Dutch government gears up toward commercial cloud services

On August 29, 2022, in a letter to the House of Representatives, State Secretary for Digitization Alexandra van Huffelen said that government agencies would be given maneuverability to use commercial cloud services. Until now, the Dutch central government was only allowed to use its own cloud services despite using Microsoft’s systems, including Office and Teams. In 2011, the government decided that commercial cloud services presented security risks outweighing the advantages.

The change of heart followed the shift instigated by the Covid-19 pandemic and major technological and security developments within public cloud services. According to Huffelen, increased service reliability, security, and faster response times to vulnerabilities have opened doors to public cloud utilization.

However, commercial cloud services will be subject to a few conditions, including a pre-deployment risk assessment. Commercial cloud services are also not permitted for state secret data storage or processing, nor are services to be purchased from suppliers (e.g., Huawei, Alibaba, Baidu) or those with an active cyber program unaligned with Dutch interests.

The new policy applied to all government agencies except for the Ministry of Defence, which will continue to operate in a private setting due to national security reasons.

By the end of 2022, government CIO Lourens J. Visser, jointly with ministerial CIO’s, will devise a guideline risk assessment to get the ball rolling. The Netherlands Court of Audit, the Central Government Audit Service, and the Dutch Data Protection Authority are responsible for compliance supervision and enforcement.

This is good news for hyperscalers (e.g., AWS, Azure, Google Cloud) seeking to sign new deals within the public sector and for trusted local cloud partners, including KPN, offering Azure and AWS services. The move by the Dutch government further shows that cloud has reached a level of maturity that is now applicable to various government-related use cases where security issues were of concern.

Share via ...