Like all sectors, the Defense industry is faced with data security issues and the massive increase in their volume linked to the adoption of new information technologies. Defense players are however subject to additional constraints due to their strategic status and the confidentiality of their data. There are 4 major levels of data classification (regulations may vary between countries), allowing to define the restrictions necessary to access and disseminate information: restricted, confidential, secret, and top secret, in order of increasing criticality. These levels make it possible to classify critical information and define the scope of its use. In addition to these confidentiality constraints, the Defense sector is also a sensitive and compartmentalized world, which does not facilitate the communication and sharing of information. Cloud computing, as a flexible, scalable and dematerialized digital data sharing environment, is establishing itself as a preferred solution in response to the increase in data but requires a radical culture change for the Defense sector. How did the Defense sector begin its shift to the cloud and what are the challenges? The aeronautics, space and Defense team has looked into the subject to offer you some insights.
The rise of digital technologies has pushed Defense players to initiate a profound digital transformation in order to guarantee the success of armies, the control of information and remain at the forefront of innovation and technology. This profound change is the opportunity to facilitate the accomplishment of missions but also to rethink the tasks and activities of operational support. Despite the strong constraints related to the security of highly sensitive data, Defense players are gradually adopting cloud technology, in particular for its significant computing and data storage capacities, but also to facilitate the provision of digital services via an as-a-service model. Indeed, the cloud is based on the outsourcing of the management of IT resources, hosted and operated by one or more service providers. This management is broken down into 3 levels:
One of the ways to facilitate this provision of digital services is through platformization. In brief: in Defense, a cloud platform makes it possible to create a secure collaboration environment facilitating the sharing of more or less critical information between the various civilian or military entities of the Defense ecosystem. These platforms are, on the one hand, capable of interconnecting digital systems between operation grounds and internal networks (such as the Intradef network in France) and, on the other hand, of providing a catalog of SaaS services and applications (IT development tools, collaborative work, project management, administrative support, etc.) for end users with the aim of supporting task processes and operational performance.
In France, this digital transition to the cloud was recently deployed at ministerial level, with the publication of a doctrine delimiting 3 cloud “circles”, whose objectives, access policies and security processes will depend directly on the criticality of the data. At the operational level, for example, NATO chose at the beginning of 2021 the Thales platform Nexium Defense Cloud, to provide access to critical data and applications to the armed forces as well as real-time information sharing in a completely safe environment. Strong momentum is therefore emerging around the Defense cloud in France and more widely in Europe, but its adoption still remains a challenge, in particular because of the American superiority in the market.
American players are indeed a step ahead, with Microsoft, Amazon, Google, and IBM still remaining the main cloud providers on a global scale. Even if other European companies are positioning themselves, such as OVH Cloud, the French and European leader in the cloud infrastructure (IaaS) market, few are able to align with solutions such as AWS or Microsoft Azure, in terms of performance and capabilities. In addition, faced with the “indiscretions” of the American giants subject to the Cloud Act (Clarifying Lawful Overseas Use of Data Act) authorizing the American government to access data stored abroad by American companies, mistrust very quickly set in in Europe as well as in France and the issue of digital sovereignty is now crucial. Indeed, many European companies are now using American cloud solutions, posing serious questions about the confidentiality, integrity and potentially the availability of data. The most secure solution favored today is that of a sovereign private cloud hosted and operated directly by the user in his country, making it possible to go beyond the scope of the Cloud Act. In this way, Europe is thus seeking to regain its digital sovereignty, in order to protect the sensitive data of private companies or governments. For example, the European Gaia-X project was launched in September 2020 with the ambition of creating a sovereign European digital infrastructure offering critical sectors an alternative to American solutions.
Adding up to these challenges, the health crisis has also significantly impacted the market, as a catalyst for digital transformation and the use of the cloud. While strong momentum and a shared desire on the players’ side are emerging on the subject of the Defense cloud, data security remains the number one challenge. Indeed, despite the 4 levels of classification defined above, the boundaries of data criticality are still complex and blurred, making it difficult to assess the criticality of the digital services offered. Reclassification and homogenization work is underway to redefine a very precise framework for the use and operation of the cloud which on the one hand will facilitate its adoption by players in the Defense ecosystem and on the other hand will respond to the issue of digital sovereignty.
About the authors,
Kalyana, Senior Consultant and Samir, Project Manager in Alcimed’s Aeronautics, Space & Defence team in France
Articles
Cyber-attacks on French groups are multiplying with the deployment of networks. Production stoppage, rebuilding of systems, affected reputation,... Protean, the impacts end up being quantified. How ...
Articles
How can AI help authorities to better anticipate and detect real threats out of regular traffic in maritime surveillance? Alcimed returns to the current maritime surveillance challenges and sketches ...
Articles
The data accumulated by the French health system are representative of care usage in a developed country and can be further valorized. With the launch of the Health Data Hub, a platform for sharing ...