Does the UK need its own version of GAIA-X?
There are multiple perspectives on safe data sharing – on the one hand, there’s so much benefit that can come from it. Better research, better derivatives, and better outcomes. Simply put, a unified, compliant data repository can save lives, improve services, and help keep our nation safe from both internal and external threats.
However, it’s not as simple as that. Ever since the dawn of ‘digital data’, organisations have exploited civilian privacy to collect data, analyse behaviour, and build individual profiles. You don’t have to look far to find a story of when data has been used in controversial or contentious ways. The words ‘Cambridge Analytica’ will certainly ring a bell. But that scandal and many like it were bending laws, trying to exploit data and ethics within the realms of that which is legal, or if not legal, is enabled by the data custodian or application.
Over the years, we have seen policies such as GDPR make data mishandlings more penalisable, and the 2011 Cookie law give civilians more control over who can gain access to their data, and online habits. But consent and laws are often bypassed, and private data is regularly breached by criminals. Vulnerabilities of those entrusted to keep our data safe can often lead to breaches of privacy.
So how can we be so sure that ‘safe data sharing’ really is ‘safe’?
Secure Cloud and laying a compliant data foundation
The third pillar of the National Data Strategy concerns data availability, arguing that for it have the most effective impact, there needs to be “better coordination, access to and sharing of data of appropriate quality between organisations in the public, private and third sectors.”
But before even considering the possibility of a national data repository – of safe data sharing – there must be a comprehensive uptake of secure cloud among those participating. Much like when building a house, you need to lay a strong, rigorously tested foundation that adheres to strict safety standards, the infrastructure upon which data relies must too meet security and compliance standards.
Yet, currently, the UK is at a crossroads in its approach to digital. There is a consensus on digital adoption, in fact 97% believe in the potential of digital technology to unlock data. (UKCloud State of Digital and Data Report)
And 62% agree that being able to use data to its full value when collaborating internally and externally is essential to providing better services.
Yet, we are seeing a painful inertia in adopting these technologies – even in simply setting foundations in the cloud for future digital adoption – and this is perhaps the most prevalent obstacle to safe data sharing. We’ve shared our analysis on many occasion that public sector cloud spend is not growing at a rate which can sustain comprehensive digital innovation, or better data use.
In 2020, over 85% of public sector organisations were reluctant to move their workloads to the cloud due to risk and security concerns. Have we still not yet come so far as to realise how the security benefits of cloud far outweigh the vulnerabilities and risk of current, ageing and often siloed legacy solutions?
In 2021, with the UK now recovering from the pandemic, those public sector organisations unwilling to adopt cloud – to see the potential for innovation and data enablement, as well as enhanced security for data and workloads – will be left behind. But, for those who need more convincing, our comprehensive take on the benefits of secure cloud can be found here.
It’s not just the tangible security benefits of secure cloud that will lay the foundation for organisations to share data safely and provide improved services. Current lack of adoption does nothing to ease the inhibition of civilians to allow their data to be shared, even for the greater good, in the first place.
So what is a secure cloud, and what can it do for your organisation?
Moving to a Secure Cloud Solution
We won’t define the entire remit of how a cloud solution can be made to be secure – we’ve covered that comprehensively in our previous secure cloud blogs. Find them in our content hub.
But we can tell you what makes a ‘Secure Cloud’. You see, many providers will have you believe they offer a Secure Cloud solution – but for the most part, these are regular clouds with security tacked on the side.
We at UKCloud believe that for a cloud to be truly ‘Secure’, it MUST be secure by design.
But what does that mean exactly?
Well, every decision about how a true Secure Cloud solution is built should be made with security in mind. Knowing that, what should you look out for?
- Sovereignty – Can your provider’s cloud solution guarantee that your organisation’s data will not leave the island?
- Choice – Utilising multi-cloud, for example, spreads any risk across multiple clouds, and mitigates service failure to the extent seen in examples such as the recent Fastly outage.
- Secure connectivity – A secure cloud should ensure seamless and compliant connectivity to necessary secure networks, such as PSN, HSCN, and RLI.
