Skip to content

The Sovereign Cloud is Useless, Lengthy Dwell the Trusted Cloud

Within the nationwide protection assessment, Dominique Luzeaux, director of the Digital Protection Company, places into perspective, but additionally the relevance, of the notion of sovereign cloud within the face of problems with belief and safety.

Sovereign cloud: sovereignty and resilience or belief? An enormous query to which Dominique Luzeaux, director of the Digital Protection Company and basic armament engineer, offers some solutions and reflection in a observe printed within the Revue Défense Nationale (RDN) and likewise printed on Linkedin. “Allow us to keep in mind that belief will not be a pledge of sovereignty, that sovereignty will not be constructed on belief alone. Actually, already on the base, sovereignty is a matter of oneself, whereas belief is a matter of a relationship between oneself and one other. The 2 are usually not comparable,” explains Dominique Luzeaux.

For a cloud to be sovereign, it’s crucial to have the ability to grasp all of the items of the puzzle: from the decrease layers of infrastructure (processors) to the very best utility bricks (person interface). A problem not simple to take up or perhaps a battle misplaced upfront? “The topic will not be as easy as a result of being sovereign additionally means producing all of your instruments and being completely in a state of affairs of autarky or a state of affairs with a better and extra constructed interdependence”, Paul-Olivier Gibert had slipped to us. , president of the Afcdp on the event of the sixteenth version of the College of the affiliation final March.

Sovereignty will not be belief

“We will affirm that the label of trusted cloud certainly offers all customers with ensures as to the safety of their knowledge by way of non-disclosure or uncontrolled exploitation, however that has little to do with the sovereignty, particularly with respect to the applied sciences and procedures permitting the development and implementation of a large-scale cloud”, continues Dominique Luzeaux.

The hole separating the sovereign cloud from the cloud of belief is due to this fact appreciable. In Could 2021, the Macron I authorities had additionally reoriented its targets round a number of pillars: definition of a trusted cloud label, licensing settlement with international suppliers, authorized reinforcement towards the extra-territoriality of sure international legal guidelines and streamlining clouds for administration. So many laudable initiatives and wishes for which the SecNumCloud repository can’t nonetheless do every little thing, the truth on the bottom being undoubtedly extra advanced.

The Cloud Act, an everlasting thorn within the aspect of the trusted cloud

In his observe, Dominique Luzeaux mentions a research, commissioned by the Dutch Ministry of Justice and Safety, from the American regulation agency Greenberg Traurig, which is kind of enlightening on the topic: “in order that an EU entity can keep away from fully to be topic to the Cloud Act, it must course of the info utilizing a non-US entity, which both doesn’t have a company relationship with an organization having a presence in the USA (reminiscent of a US subsidiary ) and has no contacts with the USA such that the USA can fairly assert jurisdiction over the EU entity (which incorporates not promoting services or products to prospects). If it has a company relationship with a US-based firm, the US firm should not have the possession, custody, management or legal responsibility of the EU entity. By no means can the EU entity have a US mother or father firm, because the mother or father firm could be thought-about to have possession or management of its subsidiary’s knowledge. Additional, it’s suggested to not make use of US nationals with entry to the related knowledge.”

No full assure of immunity from non-EU regulation

“To sum up, there isn’t a full assure of immunity from extra-EU regulation, because it was written explicitly within the September 2021 model 3.2a of the SecNumCloud repository. In conclusion, we are able to affirm that the label of trusted cloud certainly offers all customers with ensures as to the safety of their knowledge by way of non-disclosure or uncontrolled exploitation, however that has little to do with with sovereignty, particularly with respect to the applied sciences and procedures permitting the development and implementation of a large-scale cloud”, underlines Dominque Luzeaux.

In current months, alliances have multiplied in France between GAFAM and French corporations in an try to offer a solution to the challenges (Blue, S3NS, and many others.) of trusted cloud. In Europe, initiatives have additionally flourished reminiscent of Gaia-X with out nonetheless managing to actually get out of the idea. Actually, trying carefully, one can ask a query: did the sovereign cloud merely ever exist?

A graduate of the École Polytechnique, the École Nationale Supérieure des Methods Avancées and a DEA in theoretical pc science and a doctorate from the College of Paris XI in synthetic intelligence, Dominique Luzeaux is certified to direct analysis. He additionally acquired the Prix Ingénieur Général de l’Armement Chanson for his work in autonomous army robotics.

Leave a Reply

Your email address will not be published. Required fields are marked *