Moving from on-premise to gov-cloud: lessons from Europe

Before the Russian attack in February 2022, Ukraine stored data exclusively on-premise in servers located in governmental buildings. This made them extremely vulnerable to physical attacks, which could paralyze the lives of both government and citizens. The Ukrainian Ministry of Digital Transformation was strategic and swift enough to transfer state data into the public cloud days before the Russian invasion, thus not only ensuring continuity of government operations and influencing some European governments to do the same.

Private cloud service providers face various issues too. Back in March 2021, a fire erupted in a French cloud services provider, ‘OVH Cloud,’ destroying one data center in Strasbourg and heavily damaging another. While initially, the company reduced the impact of the fire, reports show it disrupted the work of millions of websites and cost the company over 105 million euros. 

Finding the right solutions to move from on-premise to gov-cloud takes time and effort. This needs government openness and preparedness to change, strategic data classification, and balancing on-premise and gov-cloud in hybrid systems. Last but not least, ensuring sustainable relationships with service providers is key. 

Data embassies: outdated, or still a good option for small countries? 

Estonia was the first country in Europe to introduce the concept of data embassy back in 2017, with copies of key state data being stored in Luxembourg, as agreed upon by the governments of Luxembourg and Estonia. The Estonian concept paved the way for other countries (like Lithuania) to copy the model and take another step in ensuring the continuity of e-government in extreme situations, such as natural disasters or physical invasions. 

While easy to explain and defend politically, making the data embassy fully operational presents many challenges, particularly in ensuring continuity and effective disaster recovery. 

Some experts claim the concept itself is limited and outdated and advocate for going 'all in' to cloud. First, the NIS2 directive obliges critical infrastructure providers to de-localize back up, which solves many issues relevant in the past. Second, it is complicated to ensure an operational disaster recovery system. , and advocate for going ‘all in’ on cloud.

Others emphasize that ‘cloud-only’ is more accessible to achieve for bigger countries, rather than smaller ones, as the economy of scale matters when negotiating with vendors.

Transitioning to gov-cloud: lessons from the public sector

Transitioning from on-premise to the cloud requires thorough preparation and constant navigation between various regulatory, financial cultural, and technical issues.  

Preparation for change. Transitioning to the cloud requires major political backing, a developed policy framework, legislative changes, gov-cloud architecture anointed by disagreeing experts, data classification guidelines, and its aftercare for government agencies, especially the ones that are not as IT-friendly as they should be.

Some countries strive to get the best of both on-premise and gov-cloud worlds and aim towards a hybrid policy framework. Either due to resistance to change or the wish for short-term cost-saving, governments choose to store the most ‘critical’ and ‘very important data’ in state-owned data centers, with the rest transferred to the cloud. The question of what should and shouldn’t be classified as ‘critical’ often becomes a subject for political interpretation.  

The complexity of public tenders and relationships with vendors. Many public sector employees would agree that public tenders for IT services are a form of art in themselves. International public tenders are even more difficult. 

Enrico Letta has partially addressed the issue of public procurement in his latest report. Hopefully, this will gain more attention from the architects of the next European Commission’s agenda because complicated, entry-non-friendly, and lowest-price-oriented procurement practices are a major obstacle to sustainable and result-oriented digital transformation across Europe.  

Another major barrier is the issue of potential vendor lock-ins, where public administrations have little to no ability to ensure diversified storage of public data between different vendors. While the issue has been partially addressed by the EU Data Act, the Act itself comes into full force by 2027 only, and the implementation of this ambition remains complicated - particularly for smaller administrations.  

Tolerance to ‘changes within change’. Implementation and continuous improvements after adopting the gov-cloud require humility among experts and tolerance from the political class and ‘the watchmen’ for potential changes in direction. 

Different countries have different legal systems, relationships between government agencies, and varying levels of freedom to innovate without changing laws, but the best solutions can only be seen after being put into practice. 

Countries that have developed complex gov-clouds, partially or entirely, are always open about their cloud journey being a 'process in the making’. Therefore, it is crucial to ensure that ‘hands-on’ experts and practitioners are not scrutinized if a change in direction is needed after testing the ideas practically.