Challenges for Public Services Moving to the Cloud

More and more new software products are developed natively for the cloud. Clearly, the cloud is becoming the new standard for various applications, services, and data management.

How is this impacting the digitalization of the public sector? Let’s take a brief, high-level look at the current situation.

The German public sector initiated various initiatives in alignment with a European program introduced by the European Commission in 2020. These initiatives aim to:

• Improve health care
• Create safer and cleaner transportation systems
• Generate new products and services
• Reduce the costs of public services
• Improve sustainability and energy efficiency

Let’s pick just two of those as examples. Healthcare is basically research that combines health insurance data with medical treatments. This requires computation of huge amounts of data from various sources. That makes it a showcase for cloud-based applications.

Public services can expect a reduction of costs almost as an essential, baked-in benefit of cloud solutions. By making costly on-premise data centers obsolete, public services would reduce their IT costs.

Real-life check

The points listed above describe the framework of the digitalization in the public sector. When we drill down, we must deal with even more challenges:

• Who decides on cloud initiatives?
• What are the limitations of a public institution?
• How can a digital initiative be successful considering the formal and organizational restrictions?

Decision-makers

In the public sector, financing is done by tax and legal fees fundings. Fiscal planning and allocation of budgets make digital projects possible.

At the very top, these decisions are made by the government and defined either as an act of legislation or as individual decisions (such as a digital health card or a mobile app tracking COVID-19 cases).

Limitations

There are several factors hindering cloud adoption in the public sector. These include concerns over data protection and cybersecurity, regulatory compliance, lack of in-house expertise, perceived lack of control over data, and the complexity of migrating to cloud services. Additionally, many public sector organizations are tied to legacy systems and struggle with integration, which can make it challenging to adopt cloud technology or even seem to prevent adoption entirely.

Services and IT architecture must consider certain legal obligations. The European government and its members follow a strategy documented in bills and regulations to deliver a certain value for its citizens. This is together with the aim of data protection and staying independent of any technology or service from outside the EU, specifically in Germany.

In consequence, whatever any public institution plans to implement, the service and the technology used must be in line with these laws and regulations.

For instance, all service resources delivering a project in Germany must work from a German location and must hold at least a European citizenship. IT hardware and software resources must be hosted in Germany. This includes any administration activities, too. Integration of any system not within these boundaries isn’t allowed.

In Germany, security concepts (such as data protection, system communication, and integration) must be approved by the Bundesamt für Sicherheit und Informationstechnik (BSI).

On top of that, any project must follow a call-for-tender process at European level, which slows down the vendor selection.

Making digital innovations successful

As stated above, an innovative, digital project either needs to be launched by the decision-makers at the very top – yes, we mean at the minister level – or just one level down. For a local project, the mayor or similar legislator would make this decision. If a decision is made at the higher level, then projects or subprojects are usually defined at a lower level (such as by a government entity).

One way to accelerate contracting is a frame contract. A frame contract allows preselected vendors to deliver a project on a short notice. In fact, this is a preferred option of both public services organizations and vendors.

The regulations on IT architecture and technology are an immense burden. In the very near future, practically all digitation technologies will become cloud based. When we talk about cloud solutions, we mean hyperscalers.

Leading hyperscalers do have a common problem: none of them are European or even German infrastructure providers. Their technology is developed and operated from the United States and other locations around the globe.

This is clearly a dilemma for the public sector. On one hand, we have a high demand for digitalization in Germany. On the other hand, regulations and laws block digital innovations.

A way out of this dilemma could be the so-called “sovereign cloud.” Sovereign in this context means control over the cloud hardware infrastructure, software, data, and administration by the government or public institution.

In recent years, multiple providers of sovereign clouds entered the market. They usually certified according to DSGVO and all related ISO certifications. The infrastructure would be OpenStack, avoiding vendor lock-in since it’s open source (or, not owned or supported by a software company).

