The German corporate landscape is generally regarded as a “late adopter” of the public cloud. Without a doubt, this is one reason why there is such a loud call for sovereign cloud offerings in this country. However, the negative conception concerning German companies is only partially valid, because there are numerous startups, medium-sized companies and corporations that are already successfully in productive operation in the public cloud and with “cloud native.”
Cloud native and sovereign clouds are partly at odds with each other. While cloud native focuses first and foremost on maximum agility and speed, sovereign clouds primarily promote control and data sovereignty.
The cloud native community in Germany is steadily growing on the provider and user side. Alliances, such as the EuroCloud Native Initiative, are shaping the discussions and attempting to harness the regional needs and opportunities of the cloud.
But can cloud native and sovereign clouds possibly co-exist? And how strict does the separation between cloud native and sovereign infrastructures have to be?
Maximilian Hille: From your perspective, what do “cloud native” and “sovereign clouds” mean?
Dr. Nils Kaufmann: What these two areas have in common, of course, is that they both relate to infrastructure for business applications. However, I don’t just consider the technical component, but also think about the business behind both areas.
Cloud native is about much more than what is provided by the “Cloud Native Computing Foundation” in terms of tools and process models. While I personally look first and foremost at the areas of application, I naturally also look at the service providers via the EuroCloud Native Initiative. And these are primarily in the area of highly agile platforms and services, such as online shops.
In addition, sovereign clouds exist for two main reasons: for very specific application areas of individual industries, and for emotional reasons. As such, sovereignty also covers a wide range of possibilities. It is used predominantly for highly sensitive applications, such as in hospitals: Here, we are dealing with very specific data that must, of course, never be allowed to be transferred outside of Germany or Europe.
In many industries, such as automotive or e-commerce, I haven’t noticed any serious discussions about sovereign clouds for at least five years.
Hille: Can you classify the difference between the two paradigms? Is it really so black and white?
Dr. Kaufmann: Cloud native and sovereign clouds are difficult to precisely harmonize. But from my point of view, they don’t have to be directly interconnected.
On the one hand, I look at the areas of application. For cloud native in particular, it’s all about new value chains. Communication with the Internet is particularly important here. So is access to managed services from public cloud providers. It’s all about fast loading times, high-availability services, and integration capabilities with other Internet-based applications. For most workloads, the primary concern is not data sovereignty and security per se.
In application areas such as those of public authorities or the healthcare sector in particular, we find a largely closed system. Here, the priority does not come down to either speed or the trendiest services for a truly novel user experience; rather, it is about the players having full control over their data and about having the infrastructure to be as resilient and independent as possible.
On the other hand, it is also somewhat of a historical or a generational question. For a good ten years, namely since around 2012, the public cloud has played a leading role in Germany thanks to Amazon Web Services. At that time, the competitors were not so much Microsoft, Google or IBM, but rather Hetzner and the like – in other words, the hosters. As I recall, with my company at the time I was the second AWS partner in Europe.
The first deployment scenarios also raised the question of what happens to the data in this public cloud and where it is located. AWS therefore responded in 2014 with the first region in Germany. This was more than sufficient, especially for the agile application areas.
Today – and this brings me to the generational question – there are the companies and CIOs that can no longer exist without the public cloud. Other, more conservative companies tend to have an IT department to this day where none of their ERP systems have ever laid eyes on the Internet. The pressure is different there. But since their data centers are also highly insecure and have a number of construction sites, they too have to look for alternatives. Regional offerings, with the bonus of sovereignty, are certainly attractive here as well.
Hille: What is currently being done to make it easier for latecomers to enter the cloud world?
Dr. Kaufmann: The approaches of the German Federal Ministry of Economics and Technology or Gaia-X are particularly important examples of sovereign clouds, as I see it. They are trying to dispel the fact that data protection regulations à la GDPR – which have primarily only hindered digitalization but brought no real benefit – can be used as an argument against the cloud.
Gaia-X in particular is clearly a framework, not a cloud offering in its own right. After all, it would be pointless to copy a public cloud provider infrastructure and make it sovereign. Rather, it is about creating a membrane that providers can use.
All of the offerings that are Gaia-X compliant thereby eliminate arguments such as, “I’ve got one foot in jail if I use these cloud offerings.”
It is therefore the framework to which providers and users adhere – with a high level of political interest, but also with tangible arguments for the procrastinating companies and organizations.
Hille: In addition to the GDPR per se, there are also limitations imposed by the likes of Schrems II or Schrems III, which implies a legal constraint and less of a vested interest. Is that not a risk for cloud native users?
Dr. Kaufmann: We are no longer talking about a small splinter group of cloud native users. It is primarily the listed companies that are now investing 7-digit Euro sums for cloud consumption. Companies from the automotive and financial sectors are at the forefront. In addition to VW, Mercedes or Commerzbank, organizations such as the Bavarian Insurance Chamber are already among the heavy cloud users.
