French Government has banned the use of Microsoft 365
In contrast to on-premise solutions, cloud services offer functions that facilitate, for example, document sharing or collaboration. On the other hand, they raise some concerns about data security and privacy.
Are cloud services secure?
France has been working on the security of cloud services for a long time. The new "Cloud in the Center" doctrine, introduced on September 15, 2021, requires the use of secure, abuse-protected solutions. With the new regulations, France is trying to protect itself from the cloud law in the USA.
The U.S. CLOUD Act from 2018 states that companies must disclose the required data from their servers by order. The law primarily applies both to U.S. companies and their customers outside of U.S.
Text American law:
A provider of electronic communication service or remote computing service shall comply with the obligations of this chapter to preserve, backup, or disclose the contents of a wire or electronic communication and any record or other information pertaining to a customer or subscriber within such provider’s possession, custody, or control, regardless of whether such communication, record, or other information is located within or outside of the United States.
Ban on cloud services in France
It was a direct reaction of French Government to American law (18 U.S. Code § 2713). Under the new "Cloud at the Center" doctrine, the French government has been banning ministries since October from using cloud service packages from Microsoft & Office 365. There are fears that Microsoft could possibly share information with the US government. The main concern is the disclosure of sensitive data concerning French citizens, French society and, in particular, public officials of the state. The US product Microsoft & Office 365 is in conflict with the above-mentioned Cloud doctrine, and it is for this reason that public officials are prohibited from using Office in SaaS model. Ministries may continue to use Microsoft software with appropriate applications (Word, Excel, Outlook, and more), but only as on-premise version.
European cloud
Independence from the cloud services of large giants from countries such as the USA or China is important for Europe. Europe does not have own cloud platform and relies on foreign suppliers in this regard.
Europe's data protection efforts have received support from France and Germany, which joined forces in October 2020 to launch the project Gaia-X. The aim of the project is to create a unified ecosystem of cloud and data services protected by European laws. Gaia-X aims to connect existing cloud services and facilitate the exchange of data between companies from different industries. At the same time, the project aims to reduce Europe's dependence on international cloud services, thus raising the profile of domestic cloud providers.
What are the alternatives to the cloud?
By using cloud services, you can get some extra features and benefits comparing to perpetual licenses. On the other hand, third parties may access your data. Therefore, each user must decide whether the possibility of using cloud tools through Microsoft servers is worth these risks.
An alternative could be a private cloud solution based on a corporate or home workgroup, which can be accessed via a VPN (virtual private network). In this case, the user is not directly depended on services provided by Microsoft or another provider. Licensing is based on permanent on-premise solution, which give entities independence from regular payments. The purchase takes place once, ie logically for a higher price than monthly subscription, but in combination with used software licenses, it is possible to achieve a return of investment in less than 12 months.
Another option, can be a so-called hybrid scenarios, which allows a combination of lower SaaS plans that can cover non-critical needs of the company, and combine with on-premise solutions.