Groundbreaking project assesses public cloud for a more resilient Estonia

Cloud computing is increasingly inspiring organizations to rethink how they use IT to accomplish their goals. Around the world, we see cloud service adoption unlocking speed, scale, and economic benefits. Governments are taking note and following suit; Microsoft is helping them to use cloud services to create scalable, interactive citizen portals, collaborate more easily, deliver volumes of data to citizens all while reducing costs and ensuring the security, resilience and trustworthiness of the services they run in the cloud.

However, only rarely does a project come along that is as exciting and groundbreaking as the partnership we’ve recently had with the Estonian Chief Information Officer. In the process of this work, we evaluated public cloud services and assessed their role in meeting the needs of an advanced digital society and innovative government. The unique joint research project by Microsoft and the Estonian Ministry of Economic Affairs and Communications explored the possible implementation of a Virtual Data Embassy. A “data embassy” is a physical or virtual data center in “allied” foreign countries chosen by the government that stores data of critical government information systems and mirrors of critical service applications. In addition to examining domestic and international legal landscapes, the collaborative research project assessed two government services—the Estonian official legal records State Gazette and the President of Estonia’s website—and how they could both be migrated to, and hosted on, the Microsoft Azure cloud computing platform.

A number of interesting technical and policy questions were raised throughout the course of the research, which we are publishing today in a Summary Report. The report provides a detailed overview of the Estonian initiative, a summary of the technical, legal and policy research undertaken, and our findings throughout the research process. It concludes with eight recommendations that any government considering cloud computing is likely to find useful.

The joint research project established that the core concept of the data embassy is viable. However, technology represented the easy part of Estonia’s initiative. While online services today are robust enough to meet the volume and other needs of citizens’ digital interactions with governments, harder questions surfaced as we evaluated operational requirements to support effective migration to the public cloud and how states see sovereignty in today’s digital society. Certain laws or policies may need to be revised domestically or evolved internationally to ensure that cloud computing can support certain government functions.

I hope that more governments emulate Estonia’s groundbreaking and thoughtful approach to e-government, and consider how to best use cloud computing to bring services to their citizens. Governments must recognize the consequences of attacks on nation-state digital assets and how advances in technology can help ensure digital continuity. Finally, governments must be willing not only to recognize the inviolability of other governments’ digital assets, but also to work together to prevent attacks and to hold accountable those who commit them.

As originally published on the Cyber Trust blog.

Matt Thomlinson
Vice President, Microsoft Security

Matt Thomlinson is Vice President of Security at Microsoft and leads the Microsoft Security Engineering Center (MSEC), the Microsoft Security Response Center (MSRC) and Global Security Strategy & Diplomacy (GSSD) and internal Network Security (NetSec). His teams are responsible for proactively implementing training, tools and processes to improve the security of Microsoft products and services. As such, Matt is responsible for assessing the threat to, and assuring the security of, Microsoft products and services from their inception, development, and through their supported life.