It goes without saying that they will ultimately have to comply with a legal ruling, but how can a radical ban be implemented in practice? It is not possible to simply prohibit these dimensions, especially in the case of internationally active companies, nor is it possible to create a two-tier system of rights – implying that the SME from the city of Heilbronn is not allowed to use a public cloud, but VW can.
Given the current rate of progress, we can no longer turn back the clock. What I would like to see, however, is a much greater presence of these topics. On the one hand, this means that the public clouds should include components for more data sovereignty and that competing offers such as IONOS, Plusserver and the like should also become more relevant and become a real alternative. After all, companies do not need a managed extra service for everything.
Ultimately, however, legislation will have to adapt to reality and not vice versa. But that is how it has always been.
Hille: But does that mean that companies don’t have to adapt in any respect to the legislative reality?
Dr. Kaufmann: Yes, of course they have to ensure that data protection is guaranteed and ultimately comply with legally binding rulings and laws. But to what extent is this really within the power of the companies?
Let’s once again take the example of Gaia-X. Many were surprised that the hyperscalers AWS, Microsoft and Google are also on board there. But that’s really what it’s all about: that these basic tenets of data sovereignty and interoperability are being guaranteed. That’s why the hyperscalers are also accordingly adapting their services along these lines or developing new, compliant services for the companies.
This shows that a structured and strong approach allows even the most powerful providers to be steered in new directions.
But we also shouldn’t expect knee-jerk reactions from hyperscalers, regardless of the fact that political pressure is always very legislature-bound and can therefore cause fluctuations in both German and European power.
Hille: Do you believe in a cloud mix of sovereign and open components?
Dr. Kaufmann: For me, that’s more or less a rhetorical question. Of course, you need a mix. It depends a lot on the maturity of the company and the question of whether they can afford to deal with multiple cloud platforms and their management. That primarily comes down to the personnel and knowledge building, not to mention economic issues.
From a certain size upwards, I have a lot of confidence in the company. With more options in terms of underlying infrastructure, companies can be more variable, secure and digitally successful.
Next up, the following applies: The workload determines the platform.
Applications that are highly dynamic, especially customer-centric applications or all those that have a dependency on the Internet, go to the external public cloud to obtain low latencies – and because there is no way one would run its own data center elsewhere.
Accounting, ERP, and the company’s own intellectual property are then more likely to be located internally, i.e., in a sovereign area which no one can access.
Hille: But do I also have data gravitas, or must I at least be able to ensure that internal systems can also communicate with the external ones and exchange data?
Dr. Kaufmann: That’s correct and it must also be taken care of. Whoever is seeking sovereignty to the ultimate standpoint would also have to accept massive restrictions.
Even today, there is still a sharp division between business and IT, also in terms of budgets. This is a traditional mindset which some have already outgrown, meaning they are less dependent on sovereignty.
However, we must also note that we are still at a relatively early stage of the cloud journey. One year of development still feels like seven. Since we have only been serious about the public cloud since 2014/15, there is still a lot to be done here.
We still need to grant time to developments, despite their high importance in everyday business life, and to await the coming generations. The next generation of IT managers will be those who are now around 40 years old. This will bring a breath of fresh air to the IT infrastructure.
From a technical point of view, it will become increasingly feasible to depict and secure interfaces. Above all, the current very outdated internal APIs will be revamped. And, over time, experienced cloud native teams will be formed in the companies, which will take Kubernetes and Serverless for granted.
So, the worlds will align with each other.
Hille: What does something like this look like in real terms?
Dr. Kaufmann: One application scenario, for example, might be the Port of Hamburg, which wants to build a completely new data platform. Here, we are talking about high technical demands and integration requirements, but also about data that is sensitive in some cases.
This data, which requires special protection, does not have to be stored in the public cloud. At the same time, however, it can be transferred in encrypted form and analyzed with the tools of the public cloud. This shows that this co-existence is technically feasible.
Another example is a global market leader for gas valves. This has been producing valves for over 100 years, which are used above all in the industry.
Theoretically, this is therefore a provider that can be the first to know the level of gas cylinders. This offers numerous digital use cases for prediction, automatic orders or tracking. For this, one would need many native IoT services and microservices to provide and monetize this data. But here, too, one does not need clear data in the public cloud but can transfer it in encrypted form from the private cloud.
Hille: How will this affect the provider landscape?
Dr. Kaufmann: Former hosters and regional providers such as IONOS, Plusserver, Boreus or Continum will continue to beef up their data centers and have really secure offerings at the cutting edge of technology. Good partners are needed here to pave the way for companies to access these infrastructures.
At the same time, the Wild West times are over for hyperscalers. AWS, Azure, Google and the likes must adapt and also adjust their offerings to multi-cloud deployments with such providers and service providers.
For companies, the cloud offerings will then move even closer in their direction: whether they want to outsource their own data center, are a CRITIS customer, or simply want to have a regional and more sovereign part of their infrastructure.
Hille: What level of cloud native do companies really need?
