Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
The European Commission goes ‘cloud first’: A roadmap towards trusted cloud adoption to seize the opportunities of digital transformation for EU institutions and agencies
Cyber Security: A Peer-Reviewed Journal,
3
(3),
220-232
(2020)
Abstract
Cloud computing is likely to be taken up extensively by governmental organisations in the coming years, including the European Commission (EC), Parliament, Council and other EU institutions (EUIs), as well as EU executive or decentralised agencies and other EU bodies.1 On 21st November, 2018, the EC adopted a digital strategy (ECDS) with the double objective to transform the Commission into a user-focused and data-driven organisation. Building on the conclusions of the Tallinn Digital Summit in September 2017, this strategy recognised the need for the public sector to seize the opportunities offered by digital technologies and to accelerate the completion of the digital single market. Realising that cloud computing is already transforming the way to deliver state-of-the-art public services globally, the EC ambitions to become a data-driven administration by 2022. Digital strategy aims at a broad adoption of cloud computing by 2022, working closely with other EUIs and member states. This objective is framed by a cloud strategy for the EC. The main purpose of this paper is to provide the readers with a detailed analysis of the approach to information technology security taken by the European Commission’s Directorate General for Informatics (DIGIT) under its cloud strategy and by other EUIs in their cloud adoption. The adoption of cloud computing by EUIs takes place against the dual background of increasing pressure to become digitally enabled and a reinforced regulatory framework on personal data protection and information security. A common approach to cloud consumption will enable common strategies for compliance with legal requirements. The adoption of cloud computing by the EUIs also unfolds within a highly structured public procurement framework. DIGIT is planning to work within this framework using dynamic procurement models, which will enable access to a fast-evolving cloud computing market. Building on the experience of the first cloud framework contract (Cloud I), DIGIT is coordinating the preparation of the Cloud II framework contract to enable access for EUIs to the global market of cloud providers from 2020. With DIGIT serving as a broker, we will explore the challenges and opportunities that the European Commission is facing on its digital transformation path. This paper explains some of the lessons that the EUIs have learned from cloud experiments, from 2014 on through the Cloud I.
Keywords: Cloud II; ITSRM2; GovSec; ISA2 programme; cloud certification schemes; European Commission Cloud Strategy; ICTAC; EU agencies; shared responsibility models
The full article is available to subscribers to the journal.
Author's Biography
Ken Ducatel is Director IT Security, DG DIGIT at the European Commission. Ken holds a PhD in economic geography from Bristol University and an MSc in transport policy from Cranfield University, UK. He has worked on information security policy for 35 years. Ken was a member of the Faculty of University of Manchester for 14 years. From 1997–2003 he worked at the European Commission’s Institute for Prospective Technological Studies in Seville, where he led the Institute’s flagship Futures Project. From 2004–14 he held a variety of posts within the Commission, culminating in his appointment in September 2014 as Chief Information Security Officer and subsequently Director of IT Security in DG DIGIT. In addition to this role, he has also been acting Director for Digital Business Solutions and acting Head of CERT-EU, the Computer Emergency Response Team for the EU institutions and agencies. Ken was appointed a member of the ENISA Management Board in November 2014.
Thomas Michlmayr is Head of Unit – Digital Workplace Engineering, DG DIGIT at the European Commission. Thomas studied Computer Science at the University of Salzburg. He has worked on IT Infrastructure-related topics for 25 years. Thomas joined the European Commission in 1999 and worked for DG ESTAT on IT infrastructure for the European Statistical System. In 2003 he moved to DG DIGIT and served as IT Infrastructure architect and team leader for the European Commission’s Central Data Centre, focused on streamlining operational processes and improving service delivery to customers. Since 2018 Thomas has focused on hybrid cloud service delivery in the data Centre and for the workplace. Thomas co-authored the European Commission Cloud Strategy of 2019.
Philippe Merle is Deputy Head of Unit – Cloud and Service Management Capabilities, DG DIGIT at the European Commission. Phillipe holds an MSc in IT engineering in real-time, network and distributed system from École nationale supérieure d’informatique et de mathématiques appliquées of Grenoble. From 2001–6 he worked for the firm Esker, based in Lyon, specialising in interoperability and document management products and early provider of SaaS services. From 2007 to 2013, he joined European Commission as project and service manager in DG CONNECT and DG DIGIT, supporting the research programmes funded by the EU. In 2013, he returned to the private sector as project manager for Synchrone Technologies and Amadeus. As of August 2014, he has been in charge of the technical aspects of cloud procurement for the EU institutions and cloud evangelist within the institutions.
Dalibor Baskovc is Cloud Security Program coordinator, DG DIGIT at the European Commission. Dalibor holds a BSc in electrical engineering from Ljubljana University. Dalibor has worked in the field of ICT for 36 years specialising in IT development. From 1984 to 2010, he worked for Slovenian Compulsory health insurance company, Central Securities Clearing Corporation, and National Telecom in the fields of IT system integration, outsourcing, cloud computing and security. From 2010 to 2016, he was Chairman of the EuroCloud Slovenia chapter, a non-profit organisation. From 2013 to 2016, he was Vice President of EuroCloud Europe, with responsibility for Startup and Innovation in EU. From 2011 to 2014 he coordinated the Slovenia cloud research and development project KC Class, one of the major projects in Europe at that time. In 2016, he joined the European Commission Directorate for Security, responsible for cloud security for the European Commission.
François Mestre is Head of Unit Information and Communication Technologies, European Centre for Disease Prevention and Control (ECDC). François holds an MSc in telecom engineering from Telecom Bretagne and a BA in law from the University of Paris I. He is also a PhD candidate in the Faculty of Law of the Autonomous University of Barcelona in the field of IT law. From 1997 to 2007, he worked at the French Treasury, Economic Forecast and Custom Department as regional IT manager for Europe and South America, followed by posts at the Autonomous University of Madrid and the European Chemicals Agency. In March 2019 he was appointed Chairperson of the Network of Heads of ICT of the European Agencies (Information and Communication Technologies Advisory Committee). This network promotes inter-agency cooperation on issues of common interest in the area of information and communication technologies (ICT).
