GAIA-X is a new attempt by European companies to create an independent, secure cloud – and thus a platform that combines independence and data protection with the leading-edge approaches of hyperscalers from America and Asia. Is this realistic in the context of many failed projects such as Deutschland Cloud, Digitaler Personalausweis and endless digitization projects in public administration? What can IT experts and business expect?
Many ideas that fall victim to discussions and problems in their realization are initially very good: This is where the story of GAIA-X begins, a prestigious project at European level that was presented to the public in 2019. Its goal: independence from US hyperscalers like AWS, Google, Azure. Or in short: a Europe cloud.
So, a few years ago, it started. It was a time without Corona at all, when digital was not yet mandatory, but a feature. People had time, and even landmark data protection rulings like Schrems-II were dreams of the future. The large corporations such as Microsoft, Google and Amazon dominated the public cloud business even then – many CIOs shouted “Cloud First!” loudly and wanted to fill their often sluggish IT structures with kerosene. It is important to understand that in many companies, it takes between 6 and 12 months to deploy systems – a time that is perceived as completely unreasonable in the cloud age.
Cloud First: Solution or Curse?
But with these strategies, which are often referred to as trails and speedboats, came dependency: once you have migrated half the company to AWS or Azure, you have to make friends with the providers’ specifications and take what you are given. You had a completely customized setup in the U.S., so to speak, and you knew that this was more likely to be a long-term relationship.
In the Corona year 2020, with the sensational “Schrems-II” ruling, the first moment came when this dependency became critical within one day: The ECJ ruled that privacy compliance guarantees from U.S. providers did not meet European standards. Suddenly, everyone was startled: Legal and compliance, data protection and IT officers, board members and CEOs. The conclusion was: our contracts with cloud providers based on the EU-US Privacy Shield are no longer valid, we need more security – an issue that has not been completely resolved to this day. But is it even possible to have a cloud without the major US corporations?
GAIA-X as the savior of European standards
GAIA-X is supposed to be a European cloud, a declaration of independence. But it is still in the definition phase, is gaining more and more supporters as an initiative, and at the same time is being ridiculed all the more as unworldly and unrealistic. What is the truth behind the ideas, what concerns are there, and why are certain perspectives actually completely unenlightened?
1. GAIA-X as a European solution
An independent cloud, secure European networking and standards you can rely on – the approach is good, but Europe is small. Let’s take an automotive company as an example. The automobile built in Germany or Europe has long been a discontinued model. At least in terms of growth, at least two-thirds of investments are made outside Europe – where markets are not oversaturated and the next generation of buyers is not tired of cars.
This means that much of the data processing is taking place internationally, in China, Russia and the USA. In Asia in particular, data transfers out of the country are not welcome, the Chinese wall has long been digital, and a desire for European independence seems ideological, but not in line with the reality of business. It is not even necessary to list the insufficiently potent German Internet as an argument for this: If U.S. providers and EU data protection are already incompatible because the access rights of authorities and intelligence services to be granted by U.S. law do not match the ideas of EU data protection officers – where is the advantage of an EU-compliant, non-global solution for the international corporate economy?
While the compliance scene is eagerly awaiting a new edition of the EU-US Privacy Shield and thus legal certainty in international data transfer, this would simply be counterproductive. After all, it’s not really Europe’s turn to take the next step here – within its own single market, it virtually set the international benchmark in terms of data protection in 2016. Even if the EU GDPR is not very popular in its own countries, especially since the end of the transition period in 2018.
2. GAIA-X from an operational perspective
IT, that means servers, data centers, computers at workstations in offices and production lines, fast wired network, secure wifi, and high availability of storage and databases. Real, hard operational information technology that you can touch and always need, despite the cloud. Where it really comes down to the nitty gritty, there is little outside of a company’s own data center, even among large corporations. The status of the Internet expansion alone sets clear limits: Because if the multi-billion spare parts business or the production systems of an automotive OEM are not available due to the inadequate line capacities of the German Internet in international terms, the red phone rings at the board of directors. This is not about savings or rapid commissioning, but exclusively about risk reduction: downtimes of just a few minutes can lead to losses in the millions.
And on the operational side of data center managers and IT directors, it’s also clear: running it yourself can be cheaper than the often unexpected invoice amounts from Amazon and Microsoft. At the same time, public cloud features are in most cases derived from the leading technologies of the private and hybrid cloud stacks – a market where mostly unknown top dogs like VMware have been setting the tone for more than 10 years. Their products include functionalities that often go far beyond what the hyperscaling cloud vendors everyone knows are touting. So, in purely technological terms, it’s all there already. GAIA-X’s advantage thus fades in the context of considering mature, leading-edge technologies in the data center space and becomes literally invisible under the shadow of nationwide Internet quality. Does one simply want to replicate something for the sake of principle instead of always being a customer abroad? You could start with EU-manufactured servers and storage solutions. Without them, nothing really works.
3. GAIA-X and the economic reality
Nothing is free, and no corporation in the world invests without first running up a tab. GAIA-X seems to be more like youth research here: Because pretty much at the same time as the project was announced, the Microsoft and VW CEOs showed up as partners on the road to connected, autonomous driving mobility. Just a few weeks ago, this was reaffirmed in the context of the “Automated Driving Platform” theme. At the same time, both Volkswagen and Microsoft are members of GAIA-X. Would two corporations jointly build a platform for autonomous driving, and at the same time collaborate on an independent solution to their own advance? It seems unrealistic, even from an economic perspective. Nothing has struck me more in my time as a consultant to the big brands of the automotive world than the following fact: Europe is small, its markets manageable. We have no idea of the dimensions at play on other continents – I’ll never forget Brazil, Mexico and India, its incredibly large automotive plants, the vast quantities of sales and the speed with which opportunities are identified and implemented. Small egos, big deeds. We really can’t imagine it from a European perspective, without any exaggeration.
Conclusion: Where GAIA-X stands today
So what is GAIA-X when you look at its contents as a data center-savvy, internationally minded architecture expert and compliance professional? A dream? An illusion? No, GAIA-X is more of a creative space in which all those wishes that we did not dare to realize in the years from 2010 to 2015, and now regret, come up once again.
This reflection is good for us, because it shows us that we can learn from failures and that we always find ourselves having helped others to overtake us. Our European opportunity: to be the first community to stop thinking progress in terms of scaling and globalization and use its creative power to set standards that are better in detail – this can lead to a global rethink just like many other European advances. We have seen this clearly in the privacy movement of recent years. Even if these were perceived less positively in their home countries with names like DSGVO, as outside Europe: everyone looked to us in 2018, Europe was the privacy benchmark and many copied, adapted and changed.
So does GAIA-X have a chance, or no chance? I am writing this post on Easter Monday 2021 and completed my research with the latest news about the newest members: Alibaba, Palantir, Huawei. Exactly the giants, which one would like to stand up to, are now to build the house with? Whose principles were considered questionable and whose dependencies in the context of 5G were considered critical? I’m probably not the only one in the industry who can’t understand this. But let’s not be too hasty: reality will show. Even if everything once again looks as if a Swabian automaker wants to mess with Elon Musk. And we’ve never been as good at imitation as we are at construction, ideally on a white sheet of paper.
This is exactly what the initiative lacks: because the digital revolution has already happened, no IT’ler with deep technical experience that I know of has any serious interest in GAIA-X. And experience shows: Deutschland-Cloud, Bundes-Coin and broadband expansion also only made it as far as the headlines, but never into reality. And Alibaba, Palantir and Huawei know that very well.