It is necessary to better understand the security mechanisms to be put in place. In theory, the goal is to have secure data, managed according to the level of sensitivity, in practice, however, it is not fully understood how the Cybersecurity Agency will implement these principles. The Gaia X project has a specific purpose which is to create transparent and sovereign data infrastructures, that is, offering complete visibility of the characteristics of the services offered and their control. I do not see how any national cloud, that is, that manages our most precious data, can ignore offering these guarantees, but for the moment I have no confirmation of their existence in the choice set by the Government. In my opinion, the requirements of the tender or partnership should therefore emphasize compliance with three key words: transparency, sovereignty and interoperability of data.
How could Gaia X contribute?
Gaia X has a stated goal of enabling the creation of data-spaces (spaces where data from different actors, private or public, can be securely shared to create data-based services) through the creation of a secure, transparent European cloud infrastructure. , interoperable and sovereign that responds to common rules throughout Europe. The infrastructural layer of Gaia-X is therefore the most important project, not only in Europe, to concretely define how to achieve these elements of guarantee and should be taken as a reference. If the national strategic pole is responsible for collecting the country’s most important data, it must therefore meet the requirements of transparency and sovereignty through a model defined and shared by all the actors who will implement it. If not that of Gaia-X, what is the model through which to obtain these guarantees? Certainly a reference is needed and equally certainly it cannot be that of a specific supplier. I am sure, therefore, that Gaia X can be a constituent element of the solution.
Does this mean that the Big Americans could not contribute to the strategic pole?
Absolutely not, Gaia X is creating a layer that allows you to control all the services that are offered in the same way. It is a question of fairness and, again, of transparency. An Italian cloud provider, as well as an American one, can theoretically offer the services in a Gaia X key if they decide to expose them through a common description format. The second necessary element is the opening to inspection of the characteristics declared in this descriptor. The components that Gaia-X is developing will make it possible to read the characteristics of the service, verify their veracity and keep track of them in an immutable and incorruptible register. The characteristics can then be verified through labels that demonstrate the level of compliance without having to trust written statements and without having to inspect the technology from the inside. But, even beyond the Gaia X project, I reiterate that it is essential to refer to inspectable services, verifiable according to a common descriptor, guaranteeing interoperability for any cloud that can be defined as ‘sovereign’. The technologies that can be used at that point are all without exclusions. However, at the moment, none of the Hyperscaler technologies, based on closed and proprietary architectures, can offer this type of transparency and controllability. In conclusion, the national strategic pole is fundamentally based, in this first phase which will last five years, on the choice of a new infrastructural layer, a standard must therefore be found, which is that of Gaia X or others which, however, do not currently exist. .