A project launched in 2018
In 2021, the French state has validated the adoption of cloud computing as an alternative to on-premise hosting solutions, for state information systems. To support this approach, the government has published a doctrine on the use of this hosting mode and its framework. This document redefines and distinguishes between the “internal” cloud managed by the State, and the “commercial” cloud, managed by a provider whose certification level must be at least SecNumCloud (or its future European equivalent, EUCS). The main objective is to be immune to any extra-Community regulations when it comes to hosting data with a particular level of sensitivity and confidentiality.
The rules of the “cloud at the center” doctrine:
- Seek an appropriate cloud solution for any digital project, whatever its size or duration.
- Integrate the cloud into recruitment and training processes.
- Implement measures to encourage cloud adoption within each administration.
- Provide viable end-of-contract and reversibility conditions for projects using the commercial cloud.
- Adhere to resilience best practices by leveraging cloud services deployed in various regions.
- Use the cloud, whether in-house or commercial, to manage the entire application production cycle in new IT projects for the State and its service providers.
- Document derogations from this rule with DINUM for projects costing at least one million euros, providing a comparative analysis of scenarios. o Monitor compliance with the “cloud at the center ” doctrine in major State IT projects worth more than nine million euros.
- Ensure that IT systems processing personal data comply with RGPD requirements, including data transfers outside the EU.
- Guarantee portability between different cloud environments.
- Oversee the design and implementation of interministerial collaborative tools, making them accessible to all government employees on demand.
- Prioritize existing solutions to meet the needs of agents and citizens, whether through subscriptions to commercial SaaS offerings or by deploying solutions on the State’s internal cloud.
- Ensure that publishers’ infrastructures and services comply with RGPD standards for the services mentioned.
Find all the rules of the doctrines on numerique.gouv.fr
This posture of the state towards the security of data hosted in the cloud, highlights the importance for public companies and private companies working for the French state, to bring the utmost vigilance to bear on the sovereignty and security of data hosted in the cloud. Given the strategic importance of ERP within a company, it is becoming difficult, if not unthinkable, to adopt cloud hosting that does not comply with certification requirements guaranteeing data sovereignty.
The challenges of the sovereign cloud
There are 3 main challenges:
- Transformation challenge: Cloud adoption must be accompanied by practices associated with excellence in the production of digital services (proximity between business and IT teams, scalability, dev ops, CI/CD processes, which are the guarantors of product adaptation to their users, etc.).
- Sovereignty and security: the adoption of the cloud must not impede the State’s autonomy of decision-making or action, nor its digital security and the resilience of its infrastructures, the State’s control over the data and processing entrusted to it, or compliance with European rules on the protection of personal data, and this at a time when the footprint of non-European players in cloud matters is predominant
- Industrial stakes: The adoption of the cloud by the State, and more generally the public sphere, must be an opportunity for the French and European ecosystem, with the reciprocal benefit for public players of access to a competitive offering at European if not global level.
The legal and technical complexity of the subject requires the support of a partner:
- Expertise in cloud computing solutions in an SAP context
- Mastery of European hosting and data sovereignty rules
- With the skills required to migrate highly complex, mission-critical environments to a secure cloud.
To meet these requirements, Applium has joined forces with OVHcloud to create a 100% sovereign SAP hosting offer, in compliance with the highest levels of requirements and certifications. Applium’s offer in partnership with OVHcloud As an OVHcloud “Advanced Partner”, Applium supports customers concerned about the sovereignty of their data in their “Move to cloud” strategy for their SAP environments.
