Introduction HRI research topics by researchers
Takeshi Matsumoto,
Deputy General Manager
In the major countries/regions of the world, including the US, the UK, the EU, and Japan, government agencies start introducing cloud services for their information systems (hereinafter referred to as “Government Cloud”). Government Cloud is expected to provide advantages and effects that on-premises systems (hereinafter referred to as “On-Premises”) could not provide.*1 Because some functions of Government Cloud are commonly used by multiple government agencies, Government Cloud realizes such lower costs, greater ease of deployment, and better scalability. On the other hand, there are raising concerns about risks when it comes to data protection. Important data, such as personal/corporations data and operational data of essential infrastructure, are stored in cloud servers outside of government offices. To have both the cloud services’ merits and data protection, the EU start developing Government Cloud in combination of public/private cloud platforms and On-Premises. Hitachi Research Institute has been conducting Government Cloud research with particular focus on the EU and its member state of Germany. The research considers that decentralization/linkage of servers/data are the key to unravel the background, purpose and formats of Government Cloud. Also, to prevent the unauthorized access, leakage and falsification of data, data protection is crucial when it comes to the linkage of decentralized data.
In May of 2019, the European Commission (the executive arm of the EU), adopted the ”European Commission Cloud Strategy”. This strategy encourages EU member states to move their government information systems to the cloud. At the same time, in principal it asks them to introduce “secure multi-hybrid cloud systems”, which require to involve “multiple” service vendors. This principle appears by several concerns of government authorities to the foreign public cloud vender.*2*3 Their concerns include (1) enforced access to data of the EU by the foreign government (the cloud service provider’s home country), (2) the leakage or falsification of personal information (names, dates of birth, addresses, social security numbers, income and tax payments, etc.), (3) the time and cost to collect data when cloud service contract terminates.*4 The EC is wary of these as a violation of the EU’s data sovereignty. To tackle this situation, the EC is promoting the use of cloud services operated through decentralization and linkage (Figure 1). In this mechanism, government agencies of EU member states use a combination of relatively small private cloud platforms (preferably made by EU companies) and On-Premises. Personal data would be stored in a “decentralized” manner within their respective systems. When the analysis require cross-agency data (e.g. analyses of income taxes, various benefits)., they create “data linkage” between the systems. For data sharing among government agencies, sufficient security controls is neccesary.
Source:Prepared by Hitachi Research Institute based on various documents, hearings, etc.
Figure 1: Cloud system architecture built by the EC
The German government is a pioneer to deploy cloud systems combined decentralization and linkage of data in the EU. Its government-only private cloud platform “Bundescloud” has been built and operated by the German government itself. This is used by several ministries, including the Federal Ministry of the Interior and Community, the Federal Ministry of Finance, the Federal Ministry of Health, and the Federal Ministry for Digital and Transport (Figure 2).*5 However, some of the federal ministries of Germany, such as the Federal Foreign Office, continue to use On-Premises. As such, they connect together Bundescloud and their On-Premises via a secure, government-only network. When required, they share data in between.
Source:Prepared by Hitachi Research Institute based on various documents, hearings, etc.
Figure 2 : An overview of cloud governance in Germany
Furthermore, the German government attempts to introduce non-EU companies’ cloud services, seeking advantages such as low cost and high-speed processing. Some assumptions are planning to be set for its data protection. Examples include (1) to place servers of non-EU companies in German data centers owned by German government agencies/companies and to operate by German government agencies/companies, (2) to implement the same data storage and middleware as Bundescloud, and (3) to virtualize data stored on non-EU companies’ cloud servers in data centers (real data being stored on Bundescloud). In this way, the German government is currently eyeing linkage between Bundescloud and non-EU companies’ cloud platforms based on the premise that data protection can be maintained. As described so far, through Bundescloud, the German government has realized the principle of a “secure multi-hybrid cloud system” as laid out by the EC.
Bundescloud is a private cloud platform, but it is categorised as On-Premises because the data center is located in a government agency. The German government refers to Bundescloud’s information system format as an “on-premises private cloud system”. It pursues the advantages offered by cloud services (such as the aggregation of network storage and the sharing of operating systems, middleware and administrative applications) as well as maintaining data protection by using an On-Premises. The German government also tightly control data exchange occurring amongst the various information systems on multi-hybrid cloud systems. For example, when the Federal Foreign Office issues a passport to an individual as an administrative practice, they assess to the individual’s basic information (data) on the Bundescloud. This data is stored by the Federal Ministry of the Interior and Community. Then, Federal Foreign Office copies and moves it to its On-Premises for processing. As described, when ministries share data which require high level of protection (e.g. personal information), it is important to use data control technologies to ensure a safe transfer. Such technologies include data encryption, access rights to virtual server and data with time duration settings, data access authentication, and management of duplicates, transfer, and deletion logs. The German government has outsourced the development of these technologies to a German middleware company and this has implemented them both for Bundescloud and for On-Premises (e.g., used by the Federal Foreign Office to issue passports). Furthermore, when cloud services are introduced by non-EU companies in the future (as mentioned above), it is expected that such data control middleware will be implemented.*6 for the relevant cloud platform to ensure secure data sharing with Bundescloud.
The Japanese government plans to develop a system for Government Cloud by the end of FY 2025 with the goal of providing and improving upon highly convenient government services. In October 2021, the Japanese government announced its adoption of a U.S. public cloud service for Government Cloud in Japan, but a Cabinet council changed its policy in December 2021. Subsequenly the Government announced to promote “the use of hybrid cloud systems in accordance with the level of confidentiality of the information.” For the further development of Government Cloud in Japan, it is crucial to consider how to ensure low costs, ease of installation, and good scalability alongside data protection. Hitachi Research Institute will continue the research on Government Clouds around the world and propose how that of Japan should be like.
Takeshi Matsumoto
Deputy General Manager, Hitachi Research Institute
His recent topics of research include digital technology / data policy, trade policy,
He worked at the International Business Division of Hitachi, Ltd. and the Economic Partnership Division of the Trade Policy Bureau at the Ministry of Economy, Trade and Industry. His recent topics of research include digital technology and data policy, trade policy, corporate regional strategies, and business resilience.