrative procedures. As a result, the services offered benefit in many ways:

The challenges of the cloud in the public sector

Despite the obvious and proven benefits of moving to the cloud, its adoption is slower in the public sector. There are several reasons for this, both internal and external to the cloud migration project.

Internal Factors

On the one hand, the internal factors include elements that are specific to any project of this scale: the opportunity for such a change, the level of maturity of the project (strategic arbitration, availability of resources (budget, equipment, human resources), the level of maturity of the structure concerned (departments, teams), the financial stakes (estimates of potential gains, reallocation of expenses, ROI measurement) and the consideration of risks associated with the project. Without exaggerating things, considering that switching to the cloud is a major change for an organization, it appears that public services are also constrained by political choices and orientations taken at the highest level.

External Factors

On the other hand, external factors also explain the slow adoption of the cloud by public services.

However, the reassuring news in the face of these challenges is that public services can count on practical solutions such as those offered by Positive Thinking Company, which is already helping many demanding customers with their cloud migration projects.

Conditions for a successful migration to the cloud

Positive Thinking Company recommends a 3-step approach:

  1. Assess your maturity level for switching or adopting cloud services. It is just as important to measure the pros and cons of the cloud as it is to know whether you’re ready to move or not. To learn more, we invite you to reach out to our cloud experts who have developed a Cloud Readiness Assessment solution.
  2. Obtain sufficient guarantees regarding the protection of the data entrusted to your service provider (CSP Cloud Service Provider, Data Host, etc). This can take the form of specific measures (a binding service contract, a prior or periodic audit of the service provider, etc.) and/or specific devices to be deployed (pseudonymization, anonymization, data encryption, etc.).
  3. Analyze the risks to which your information system is exposed in order to determine the priority assets, resources, applications, data, departments, services and functions to move to the cloud. A data protection impact analysis will also be performed if personal data is involved.

Ultimately, depending on their level of risk appetite, their environment and their level of requirement, public services will be more or less inclined to move to the cloud. In any case, the decision of the Canton of Zurich should be emulated because it is in line with the directions taken at the federal level. However, we should not lose sight of the fact that administrations manage a large volume of data, particularly sensitive data, which must be protected. This point deserves special attention and should continue to influence organizations’ decisions about the cloud. Indeed, the risks that weigh on the processing of sensitive data (storage, archiving, transfers, etc.) are quite significant and lead decision-makers to take additional measures or guarantees to protect sensitive data.