The short version

For decades, governments and organizations could run services based on servers we actually owned. These days, we’ve allowed the IT world to convince us no computing is possible outside of US-style clouds, for which we have no European equivalents. And because of this conviction, we are now moving our most precious data and most critical services to US controlled servers. Yet most of European government software still runs on locally owned systems. Apparently it can be done!

Weirdly, these days we even procure basic computing services exclusively from the US, even services that are widely available from European providers. It is likely never a great idea to base governments on proprietary cloud services, let alone ones under legal control of a rapidly decaying democracy.

Given that most government (and other vital) services still run without US cloud support, let us relearn how we did that, and use those skills to maintain sovereignty from where we are. Because we’ve done that for decades, and we can continue to do so, if only we stop to take a look at what is possible with what we have here.

This will allow us to not hand over our governments and societies to US control, even though we were previously sold the idea that this is the only possible action. And meanwhile, by doing business in Europe, our local clouds could offer more of the services that are now exclusively available from the US. (I’m fond of actual industry initiatives like EuroStack).

But do know that without policy action, the IT world will continue to insist only US clouds can deliver what they need. Hence the need for strong policies to base vital services on technologies that are available here, today, even as we stimulate the development of European cloud services.

This article is part of a series of posts on (European) cloud challenges. The series provides a lot of important context on what follows.

The full story

I try to stay positive about Europe’s dire cloud situation, but sometimes I wonder what we are doing to ourselves.

In short, almost all newly deployed computer systems in Europe are either based directly on American clouds, or are delivered “as a service” by companies who in turn are also all exclusively based on non-European clouds.

The story is that we don’t have any real cloud providers in Europe, and by some definitions this is true. We do however have loads of places where you can rent excellent servers, storage and network bandwidth. This is the “wood” out of which you can build services. But if you want to base your services on ready made components (furniture), there are not a lot of options here.

Meanwhile, if you assemble your services out of such (American) pre-made components, you are tying yourself indefinitely to specific providers. And it is hugely expensive too. It is not all roses in the American clouds.

Perhaps because of this, many European software veterans are actually not that fond of going all-in on any proprietary cloud services: you’ll not ever get out again. This is a widely acknowledged problem. If you base your services on more generic offerings (widely available in Europe), without going for the US “prefabricated” components, you are in a much stronger position to possibly ever change vendors, which also helps with pricing negotiations.

As a concrete example, if you build your tax agency on rented (virtual) servers and rented database services, you still own your technology stack. If however you base your tax agency (or municipality) on Microsoft Entra ID or Amazon Cognito user management modules, your business processes are now locked tight to these providers’ proprietary services. This difference is stark.

For smaller organizations, it may indeed be attractive to have someone else run advanced services for them. This allows less skilled developers to work with less support. However, governments could easily provide far more affordable and private services by deciding to get or retain people to run a database internally. For them it is worth it, since government autonomy is somewhat important, and they have the scale to do it.

Meanwhile, almost all of Europe has chosen to make itself utterly dependent for new services on the three big US cloud providers, with no way of going back. And since the US is (at best) a decaying democracy at this point, this is a worrying situation. They also openly say they think the EU was setup to “screw the US”. Not a healthy relationship.

Microsoft has just admitted, under oath, that it indeed can’t protect European data from the US government, which should give everyone some pause, especially governments.

“We can only function with Amazon, Microsoft or Google clouds”

Key to the discourse is that we’ve allowed ourselves to be convinced you can’t possibly do any computing anymore without going through the three big US clouds.

As evidence for this, people will tell tales of how bad their own data center operations were. It took WEEKS or even MONTHS to get a new server. And this was likely true.

However, from this terrible server provisioning problem, we then somehow head straight to “we can only function if we get to build everything with Microsoft Azure”. Yet these are different problems. In the olden days we had people called system administrators who could setup databases and other supporting software for us. But today we pretend such things are entirely impossible, even for large organizations like governments. We must have cloud databases from Microsoft, Amazon or Google!

Oddly enough, we go for these US suppliers even for services that are widely available in Europe (like servers). We give up our autonomy even in that case, in return for some ‘one stop shopping’ convenience.

Actual servers. Photo by Massimo Botturi on Unsplash

Currently, countries in Europe are overwhelmingly giving up on being able to run their population registers on their own servers, or even to communicate internally without passing every email and document through US-operated servers.

Governments are now rewriting policies to make it possible to outsource our most core national services to the US, which then fall under US spying legislation. All the while clinging to vague non-binding promises that the US would only spy on us if it were really necessary, and that Microsoft would defend us against US sanctions (which they then immediately didn’t do)

And this is because the IT world is telling us there is no other way. Policy makers have now become convinced you can only write software that runs on US clouds, and we’re so sure about that that we’re not even entertaining anything else.

Yet even today, much of government IT does not run on such exclusively US clouds. Apparently it is possible.

