Digital Sovereignty through Multi-Cloud - Is That Possible?
Anyone who wants to digitize in a self-determined way should first clarify their sovereignty goals per use case
In the beginning phase of the cloud, between 2016 and 2018, the company AWS, which was seen as the overpowering pioneer of the public cloud, emphasized that multi-cloud was pointless. It was much more advantageous to keep all applications close together with the same provider. Anyone who thinks that AWS is arguing free of its own interests is naive. VMware, the top dog of the classic infrastructure, on the other hand, propagated more complex models such as hybrid and multi-cloud right from the start. Logical because only these can contain a relevant share of VMware services. System integrators and consultants also advocate multi-cloud, as it gives them more options for system integration and consulting.
But what does a disinterested view of the multi-cloud look like, especially in relation to the question of digital self-determination of an organization?
The Why of Cloud
Sober reflection requires clarification of one's own interests: Why are organizations moving to the cloud?
If they use its technologies and methods consistently, they can develop new functions much faster.
Cloud applications can also react ad-hoc to load fluctuations, such as at the beginning of the Corona epidemic.
Organizations can also significantly automate IT value creation. They need significantly fewer employees for commodity services such as IT infrastructure.
In times of staff shortages among experts, this helps companies to focus on their core tasks and to design their own solutions in a more customer-oriented way.
React spontaneously to load fluctuations
Develop new functions quickly
Automate value creation
Focus on core tasks
What Are the Specific Risks?
Dependence on software
Dependence on one company
Geopolitical dependence on one country
The use of the cloud is accompanied by risks, also in relation to one's own digital sovereignty. The following are particularly worth mentioning here:
Organizations can become dependent on certain software. Their suppliers exploit such dependencies for their own economic interests. They know exactly how costly it is to migrate an application to another technology. Amazon needed several years to break its own dependence on Oracle databases.
Several organizations or entire industries can be at the mercy of the same cloud company. An AWS data center failure caused two video streaming competitors, Netflix and Disney+, to go down at the same time.
Entire countries or continents can become dependent on a single third country. For example, the Trump administration decided in 2019 that Google could no longer deliver any Android updates to Huawei. This led to unsafe Huawei mobile phones and a practical ban on selling the devices around the world.
Energy Sovereignty through Multi-Gas
For years, Germany pursued a virtually mono-gas strategy. Contracts and infrastructure were designed to ensure that the right amount of gas was always supplied by very few gas suppliers. No alternative supply channels (especially LNG terminals) were provided, and no investments were made in the country's own gas production or in comprehensive gas storage facilities. With the Ukraine war and the associated halt in gas supplies from Russia, the disadvantages of this strategy became obvious. Within a few months, a multi-gas strategy had to be designed and its implementation started. Investments were made in LNG terminals to diversify the number of gas suppliers.
How well does the analogy of energy sovereignty through diversification of supplier countries translate to digital sovereignty through multi-cloud?
Multi-cloud can take place at different levels of IT value creation:
IaaS level: An application remains in its core; only the underlying IT infrastructure (computing power, storage, network) is sourced from Azure, AWS, or the private cloud as needed.
PaaS layer: The application usually uses a cloud as the home for the IT infrastructure. Some platform services, such as AI-based translation services, are sourced from specialists such as DeepL, an online service for machine translation.
SaaS level: Companies obtain different software from different clouds. For example, Teams from Microsoft is used for telephony, Miro for workshops, and Salesforce for CRM systems.
Landscape level: In total, this results in a multi-cloud reality for companies. In practice, cloud services are potentially used in every application at every level.
Each of these clouds brings different performance and risk profiles. The public clouds AWS, GCP, and Azure are considered the benchmark in terms of performance. The federal cloud, on the other hand, provides the maximum level of control for public authorities.
The spectrum of sovereign clouds shows some of the current cloud options in the German market. The rough rule of thumb is that to the left, the degree of control increases, while to the right, the degree of capability increases.
Three Steps to Sovereignty through Multi-Cloud
The first step to more sovereignty is to know the individual needs for performance and control per specialist application. Is it a question of functional diversity, speed and scalability? Or is it important that all functions are still available in the event of a military or geopolitical conflict with the USA? Or is it more about improving the negotiating position with a single technology supplier?
The second step is the conscious decision to mix third-party and in-house services. If the application covers a geopolitically non-critical process, such as the issuing of hunting licenses in Lower Bavaria, then clouds with provider-specific technologies (such as Delos) could also be used for this. However, if it is a question of the internal communications platform of the Federal Foreign Office, then more Open-Source technology should be integrated and in-house services provided.
The third step is the major challenge in terms of content: the organization striving for sovereignty must design the software architecture in such a way that it reacts as desired in the event of a crisis.
So, if the main cloud provider fails, the software must notice this and automatically switch to the replacement cloud.
If certain "luxury services" are no longer available due to geopolitical tensions, a defined basic scope of services of the application must still be usable.
If cloud services from different providers are not the same but only similar, the organization must create and maintain intermediate layers to achieve real interoperability.
Similar challenges arise during operation:
The use of Open-Source software is initially seductively simple. But if problems arise during operation, no third-party company provides support, only the "Open-Source community". This can happen quickly but does not have to.
If an application is to be able to run on another IT infrastructure in the event of a crisis, this must be maintained and paid for.
Qualified employees must also be available to practise these switching processes and carry them out in an emergency.
Conclusion: Multi-Cloud Is an Important Key to Sovereignty
As outlined elsewhere on this blog, digital sovereignty, unlike autarky, is not an absolute concept. Autarky attempts self-sufficiency at any cost. Not even the U.S. achieves this goal because American government agencies use SAP, iPhone chips are produced in Taiwan, and lithography machines are made in Europe.
Sovereignty, however, in the sense of a balance between performance and control, a renunciation of central dependencies, can be achieved with the help of a good multi-cloud strategy.
However, the analogy to Europe's new multi-gas strategy remains valid when considering the disadvantages: multi-cloud requires more investment and more effort in operation. It needs more principal competence and the will to keep resources for crisis situations, even if everything runs well for years.
The copyright of this article is held by www.cloudahead.de and can be found at the following link: https://www.cloudahead.de/digitale-souveraenitaet-durch-multi-cloud.
Slight changes have been made in some places compared to the original text.