Apr. 5 2023 Apr. 7 2023
Forum International de la Cybersécurité (FIC)
Public cloud computing is driving the digital transformation. With an adoption rate of just 40% in Europe, the market potential for providers and productivity gains for end clients are colossal. However, the choice cannot simply come down to functional and financial criteria since this choice constitutes a long-term commitment.
To simplify, public cloud computing means that organisations are “using someone else’s computer”, trusting them not only with a part of their data assets but also their most strategic business processes. Therefore, cybersecurity and trust—or lack thereof—are essential. While cybersecurity can be assessed, measured, and compared, trust relies on a much more subjective appreciation that can rarely be covered by a contract. As a result, we are usually forced to trust “by default”.
These two aspects entail multiple risks. Although the resource pooling that cloud computing allows is an advantage in terms of cybersecurity, the concentration of data also constitutes a weakness in terms of resilience: for example, an attack on a hypervisor can create a systemic risk. On a strategic level, the dependency, or even “lock-in”, that some contracts create can also weaken organisations and ultimately disrupt traditional value chains. Finally, trust is being strained by the increasing number of laws with extraterritorial reach, especially given the tense geopolitical environment. With 70% of Europe’s data being stored and processed outside the continent, mainly by American hyperscalers, the threat of it being held hostage by international tensions is a possibility that seems increasingly realistic.
To cope with these threats and reap the benefits of the cloud computing revolution, Europe can no longer put up with this situation of extreme dependency. Especially since the continent has a great number of strengths, such as successful, innovative market players, powerful traditional industries, and significant market potential. All levers, whether technical, organisational, legal or political, must be mobilised to strengthen cybersecurity and create trust.