The Olvid messaging controversy in December highlighted the growing need for a trusted, SecNumCloud-qualified PaaS offering. Its imminent arrival on the market should help meet the security and innovation challenges facing the public sector.
With 24.21% of global cyber attacks targeting the public sector in 2022, the security of public service information systems is an absolute priority. The government has therefore taken steps to protect these organisations as effectively as possible.
The "cloud at the centre" doctrine has made it compulsory for public bodies to use the cloud for all new IT projects. The transition to the trusted cloud has become imperative for data that is protected by law and for data needed to carry out the essential missions of the State.
All IT systems and applications that process personal data must also comply with the GDPR. SecNumCloud-qualified clouds make it easier to comply.
A public landscape in the throes of transformation
Subject to the "cloud at the centre" doctrine and the arrival of the future NIS2 directive, public sector players are facing major transformation challenges for their information systems. According to the definition in the circular of May 31st, 2023, it is commonly estimated that 15 to 25% of government data is sensitive (see the box below) and needs to be hosted in a trusted cloud. However, SecNumCloud-qualified offerings are currently focused on infrastructure-as-a-service (IaaS), with products such as computing, storage, networking and backup that do not yet cover all application needs.
Can the emergence of a trusted platform-as-a-service (PaaS) offering, eagerly awaited by government IT departments and the ecosystem of software solution providers, help to meet the public sector's security and innovation challenges and accelerate its digital transformation?
According to the circular of May 31st, 2023 specifying the "cloud at the centre" doctrine, the following data are considered sensitive:
- Data relating to secrets protected by law, in particular under articles L.311-5 and L.311-6 of the Code of Relations between the Public and the Administration (for example, secrets relating to the deliberations of the Government and the authorities of the executive branch, national defence, the conduct of France's foreign policy, State security, proceedings before the courts or even the secrecy of private life, medical secrecy, business secrecy which includes the secrecy of processes, economic and financial information and commercial or industrial strategies);
- Data necessary for the performance of the essential tasks of the State, in particular the safeguarding of national security, the maintenance of public order and the protection of the health and life of individuals.
An asset for application modernisation
The Trusted PaaS combines the pooling of technical components with the security of the SecNumCloud qualification to provide an environment conducive to the development and execution of reliable and secure applications.
This is why ANSSI and DINUM are encouraging cloud providers to implement trusted PaaS services to modernise applications. This transition will make it possible to provide agility, manage infrastructure obsolescence and improve the service provided while reducing costs in the long term.
What's more, government publishers are increasingly demanding PaaS products such as containerisation and object storage. As a software publisher, relying on a trusted PaaS means securing a clear competitive advantage.
Significant operational gains
Managing a complete information system requires considerable human and material resources. In this context, trusted PaaS emerges as a swift and cost-effective solution through process automation, delivering significant operational gains to public sector stakeholders. Embracing industrialized practices speeds up the approach while upholding essential trust criteria.
By providing ready-to-use tools and services and automating complex tasks, PaaS solutions simplify the application development process and allow developers to focus more on the business code rather than the underlying infrastructure.
They can save time and effort by using managed PaaS services that automate complex tasks such as database management, automatic scaling and resource management. It also makes it easier to scale applications, enabling easy growth in terms of capacity and performance without the need for complex infrastructure management.
Finally, the development of a trusted PaaS solution can contribute to the creation of a robust application ecosystem by encouraging the construction and sharing of reusable components, thereby fostering innovation.
Environmental issues
Trusted PaaS helps to reduce energy consumption and the environmental footprint, bringing public sector players into line with the State's eco-responsible ambitions.
Resource factorisation is ensured through the consolidation of multiple services and technological components, thereby optimising consumption and mitigating the over-provisioning commonly observed in IaaS environments, where each user manages their own virtual machines. This factorisation leads to the optimisation of physical server utilisation, consequently reducing energy wastage associated with underutilised virtual machines.
Finally, PaaS solutions typically provide dynamic scaling mechanisms, automatically adjusting resources based on workload and minimising energy consumption during periods of low activity.
Trusted PaaS thus presents itself as an essential solution for public entities. Responding quickly and cost-effectively to a multitude of challenges, it offers an effective route to modernising the public sector.