A similar situation exists for M365, the Microsoft cloud-based office productivity platform. Many governments are not yet on this platform, and some of them have recently invested in on-premise non-cloud solutions for email and documents. However, many (local) governments say they simply must use M365 because they claim it is impossible to continue to rely on non-cloud mail servers. Yet, national governments show that it can be done.

The two ways forward

The only game in town now appears to be lamenting that we don’t have US-style clouds here, and that we must somehow get them, and until that time we simply must do business with AWS/Microsoft/Google.

The bar is set very high, we can’t just have a capable US-like cloud, people demand total equivalence. Preferably a “drop-in” replacement that does exactly the same thing in the same way. Note that this requires zero effort on the part of the IT department or software developers. They demand that everyone else solves the problem for them, and meanwhile, they’ll continue to put our most precious national data on US servers, thank you.

The other way forward would of course be for our software and IT people to relearn what they apparently could do until a few years ago: deploying software on (virtual) servers and setting up databases and other basic services ourselves, or relying on such things provided by European partners.

And in fact, a ton of software still runs that way (but maybe today on servers rented from Amazon, Google or Microsoft). There is nothing impossible about this, despite what the cloud-dependent (cloud addicted?) software and IT people say.

But why not just build “Amazon.eu”

Whenever you try to sell someone on an idea which involves change, they’ll come up with reasons why it is impossible to do. Your thing doesn’t have X, it does Y in a way I’m not used to, and it should be using technology Z. Just like the thing we do today.

It turns out that if you solve X, Y and Z, people that don’t want change come up with three NEW reasons why they can’t move to your stuff.

This is a generic human being thing when confronted with the need to change things. Compare what people say about having to give up a gas stove, or driving an EV, or getting a heat pump. Tons of reasons excuses not to do it.

This means that even if an “Amazon Web Services” lookalike from Europe appears, almost no one will switch to it voluntarily. Because people will always find some way in which is it not exactly AWS.

In addition, it is technically nearly impossible to exactly clone AWS (or Azure etc), and likely this is also not legal, which opens you up to a ton of lawsuits.

Yet, this is what our politicians and many technologists demand that we do before they’ll consider change.

Let’s try something else

Right now the “pre-fab services” cloud offerings in Europe are indeed weak. But plans are afoot to improve that situation. I’m particularly fond of hands-on practical intiatives, which includes the EuroStack effort. However, this will take time, and meanwhile everyone will find excuses to hand over control of our governments and societies to US controlled entities, and lock us in to their proprietary solutions.

As noted, this is unacceptable, and it is astoundingly hard to believe we are letting this happen because people have been fooled into thinking you can’t do anything computer related thing outside of the big US clouds. Even though we have fabulous servers, storage and network here in Europe.

So I urge everyone, consult your existing IT operations people. Look at the stuff that is running on your own data centers or on European-owned hardware. And ask, why not do more of this? Can’t we keep the things that are currently working over here, outside of the big clouds? We used to be able to run a database ourselves!

Can we learn from those existing solutions how to deploy our new systems on the powerful server/storage/networking capabilities that we DO have in Europe? And not base our whole governments and societies 24/7 on technologies from far away?

As a case in point, the new & ever more popular OpenTK.nl Dutch parliamentary monitoring system runs on a non-cloud server, yet contains hundreds of gigabytes of documents, votes, procedures and meetings. With snappy full-text search and instant email alerts. The annual hardware/maintenance costs are around 500 euros, and the estimated equivalent spend in the cloud is around six times more. It is entirely possible to create new things on European infrastructure.

Also, we got into this mess because our internal procedures for deploying hardware and software were indeed slow. But such provisioning challenges are by now a well solved problem. With some work, this does not have to be a hassle. There are also capable European providers that can give you servers on demand.

And finally, if your developers say they can’t function without US clouds anymore, are you up for the political decision to say that they must then study a bit more to relearn what they apparently could do up to a few years ago. And meanwhile take a good look at what now is being built in Europe.

Because the cost of just giving up means becoming a digital colony, out of laziness. And that would be terrible.

Afterword

Some very specific things that can be done today, keeping in mind that once something has migrated to a cloud with sticky/proprietary/intrusive features, it is astoundingly hard to get out again:

• Don’t move stuff to the cloud when there is no need to. If it works, keep it like that.
• If it is possible to move things to a European cloud, by sticking to technologies that are well available here, do that
• If there are internal platforms for deploying (virtual) servers and software, give these a lot of love. The exodus to the cloud was largely caused by these functions being very slow.
  • European and non-European clouds can give you a new server in minutes, and there are loads of platforms that allow you to do the same thing based on hardware you own
• If moving vital/crucial functionality to the US cloud, ponder how to explain yourself if your hospital/population register/prison stops working if the US government throws a fit

This article is part of a series of posts on (European) cloud challenges. The series provides a lot of important context on this page.