Only then should a cloud provider begin to think about additional protections that will bolster cyber resilience.
GAIA-X vs GPDPR – Exemplary data collaboration
“At the moment people view data sharing as a threat or as a risk… but what they don’t hear about is the benefits that flow from sharing data.”
Those are the words of Rt Hon John Whittingdale OBE MP, Minister of State for Media and Data at a recent HPE webinar – showing there is recognition from inside government that, not only is there a desire to push towards UK safe data sharing, but also that there are civilian inhibitions that must be tackled.
In UK healthcare, we are already seeing a movement to create a ‘General Practice for Data Planning and Research’ (GPDPR). Although awkwardly named (make sure not to confuse this with the similarly named GDPR), the GPDPR initiative seeks to “support processes that manage and enable lawful access to patient data to improve health and social care”.
The initiative states that “The data held in the GP medical records of patients is used every day to support health and care planning and research in England, helping to find better treatments and improve patient outcomes for everyone.” The project itself is seeking to utilise safe data sharing to reduce the burden on GP practices – something which is necessary in the post-pandemic world, with long healthcare waiting lists and ever-tightening budgets.
However, even this plan for data collection and collaboration has been put on hold after concerns about data privacy and lack of choice were raised.
So, is there a right way to enable such collaboration?
Well, many would argue that the aims of Europe’s GAIA-X project lay out the idealistic plan for future European data and cloud ecosystems, setting the standard for the rest of the world.
In the words of Techrepublic, GAIA-X “is an initiative that hopes to create a unified ecosystem of cloud and data services protected by European data laws.” Various suppliers of cloud services would unify in an interoperable data exchange, creating a vessel for data across industries, and a single data repository for innovation and research.
The need for a project like GAIA-X in Europe is a result of over-reliance on non-European tech giants. France and Germany, the EU member states drawing up the initiative, have a vision of creating a leading digital and data capability in Europe – diverting its reliance on US and Chinese tech providers to a European-based technical capability.
Developing home-grown cloud solutions will allow Europe greater control over the residency and privacy of its data, consequently enabling cross-industry collaboration.
These issues of data sovereignty and residency are also prevalent across the English Channel. Should the UK look to implement something similar to GAIA-X? And, in the wake of greater freedoms post-Brexit, develop a national digital capability which could place the UK at the very top of the ladder.
You see, the message to take from GAIA-X is that national data repositories, safe data sharing, and resultant industry-wide collaboration, will not come easy. It’s not as simple as setting up an initiative like GPDPR, or any other future data initiative for industries other than healthcare. There must be a plan for a digital foundation that enables such a delicate project. That means, developing a digital capability that places data residency, data privacy, and data sovereignty at the absolute forefront. It means investing in the UK’s sovereign cloud infrastructure – just as Europe are with GAIA-X – to make safe data sharing truly safe, thus opening the door for innovation.
Looking to the future
If we as a nation aspire to be digital leaders, such as is outlined in the aforementioned third pillar of the National Data Strategy, then we as a nation must begin taking the value of data seriously, and the infrastructure on which it relies is just as important in enabling that data.
In 5 years time, data will be the 2nd most important asset in UK Defence, according to the recent National Data Strategy for Defence. In an industry where data is underutilised, critically important but highly difficult to exploit as a result of security, we must place an emphasis on the role Secure Cloud can play in Defence. In fact, the role of clouds built solely to host defence workloads should be more greatly explored. Learn more about Defence Cloud in another of our blogs, here.
In Health and Social Care, GPDPR is indicative of the beginning of a data revolution in the UK, the question is simply: How quick can we get there?
Being able to utilise data for research, to drive efficiencies and improve patient care is the logical next step – a step which countries are racing to take, developing their national digital capabilities to develop world-leading safe data sharing projects.
But the first step is laying the groundwork – it’s all about secure cloud.
UKCloud are leading the way for sustainable, secure and effective sovereign cloud uptake across the public sector, enabling better services and delivering greater value for the UK taxpayer. Learn more about Sovereign Cloud here. Alternatively, if you’d like to discuss your journey to cloud, contact a cloud professional, or take a look at our Professional Services offering.