This kind of offer seems to be “the” solution for the public sector. But downsides must be considered as well, such as:

• Computing and storage capacity of sovereign cloud providers
• The fact that solutions running on OpenStack are probably delivered by globally operating companies
• Need for experience and service capacity to deliver complete projects or seamlessly work together with the public sector and individual project partners
• Data center hardware not being delivered from a European or German manufacturer
• Options of hybrid cloud architectures and private cloud scenarios

SAP products and services

SAP has a long history providing solutions and services for the public sector. The portfolio includes services and solutions adopted for the public services sector as well as dedicated solutions (such as public sector budget planning, policy portfolio management, and others).

So far, these services and solutions have been installed primarily for on-premise environments. Since new software and technology is cloud based, moving into the sovereign cloud becomes a necessity.

• Cloud solution platform

Any digital service including managing data must fulfill legal regulations supervised by the BSI (see above).

SAP established Delos Cloud to offer solutions to help address these challenges faced by the public sector in moving to the cloud. Regarding data protection and cybersecurity, SAP has implemented various measures to help ensure data privacy, such as compliance with GDPR, and offers businesses cloud services that are certified according to local regulations and standards. SAP also provides cloud services and applications that are optimized for specific industries, including public services, that are designed to meet regulatory compliance requirements.

• Solution expertise

Like any other new technology, the cloud requires new skills and expertise in an organization for a successful transformation.

To address the lack of in-house expertise, SAP offers training programs and resources that can help public sector organizations build up their knowledge and skills in cloud architecture and innovation. For example, SAP offers learning journeys and certifications that cover cloud topics such as cloud administration, platform development, and integration.

• Perceived lack of control over data

Many organizations struggle with the idea of moving data into an abstract method of storage called “the cloud.” On top of the need for a change in mindset, legal regulations in the public sector require the strict storage of data within the physical boundaries of Europe or even the territory of the individual European state. This includes data processing and access. This can only be fulfilled by local or European cloud services (such as sovereign cloud).

To help public sector organizations gain control over their data in the cloud, SAP offers sovereign cloud platforms such as Delos Cloud, which is designed to meet strict requirements for data residency, privacy, and security. These platforms are located within the physical boundaries of Europe or individual European states and comply with local regulations and standards for data privacy and cybersecurity.

• Complexity of migrating to cloud services; tied to legacy systems and struggle with integration

Public or private sector, this is a classic challenge when it comes to transformation of legacy systems onto a new platform or even replacing a highly customized solution to a standard solution.

SAP provides tools and services to help public sector organizations migrate and integrate legacy systems onto the cloud. For instance, SAP offers prebuilt integration scenarios that enable organizations to connect their on-premise systems to the cloud with minimal risk and disruption.

• Lock-in effect and vendor-lock

Vendor lock-in is a concern for both private and public sector organizations that rely heavily on a particular cloud service provider. It is a situation in which businesses become overly dependent on a provider’s services and technology, making it difficult for them to switch to another provider without incurring high costs, significant disruption, or loss of functionality.

In the public sector, vendor lock-in can occur when a government agency adopts cloud services provided exclusively by a single vendor without considering the full implications of their decision. If the agency becomes too dependent on the provider and invests heavily in customizing their services, it can be difficult for them to switch to another provider.

To avoid this, intuitions can:

• Adopt open standards: Adopting open standards can enable agencies to switch between cloud providers without significant disruption or loss of functionality.
• Embrace multi-cloud services: Investing in multi-cloud services can provide government agencies with access to a broader range of services, reduce dependencies on a single provider, and mitigate the risk of vendor lock-in.
• Choose short-term and flexible contracts: Government agencies can choose short-term and flexible contracts to help ensure that they can switch providers quickly and save costs.
• Conduct thorough due diligence: Government agencies can conduct thorough due diligence before adopting a cloud provider’s services or technology. They should evaluate the provider’s technology, reliability, as well as any potential risks.

In conclusion, while cloud adoption in the public sector has been slow, cloud providers such as Delos Cloud, founded by SAP, are offering solutions that can help public sector organizations overcome various challenges. These challenges include compliance with regulations, lack of in-house expertise, perceived lack of control over data, complexity of migration, and integration with legacy systems. By using cloud-based solutions, public sector organizations can take advantage of the technology’s scalability, cost savings, and innovation potential.