Dr. Kaufmann: The technology world has strongly evolved. Given the relevance of software in companies, there is also a need for increasingly accurate tracking, while many new use cases have also emerged. In order to harness these opportunities, companies very quickly gravitate to the specialist service providers who have cloud native in their veins.
Particularly when it comes to verticality in the use cases, classic providers and hosters were for a long time not in a position to offer anything like this. It was simply not needed for their business. Horizontal scalability was also always considered “out of scope.”
In the meantime, however, companies need higher standards when it comes to their IT infrastructure. In most cases, their own IT cannot provide that. And, in general, the purpose of companies is usually not IT operations, which is just a means to an end.
Nevertheless, many companies underestimate the delivery capability of these specialized service providers and still end up with their system house or system integrator for the 100th time.
However, these have missed the opportunity to work in a timely manner on their offering and attractiveness. If the hosters had been more innovative earlier, at a time before the real pain kicked in, many companies would not have senselessly lost too much money in the public cloud and would have been able to depict their use cases there as well. Which means the Americans first had to shake up the market to get on the good path of today.
Hille: Let’s also touch base on the EuroCloud Native Initiative. As an association, what are your goals, and who do you represent towards which parties?
Dr. Kaufmann: Our members are by definition highly specialized experts who do not maintain infrastructure themselves, but who provide their services on cloud platforms. Our main goals are to: 1) draw attention to these true cloud natives from both the customer and media side; 2) demonstrate the reliable delivery capabilities of these mostly young companies; and 3) support collaborations with our alliance partners.
For a long time, these providers were not perceived and taken seriously, so we want to draw attention to these providers and thus also show German SMEs alternatives and opportunities.
What is also important to us, however, is to make sound recommendations. Companies should not pack the old into a new platform. In this way, we are also creating solidarity between service providers with a strong presence and cloud native specialists.
For us, this is a cooperative exchange at an equal footing.
Hille: Do service providers have an interest in promoting sovereignty?
Dr. Kaufmann: To be honest, many cloud native boutiques that we have in the association are relatively apathetic when it comes to sovereignty. They are not against it, of course, and are certainly not actively against it. But for them, the use cases play the biggest role.
Many of them have a very clear focus, which is normal when it comes to particularly complex topics like Big Data, cloud security and the like. If you want to completely get to the bottom of such a topic, you already need at least 25 to 30 people with a crystal-clear focus.
At the same time, these companies are still very dependent on sponsoring and close cooperation with the hyperscalers. They naturally want to see their proprietary portfolio being represented.
In this context, the classic service providers can better tap into a legacy of fear. With sovereignty and the ideal world of a German sovereign cloud, they create an attractive comfort zone that has little to do with technology and facts, but more to do with an obvious way out.
The better story would rather be that all use cases that have no advantage from cloud native services should also be built directly on a sovereign basis, so that there is no gray area and even the smallest residual risk is eliminated.
Hille: As an association, do you also succeed in representing the interests of politicians and hyperscalers?
Dr. Kaufmann: We are still very much in startup mode. Much of the work is done completely on a voluntary basis. That’s why we pay more attention to enabling exchange with one another and finding ways to work together. This also includes joint ideas for market development, sales, logistics and implementation.
In 2023, we want to devote more attention to cooperation with industry associations. Our umbrella organization EuroCloud is probably more fitting for actual political discussions.
Hille: As a final note, can you give us your assessment for the future of cloud native and sovereignty?
Dr. Kaufmann: The most important aspect will be knowledge building. From the outset, we’ve been training administrators and application developers. Especially now, when a lot is happening at the software level, this is even more important.
More and more, we see that there will be an abstraction of platforms. Project success is therefore determined at the software level and no longer in terms of infrastructure.
So, you need the right people and skills in your company, which increasingly involves developers and fewer administrators.
It will be crucial to harmonize this with sovereignty. That means enabling interoperability with other clouds so that data physically remains with the sovereign providers but is processed in the public cloud.
What will not happen, however, is that cloud native tools will be offered on a large scale by German providers. Instead, providers should look at making the services of the hyperscalers usable and at the same time placing their own sovereign infrastructure as the basis for value-added managed services.
Dr. Kaufmann, thank you very much for the interview.
Dr. Nils Kaufmann is Chief Market Development DACH at Imprivata Inc., founder of the EuroCloud Native Initiative and co-author of the GAIA-X Technical Architecture Paper on behalf of the BMWi. Most recently, he was Group COO and Board Member of the Release42 Group, co-founder of cloudbuddies and for many years in the management of leading managed service providers.
Maximilian Hille is an analyst and contributor at cloud ahead. With more than 10 years of experience as a consultant and expert in the cloud computing market, Maximilian provides advice to SMEs and corporations on the cloud & digitalisation strategy and on architecture issues concerning individual platform & software landscapes.
Please note: The opinions expressed in Industry Insights published by dotmagazine are the author’s or interview partner’s own and do not necessarily reflect the view of the publisher, eco – Association of the Internet Industry.