In the space of a year, the European project to create a fully trusted Cloud environment has developed considerably. What is its current status? What are its ambitions and chances of success? A round table was organized during the 2021 CLOUD DAYS to discuss the matter. Read on to find out more.
It was one year ago. On June 4, 2020, Bruno Le Maire, the French Minister of the Economy and Finance, and his German counterpart Peter Altmaier, officially launched GAIA-X, a program aiming to build “a reliable and secure data infrastructure for Europe.” By uniting the existing infrastructure providers and guaranteeing the interoperability of their services based on common standards, the project aimed to offer European businesses and administrations an alternative to American and Chinese hyperscalers.
Twenty-two founding members, half of which are French, presided over the creation of GAIA-X. Among them are Cloud providers like 3DS OUTSCALE, and large companies using Cloud solutions like EDF, Amadeus, Safran, BMW, Bosch or Siemens. The number of members reached 212 organizations at the end of March.
With 92% of the new members being European, the inclusion of foreign players like Microsoft, Google, Salesforce, Oracle, Palantir, Alibaba or even Huawei has challenged the relevance of the project. Does GAIA-X still act as a defense against GAFAM and BATX? It has also been questioned whether GAIA-X and the recent French national Cloud strategy (in French only), which plans on creating a “fully trusted Cloud” label, are redundant.
CLOUD DAYS—The Occasion to Take Stock
During the 2021 CLOUD DAYS, organized by 3DS OUTSCALE, a round table dedicated to GAIA-X (in French only) was the perfect opportunity to answer these questions. Henri D’Agrain, general delegate of the Cigref, a network gathering a little over 150 CIOs of large companies, first reminded that GAIA-X’s ambition was to create “A trusted space that complies with European values in order to cut loose from American players whose market is directed towards the exclusive profit of their own business models.” On top of freedom of movement (goods, people and capital) comes the freedom of data flow.
Bernard Duverneuil, president of the Cigref, recently commented the inclusion of foreign players in GAIA-X by cosigning an opinion article in Le Monde (in French only). American and Chinese companies will have to comply with GAIA-X’s rules and will not be able to take part in the governance of the organization, which is restricted to companies with European headquarters.
Interoperability and Reversibility
Vincent Coudrin, Cloud computing policy officer at the Inter-Ministerial Directorate for Digital Affairs (DINUM) finds GAIA-X, the French national Cloud strategy and the “trusted Cloud” label to be complementary rather than conflicting. The French national Cloud strategy, aka “Cloud at the center”, aims to “make the Cloud a prerequisite for every new digital project coming from the government,” and to host these projects on the government’s private Cloud or on a trusted industrial Cloud with a SecNumCloud qualification provided by the French National Agency for the Security of Information Systems (ANSSI).
“We needed ANSSI’s qualification [in a stricter context of sovereignty for administrations, to which we add the issue of applicable law]. GAIA-X will create a European standard, boost the creation of a homogenous European Cloud market by providing guarantees of interoperability, openness and reversibility, encourage administrations to use the Cloud, and grow the ever-improving European offer. However, GAIA-X does not cover the issue of applicable law”, he adds. This is where the “trusted Cloud” label comes into play. “The aim is for the ‘trusted Cloud’ label to merge into ENISA’s future high standard framework, which is compatible with GAIA-X’s requirements,” reminds Vincent Coudrin. Incidentally, administrations and organizations affected by the issue of sovereignty, especially OIVs (operators of vital importance), “are prompted” to turn to these labels.
To contribute to this goal and aim for more harmonization, the Cigref just published a trusted Cloud framework which lists over 450 requirements coming from existing French and European frameworks (SWIPO, SecNumCloud, GAIA-X, EU Cloud CoC, etc.).
“When asked what trust factors are, explains Henri d’Agrain, users suggest security, Cloud immunity from non-European jurisdictions, control over the provider, transparency, portability, auditability, reversibility and interoperability.”
Reversibility is also particularly important for CS Group’s customers, as mentioned by Sylvain D’Hoine, executive vice-president of CS Group’s Space division.
For Vincent Coudrin, companies and administrations should not have to choose between modernization and sovereignty. He notes that GAIA-X is not a Cloud but a Cloud federation which, by definition, has a multi-Cloud approach. “Going from one Cloud to another is an essential aspect of sovereignty. If one cannot leave, then one is not free.”
Vincent Coundrin also reminds that, “the third pillar of the French national strategy is to finance top-end initiatives and to support GAIA-X-branded offers within the trusted Cloud, whether they be of European or global dimension”. Moreover, the Cloud computing policy officer at DINUM reveals that some of the applications received after the call for expression of interest initiated by BPI France concern European projects combining small businesses, startups and leading manufacturers. Thus, the quality and ambition of the consortium are two important factors for the qualification of the project.
Over 600 Members at the French GAIA-X Hub
To form this ecosystem, the Cigref hosts the French GAIA-X Hub (in French only) which gathers over 600 people coming from 300 different organizations (user companies, providers, as well as academics and organizations). This ecosystem is sorted into 12 “data spaces” corresponding to as many lines of business such as finance, energy, agriculture, industry, healthcare, the marine industry and many more, including a “public administration” data space, initiated at the request of the European Commission.
As for the space industry, a digital alliance within GAIA-X dedicated to this sector gathers 3DS OUTSCALE, CS Group, EBRC and RHEA Group. According to Sylvain D’Hoine and CS Group, this project aiming to guarantee a secure and trusted infrastructure at the European level is a key component of sovereignty.
“The multiplication of spacecrafts and satellite constellations implies more and more spatial data [with high added value] are generated, requiring a high computing power as well as a worldwide Cloud.” Today, the Copernicus program and its terabytes (TB) of daily data uses American public Clouds. However, CS Group highlights GAIA-X’s capacity to bring trust to its users trying to protect their data. The aim is therefore to create an alternative within French Clouds and then European ones in order to meet this computing power need.
For Sylvain D’Hoine, although access to American technologies within a European Cloud is rather a good thing for users, the latter should not be restricted to certain technologies. “As a system integrator for major players from various sectors (spatial, defense, etc.), CS Group advocates for reversibility and portability in order to avoid vendor lock-in risks.”
The round table’s final word was given to Henri D’Agrain. “The Cloud is not a subsection of digital technology, but rather its backbone. In ten years, our entire economy will be resting on the Cloud’s foundations. We have no other solution than GAIA-X to recover the sovereignty of our data.”
Watch the replay of the round table on outscale.tv (in French only) to listen to our guests’ interventions in detail and grasp what exactly is at stake with the GAIA-X project.