GAIA-X, Europe’s attempt to reclaim cloud computing sovereignty against fast-growing hyperscalers from outside the continent, will need to prove that it is worthwhile in the next few months if it wants to avoid an embarrassing descent into irrelevance, according to a new report from analysis firm Forrester.
As AWS, Microsoft Azure and Google Cloud continue to expand the reach of their services, the European cloud project will have to show that it can provide more value to CIOs than the average infrastructure provider. If GAIA-X fails to do so by mid-2021, says the report, the initiative will be “dead on arrival” into the market.
Launched only last June, GAIA-X is an ambitious initiative led primarily by ministers from France and Germany, who are determined to create a cloud ecosystem protected by EU data laws. The idea is to create a marketplace of cloud services that any cloud supplier can join, provided that they stick to the rules – and in true European fashion, those rules focus on data protection and transparency.
At the heart of the project is interoperability. GAIA-X, through unified standards and certifications, aims to make it easier for users to securely exchange data across industries, by linking up different cloud services from European and non-European companies in a single system.
The push to build GAIA-X was largely motivated by a desire to reduce Europe’s dependence on foreign cloud providers. Forrester’s report shows that non-European hyperscalers control the majority of the market on the continent, with more than half of decision-makers using AWS, Microsoft Azure, IBM Cloud or Google Cloud.
Relying on cloud providers from across the Atlantic comes with some privacy concerns. One particular point of contention is the Clarifying Lawful Overseas Use of Data (CLOUD) Act, which allows US authorities to require access to the data hosted by US storage providers, even if that data is located overseas. In Europe, the birthplace of the GDPR, the CLOUD Act isn’t going down all that well.
The GAIA-X project was pitched by EU Commissioner Thierry Breton as a way “to take our destiny in our own hands”, and launched earlier this year with the aim of demonstrating usable capabilities by Q1 2021. The deadline is now nearing, but the project still doesn’t have much to show for itself.
“By this stage, if they were going to hit their timeframe for Q1 2021, you’d expect there to be a lot more finished definitions of technical standards and demonstrated use cases,” Forrester analyst Paul McKay, who authored the report, tells ZDNet. “For example, they outlined that there would be reliance on a cloud security certification scheme, and there haven’t been any details around that. Yet that is quite a key anchor thing.”
It’s not all doom and gloom. Since GAIA-X was first announced last year, more than 40 industry use cases have been submitted and 150 different companies, research institutes and associations are contributing to the initiative. GAIA-X counts 22 founding companies, such as Bosch, BMW, or EDF, which have openly praised the project’s focus on data transparency and sovereignty.
More importantly, GAIA-X seems to have found the right opportunity in the hosting space. Rather than competing against foreign hyperscalers, the European cloud is focusing on what Europe does well: standards for transparency and privacy.
Rather than creating a facsimile of AWS, Azure or Google Cloud, GAIA-X is designed for specific use cases that involve highly sensitive data: think regulated industries like healthcare, financial services, manufacturing, utilities or energy. Bosch, for example, is planning to use GAIA-X to exchange data with suppliers and partners about component performance.
In fact, US public cloud companies are not banned from the European project. As long as they commit to GAIA-X principles, Amazon, Google or Microsoft are welcome to sign up to the initiative. In other words, the European cloud should be seen as a hyper-secure complement to existing cloud providers, rather than a replacement for them.
“GAIA-X does not see itself as a direct competitor of the hyperscalers,” says McKay. “The use cases are very specific, and they align with the strengths that Europe has. Clearly, this is where the opportunity is.”
GAIA-X has real value to offer, therefore; but the project is not moving fast enough. The standards that are necessary for the initiative to function need to be formalized, and agreements are yet to be reached on implementation approaches.
Even once technicalities are signed off, GAIA-X will only succeed if the platform manages to convince CIOs that the European cloud platform is better qualified than competitors to handle sensitive workloads.
“The public cloud market is very fast-moving, and so are security dynamics,” says McKay. “If GAIA-X doesn’t deliver something that demonstrates value soon, it will risk starting to deliver services into the market after the market has already moved on. They need to be quicker to capture the opportunity in the market.”
The ingredients of success are straight-forward: for any hope of making a dent in the market share of hyperscalers, McKay recommends significant funding and a dedicated leadership.
For now, however, the analyst advises CIOs against replacing their existing cloud providers. Even once GAIA-X is fully functional, says the report, decision makers should hold fire until the European platform has proven itself as a viable alternative to foreign services. Transforming the vision for a European cloud from a pipe dream into a tangible reality will be an unprecedented challenge; whether GAIA-X will be up to it is nowhere near certain.