Cloud for Europe: Cloud adoption in the public sector

Linda Strick
Fraunhofer FOKUS
Topics recommended for the 2016-2017 Work Programme: 

Especially relevant from the perspective of cloud adoption in the public sector it is important to address a European-wide cloud infrastructure and service delivery platform as a “European Cloud Shared Services” platform. This simplifies the exchange of Shared Service offerings in the public sector and potential other sectors as well. As a good practice example the Open Data efforts can be seen, where national offerings of data sets are delivered and provided to the European level as well. This seems a relevant European cloud application area. In the area of „European Cloud Shared Services“ legal and organisational issues are equally relevant, accompanying the technical topics. A good example can be seen in GBs “G-Cloud”, but on a European level. On the wish list is as well a better cooperation between the different DG Units. For example, it is interesting to investigate which parts of the initiatives in the Customs Multi-Annual Strategic Plan (MASP) can be moved to the cloud for the European Customs organisations, which is under control of DG TAXUD. Important for a trusted cloud computing, which is required by the public sector are as well the following topics:

  • Privacy enhancing technologies for the cloud.
  • Transparency technologies: such as log management and event monitoring and correlation tools.
  • Service selection tools based on risk assessment and asset evaluations.
  • Identity and access control technologies for both users and service provider personnel.
  • Energy awareness in virtualised environments (IaaS, hypervisors, OS components).
  • Resource awareness and resource usage adaptation in virtualised environments (IaaS).
  • Flexible pricing and SLA models for IaaS with dynamic differentiated pricing (e.g., auction-based, depreciation-based, etc.).

A very relevant topic is the standardisation of SLAs in cloud computing according to the type of cloud it is running on. Terms and conditions in the SLA depend on the complexity of control variables that the provider gives to the consumers. In that context we highlight the SaaS SLAs as a possible concern to the main topic:

  • Standardise SLAs for cloud computing: Reference the importance to standardise SLAs in multi-cloud environment. When terminologies are not standardised, the definition of a terminology that a partner (a requesting service provider) uses may differ from the definition that another partner (a substitute service provider or vendor) uses. The expanding value chain for other services has made SLAs important for a myriad of often complex relationships between partnerships.
  • SaaS SLAs: Some considerations for SaaS service-level agreement outlines the service levels and brings diverse customer-focused into a single guide for IT and business leaders who are considering cloud adoption.
  • Cloud Computing SaaS Security issues and risk: The issue of risk relevancy is significant if adopters are to formalise the SaaS decision-making process. The results provide evidence that certainty about some elements of security, business continuity, and integration significantly influences the adopting organisation’s level of satisfaction with its overall SaaS experience.
Projects major results: 

Cloud for Europe adjusts public sector requirements and establishes suitable contractual terms for future cloud procurements.The project's main result focuses on the adoption of cloud computing solutions in the public sector. At first, obstacles for the use of cloud computing in the public sector are addressed by analysing requirements of the European public sector, the current market situation and the relevant standardisation landscape. To overcome these obstacles challenges will be identified, which are of joint interest between several Member State public procurers, and which are subject to R&D to from the basis for cloud adoption. A pre-commercial procurement tender process will address industry, and especially SME’s, to participate as bidders for those new cloud solutions.

Potential exploitation strategy: 

As we are currently in defining the tender package, therefore not much to elaborate, but the IPR aspects will be kept with the bidders. The PCP process allows for selecting the best results for each of the tender phases, so that at the end the best solutions will be published and shared with other member states, public procurers and industry.

An update since the last Concertation meeting (March 2014): 

Partnering with Cloud projects, such as: SUCRE; CLOUD CATALYST; OPEN DAI; STORM CLOUDS; COC CLOUDS and Cloud WATCH - latter with common workshop on Legal issues in Cloud computing in June 2014 in London.
Cooperation with ENISA for Cloud certification.
Partnering with PCP projects, such as: CHARM, Silver, PRACE-IP3 in terms of lessens learned for the PCP process.