Planned cloud migration of government data halted due to security concerns
Digitalization State Secretary Zsolt Szabó has temporarily halted a planned cloud migration of data by governmental services and organizations, the Volkskrant reported on Monday.
The decision follows a request from Member of Parliament Barbara Kathmann (GroenLinks-PvdA), who asked to halt the cloud migration until a debate has been held on the subject. According to Kathmann, data is now being transferred to cloud services blindly, and considering the importance of the data, Parliament should discuss which information should and should not be in the cloud.
Cloud migration
So far, the ongoing cloud migration has not been flawless. Considering that ministries are responsible for their own IT management – which includes choices about migrations to cloud services – there is a limited overview of the cloud migration, and the transition of many government services to the cloud largely took place without central coordination and supervision.
Security concerns
Concerns about the cloud migration arose earlier this year, when experts pointed out significant risks in evaluation reports. The concerns focused on the fact that the government is increasingly using services from a number of American cloud providers, mainly Microsoft, Amazon and Google. This concentration entails risks, such as increased dependency on these companies and vulnerability in the event of disruptions or security incidents.
The use of American cloud services can also limit the Dutch government's control over its data, critics worry, pointing out the risk that sensitive information does not fall under Dutch or European regulations, but under American legislation, which can affect the protection of data and privacy.
Concerns have also been raised about continuity and exit strategies. Reliance on a few major cloud providers leaves the Dutch government vulnerable in cases where a rapid switch to a different supplier becomes necessary. Additionally, the absence of standardized exit strategies could disrupt essential government operations. Critics further highlight that the use of advanced technologies like AI and quantum computing - often provided by these large cloud companies - deepens this dependency and introduces uncertain security and privacy risks.
Following the concerns, Szabó stated that revision proposals will be drawn up before the end of 2024 in a letter to Parliament.
Debate
However, all government services and organizations will now have to stop transferring their data to the cloud for at least until after the Christmas recess, when a debate will take place. Considering the political changes in the United States at that point, the discussion will be even more relevant - and the stakes even higher.