On 11 December 2020 the Federal Council approved the cloud strategy for the federal administration.(1) The new strategy entered into force on 1 January 2021.
As one of the main innovations, the new cloud strategy provides for the further use of public cloud services as a strategic extension of existing IT-sourcing options for the federal administration. Previously, the federal administration used public cloud services only in isolated cases. The new cloud strategy raises the use of public cloud services to the next level by providing a strategy for the structured, secure and efficient use of public clouds and combining their use with private clouds and further IT services. In its overall vision for 2025, the government seeks an optimal mix of public and private cloud services which will meet the requirements of:
- information security;
- data protection;
- confidentiality;
- efficiency;
- resilience;
- innovative strength; and
- functionality.
Once fully implemented, the federal administration will offer and use a combination of delivery models, depending on the specific use case and the data and information to be processed and stored (ie, internal managed services, private cloud, hybrid cloud, public cloud, multi-cloud, hybrid multi-cloud, community cloud and external managed services).
The new cloud strategy also considers the use of a 'Swiss Cloud' – a related initiative of the Federal Council to examine whether Switzerland should strive for its own cloud and data infrastructure with regard to data sovereignty and reduced dependency on international cloud providers. While the cloud strategy focuses on the federal administration, the Swiss Cloud initiative is geared towards the needs of the Swiss cantons, private economy and science.
According to the latest report on the Swiss Cloud, which was published on the same day as the cloud strategy,(2) there is no need for a Swiss Cloud in the form of an independent technical infrastructure provided by a Swiss public authority. However, there is strong support for a Swiss Cloud as a label for the secure use of cloud services that meet special data sovereignty requirements. Therefore, the government has commissioned further measures to:
- examine and determine a certification system for cloud services;
- investigate and clarify legal and regulatory issues regarding the use of cloud services;
- examine the international context – in particular, the inclusion of European initiatives such as GAIA-X – to develop the institutional basis for the use of shared cloud services for the public administration;
- examine the international and legal frameworks for ensuring the immunity of data of international organisations in Switzerland;
- engage in a dialogue with industries to provide support for the use of cloud services, taking into account the chances and risks involved; and
- clarify and specify the need for and further development of crisis-resistant services for operators of critical infrastructures.
Endnotes
(1) The press announcement and related documentation is available in German, French and Italian.
(2) The press announcement and related documentation is available in German, French and Italian.
