Orange has announced it is partnering with Capgemini on the establishment of a new independent cloud platform called Bleu that will be based on Microsoft Azure.
The primary aim of the new venture is to meet the French state's recently unveiled "Cloud de Confiance" (cloud of trust) label for "enhanced data sovereignty" – that is, ensuring that data is subject to the laws and governance structures within France.
It follows the launch by the French government last week of its sovereign cloud policy, cloud au centre, and support for the state to migrate to cloud services.
Orange already has multiple cloud ventures under its belt, of course. For example, Orange Business Services (OBS) provides a global public cloud solution under Flexible Engine, based on Huawei Openstack distribution.
An Orange spokesperson said Orange Flexible Engine "remains a relevant cloud offer for many of our MNC customers and offers a robust solution particularly relevant for companies with operations in Asia or internationally."
Furthermore, the Group has joined the Microsoft Azure Networking Managed Service Provider (MSP) Program and formed partnerships with public cloud providers Google Cloud and Amazon Web Services, along with other cloud players.
Allez les Bleus
The proposed Bleu platform is being positioned somewhat differently from previous offerings.
It will be majority owned by Orange and Capgemini, although precise details on ownership have not yet been revealed.
"The important point to note," said the Orange spokesperson, "is that this is the first time that we have a sovereign cloud offer that includes access to a hyperscaler's offer, for example, for users to still be able to use programs like Microsoft Word or Excel, etc."
It is also being hailed as part of France's strategy to accelerate its adoption of all things digital, and follows previous efforts by France to take action against the might of US technology giants.
The key focus is to create a French cloud service provider that satisfies what Orange describes as "the unique needs of a specific set of organizations," including the French state, public administrations, hospitals and critical infrastructure companies.
The services that Bleu will provide should meet all the requirements necessary to receive the SecNumCloud label by France's National Agency for Information Systems Security (ANSSI), as well as legal requirements needed to confirm its status as a "Cloud de Confiance" operator.
Although the new platform will be based on the Microsoft Azure platform, all data centers will be in France and strictly separated from Microsoft's global data center infrastructure. In addition, Bleu will be entirely operated by its own staff in France.
According to the Orange spokesperson, the infrastructure will be "run by Bleu and be 100% French operated and owned, located in France where all the infrastructure will be built, which has to meet both the cloud au centre and SecNumCloud labels required by the French state and ANSSI."
Orange and Capgemini noted that Bleu could integrate complementary partners in the future, although without providing any details.
Bleu will also ultimately join the Gaia-X initiative, of which Orange and Capgemini are members. The cloud-computing "moonshot" project was established last year with the aim of establishing common standards for storing and processing data within Europe and thereby reducing the continent's dependence on the likes of Amazon and Microsoft for their cloud needs.
Orange and Capgemini said further details about Bleu will be disclosed in due course "following the finalization of agreements between the parties and the obtaining of the necessary authorizations from the relevant authorities of this project."
Despite the insistence that Bleu will be kept separate from Microsoft's global infrastructure, it is nevertheless somewhat ironic that Orange and Capgemini are still forced to rely on Azure for what will be a very French affair.
Indeed, this reliance on US public cloud providers is already causing problems for European Union institutions that have to comply with strict EU data protection law.
For example, on Thursday the European Data Protection Supervisor (EDPS) Wojciech Wiewiórowski launched two investigations, one regarding the use of cloud services provided by Amazon Web Services and Microsoft under Cloud II contracts by European Union institutions, bodies and agencies (EUIs); and one regarding the use of Microsoft Office 365 by the European Commission.
These investigations are part of the EDPS' strategy for EU institutions to comply with the "Schrems II" Judgement so that ongoing and future international transfers are carried out according to EU data protection law.
Wiewiórowski acknowledged that EUIs "are dependent on a limited number of large providers. With these investigations, the EDPS aims to help EUIs to improve their data protection compliance when negotiating contracts with their service provider," he said.
Schrems II is named after the Austrian privacy activist and lawyer Max Schrems, who seems to have made it his mission to take on the Internet giants. The Schrems II Judgement, in a nutshell, refers to the July 2020 ruling by Europe's highest court, the Court of Justice of the European Union, which struck down the Privacy Shield transatlantic data transfer scheme negotiated by the EU and US.
- Eurobites: France, Germany suit up for cloud 'moonshot'
- Is Huawei's Cloud Goal a Case of Castles in the Air?
— Anne Morris, contributing editor, special to Light Reading