The Canton of Zurich gives the green light for moving to the cloud of Microsoft 365.
Positive Thinking Company Switzerland welcomes this decision, which is in line with the Federal Council’s “Cloud Strategy” and could inspire other cantons as well as public organizations concerned with the protection of sensitive data.
The strategy adopted by the Federal Council for the efficient and orderly use of cloud services allows the federal administration to access cloud services offered by the only referenced providers, namely: Amazon Web Services EMEA Sàrl, IBM Suisse SA, Microsoft Suisse Sàrl, Oracle Software Suisse Sàrl and Alibaba. In addition, the federal strategy introduces special precautions to address the challenges caused by the switch to the cloud (location of data storage, hosting of sensitive data, transfer of personal data abroad, access to data upon request by authorities, particularly American authorities, sovereignty, etc.).
What are the benefits of moving to the cloud for public sector organizations?
While everyone agrees on the traditional benefits of the cloud, we would also add that the cloud offers specific benefits to the public sector. In general, the cloud allows companies to:
- Reduce investments by transferring capital expenditures (CapEx) related to the acquisition of IT equipment to operating expenditures (OpEx) related to subscriptions;
- Have state-of-the-art infrastructure, maintained by a third party and available 24/7;
- Have the flexibility and scalability of online infrastructures;
- Develop agility and use all available resources as needed.
On the other hand, several advantages of the cloud are particularly relevant to the public sector. When an administration moves to the cloud, it increases its attractiveness and ensures the continuity of its services by providing them to citizens online. This trend peaked during the Covid-19 period when many public services accelerated the dematerialization of their administrative procedures. As a result, the services offered benefit in many ways:
- Reduction of their environmental impact;
- Provision of more economical administrative services;
- New and easily accessible services for the population.
The challenges of the cloud in the public sector
Despite the obvious and proven benefits of moving to the cloud, its adoption is slower in the public sector. There are several reasons for this, both internal and external to the cloud migration project.
Internal Factors
On the one hand, the internal factors include elements that are specific to any project of this scale: the opportunity for such a change, the level of maturity of the project (strategic arbitration, availability of resources (budget, equipment, human resources), the level of maturity of the structure concerned (departments, teams), the financial stakes (estimates of potential gains, reallocation of expenses, ROI measurement) and the consideration of risks associated with the project. Without exaggerating things, considering that switching to the cloud is a major change for an organization, it appears that public services are also constrained by political choices and orientations taken at the highest level.
External Factors
On the other hand, external factors also explain the slow adoption of the cloud by public services.
- Firstly, the legal framework, which is made up of all the agreements, laws and regulations, both federal and international. In this case, the package relating to data protection, especially personal data and sensitive data (GDPR, LPD, Cloud Act, Privacy Shield, etc.), is a single blocking point for many projects. For example, migrating infrastructure and data to the cloud environment of the American provider Microsoft exposes customers to the possibility that their information assets could be made accessible to the American authorities upon request. For this reason, the Swiss Federal Council is in the process of defining internal guidelines and preparing the contracts with the referenced providers in order to provide protective measures.
- Secondly, the organizational aspects of managing the cloud environment are an obstacle to change when they are linked to the legal constraints mentioned above. For example, the issues of collaborative work, territoriality (where data is stored and backed up), sharing and/or transferring data to a territory that does not offer sufficient guarantees for the protection of personal data, etc., are all issues that stand in the way of migration to the cloud.
However, the reassuring news in the face of these challenges is that public services can count on practical solutions such as those offered by Positive Thinking Company, which is already helping many demanding customers with their cloud migration projects.
Conditions for a successful migration to the cloud
Positive Thinking Company recommends a 3-step approach:
- Assess your maturity level for switching or adopting cloud services. It is just as important to measure the pros and cons of the cloud as it is to know whether you’re ready to move or not. To learn more, we invite you to reach out to our cloud experts who have developed a Cloud Readiness Assessment solution.
- Obtain sufficient guarantees regarding the protection of the data entrusted to your service provider (CSP Cloud Service Provider, Data Host, etc). This can take the form of specific measures (a binding service contract, a prior or periodic audit of the service provider, etc.) and/or specific devices to be deployed (pseudonymization, anonymization, data encryption, etc.).
- Analyze the risks to which your information system is exposed in order to determine the priority assets, resources, applications, data, departments, services and functions to move to the cloud. A data protection impact analysis will also be performed if personal data is involved.
Ultimately, depending on their level of risk appetite, their environment and their level of requirement, public services will be more or less inclined to move to the cloud. In any case, the decision of the Canton of Zurich should be emulated because it is in line with the directions taken at the federal level. However, we should not lose sight of the fact that administrations manage a large volume of data, particularly sensitive data, which must be protected. This point deserves special attention and should continue to influence organizations’ decisions about the cloud. Indeed, the risks that weigh on the processing of sensitive data (storage, archiving, transfers, etc.) are quite significant and lead decision-makers to take additional measures or guarantees to protect sensitive data.
Thanks to our
Author
