The challenge of digital transformation
The rise of digital technologies has pushed Defense players to initiate a profound digital transformation in order to guarantee the success of armies, the control of information and remain at the forefront of innovation and technology. This profound change is the opportunity to facilitate the accomplishment of missions but also to rethink the tasks and activities of operational support. Despite the strong constraints related to the security of highly sensitive data, Defense players are gradually adopting cloud technology, in particular for its significant computing and data storage capacities, but also to facilitate the provision of digital services via an as-a-service model. Indeed, the cloud is based on the outsourcing of the management of IT resources, hosted and operated by one or more service providers. This management is broken down into 3 levels:
- IaaS (Infrastructure-as-a-Service): provision of IT infrastructure
- PaaS (Platform-as-a-Service): provision of an IT development environment
- SaaS (Software-as-a-Service): provision of IT services and applications
One of the ways to facilitate this provision of digital services is through platformization. In brief: in Defense, a cloud platform makes it possible to create a secure collaboration environment facilitating the sharing of more or less critical information between the various civilian or military entities of the Defense ecosystem. These platforms are, on the one hand, capable of interconnecting digital systems between operation grounds and internal networks (such as the Intradef network in France) and, on the other hand, of providing a catalog of SaaS services and applications (IT development tools, collaborative work, project management, administrative support, etc.) for end users with the aim of supporting task processes and operational performance.
In France, this digital transition to the cloud was recently deployed at ministerial level, with the publication of a doctrine delimiting 3 cloud “circles”, whose objectives, access policies and security processes will depend directly on the criticality of the data. At the operational level, for example, NATO chose at the beginning of 2021 the Thales platform Nexium Defense Cloud, to provide access to critical data and applications to the armed forces as well as real-time information sharing in a completely safe environment. Strong momentum is therefore emerging around the Defense cloud in France and more widely in Europe, but its adoption still remains a challenge, in particular because of the American superiority in the market.
The problem of digital sovereignty
American players are indeed a step ahead, with Microsoft, Amazon, Google, and IBM still remaining the main cloud providers on a global scale. Even if other European companies are positioning themselves, such as OVH Cloud, the French and European leader in the cloud infrastructure (IaaS) market, few are able to align with solutions such as AWS or Microsoft Azure, in terms of performance and capabilities. In addition, faced with the “indiscretions” of the American giants subject to the Cloud Act (Clarifying Lawful Overseas Use of Data Act) authorizing the American government to access data stored abroad by American companies, mistrust very quickly set in in Europe as well as in France and the issue of digital sovereignty is now crucial. Indeed, many European companies are now using American cloud solutions, posing serious questions about the confidentiality, integrity and potentially the availability of data. The most secure solution favored today is that of a sovereign private cloud hosted and operated directly by the user in his country, making it possible to go beyond the scope of the Cloud Act. In this way, Europe is thus seeking to regain its digital sovereignty, in order to protect the sensitive data of private companies or governments. For example, the European Gaia-X project was launched in September 2020 with the ambition of creating a sovereign European digital infrastructure offering critical sectors an alternative to American solutions.
Adding up to these challenges, the health crisis has also significantly impacted the market, as a catalyst for digital transformation and the use of the cloud. While strong momentum and a shared desire on the players’ side are emerging on the subject of the Defense cloud, data security remains the number one challenge. Indeed, despite the 4 levels of classification defined above, the boundaries of data criticality are still complex and blurred, making it difficult to assess the criticality of the digital services offered. Reclassification and homogenization work is underway to redefine a very precise framework for the use and operation of the cloud which on the one hand will facilitate its adoption by players in the Defense ecosystem and on the other hand will respond to the issue of digital sovereignty.
About the authors,
Kalyana, Senior Consultant and Samir, Project Manager in Alcimed’s Aeronautics, Space & Defence team in France