Germany-the federal government's multi-cloud strategy: between digital sovereignty and dependency

Bundes' cloud strategy: Between vision and reality-against US dependency: Germany's struggle for cloud sovereignty

The German Administrative Cloud Strategy (DVS) strives to build a sovereign cloud infrastructure for public administration. But reality shows a complex image between claim and reality: While your own federal cloud is not sufficient, the dependencies of US providers grow, the costs are increasing rapidly, and data protection often falls by the wayside. This report analyzes the current situation, the challenges and future prospects of the federal cloud strategy.

Suitable for:

• Get out of the US cloud: Sovereign SaaS offers at overview + recommendations for action

The strategic orientation: Multi-cloud as a solution approach

The German Administrative Cloud Strategy is a central measure to strengthen the digital sovereignty of public administration and at the same time the federal government's multi-cloud strategy anchored in the coalition agreement. A cloud of public administration is to be set up on the basis of open interfaces and strict security requirements. The multi-cloud strategy aims to avoid binding to individual providers (Vendor Lock-in) and to enable the integration of the best available solution for specific application cases.

The Information Technology Center BUND (Itzbund) pursues a comprehensive approach: taking into account the relevant aspects of data, security and secret protection, a multi-cloud is to be created as a hybrid cloud system. An integrated cloud offer with a wide variety of cloud infrastructures and service models is planned. This strategic orientation takes into account that the federal authorities have a variety of use cases that differ in terms of the necessary protection levels of the data, the available resources and other criteria.

The role of the ITZBUND is intended to develop into a “multi-cloud manager”, which coordinates the various providers and interfaces and enables customers to select flexibility when choosing suitable IT services. According to Harald Joos, the implementation of the multi-cloud strategy must first be clarified "which external cloud data centers should be used", whereby a joint tender by the federal and state governments could create synergies.

The reality of the federal cloud and its limits

The BundesCloud was created as part of service consolidation and has established itself as a modern service platform in the federal administration. It offers services in various delivery models (SaaS and PAAS) that can be used by federal authorities. The BundesCloud services already use 66 customer authorities in their daily work. The BundesCloud is operated as a private cloud in the ITZBUND data centers and meets high demands on information security, data and secret protection as well as resilience.

Despite these successes, the BundesCloud is far from taking over the tasks that are intended. Your own capacities are not sufficient to meet the growing needs of the federal administration. Instead of primarily relying on open source software, as originally intended, in order to be regardless of external providers and license fees, 32 private cloud service providers are currently being used to compensate for the lack of capacity.

The growing dependence on US providers

The cloud market in Germany is massively dominated by American hyperscalers. Amazon Web Services (AWS) runs with a market share of over 30%, followed by Microsoft Azure with over 20%and Google Cloud with about 10-12%. German and European providers such as T-Systems, SAP, Ionos, Ovhcloud and Stackit are present, but have significantly smaller market shares.

This distribution of market is also reflected in the cloud use of the federal administration. Of the 32 cloud services that the federal government uses, most of the US providers Microsoft, AWS, Google and Oracle are provided. This dependence on American hyperscalers raises significant questions regarding digital sovereignty, especially in view of the US Cloud Act, which can enable US authorities access to data stored in Europe under certain circumstances.

The problem became particularly clear through two incidents: the faulty crowdstrike update and a configuration error in the Microsoft-Cloud Azure led to IT failures worldwide, and critical infrastructures were also affected. These events came at the wrong time because the planned sovereign cloud for the federal IT is based on Microsoft Azure and Microsoft 365 together with the SAP subsidiary Delos.

Safety concerns: encryption as an exception

The fact that of the 32 cloud services that the federal government uses uses is particularly worrying. Only with the “AWS software Vault Storage” used by the Federal Police, “ensure end-to-end encryption that deciphering meta and user data is only possible on the end devices of the users”. This raises significant questions about the protection of sensitive data in the other cloud services.

Anke Domscheit-Berg, digital expert on the left, sharply criticizes this state: "The federal government is still mostly used sovereign clouds, but a Delos-Cloud, which is based on Microsoft Azure, fears a shift." It also criticizes the lack of transparency in expenses, since for secret protection reasons, no information on the expenditure of the intelligence services is given and there is no data for the military without justification.

Integration of an independent and cross-data source-wide AI platform for all company matters-Image: Xpert.digital

Ki-Gamechanger: The most flexible AI platform-tailor-made solutions that reduce costs, improve their decisions and increase efficiency

Independent AI platform: Integrates all relevant company data sources

• This AI platform interacts with all specific data sources
  • From SAP, Microsoft, Jira, Confluence, Salesforce, Zoom, Dropbox and many other data management systems
• Fast AI integration: tailor-made AI solutions for companies in hours or days instead of months
• Flexible infrastructure: cloud-based or hosting in your own data center (Germany, Europe, free choice of location)

• Highest data security: Use in law firms is the safe evidence
• Use across a wide variety of company data sources
• Choice of your own or various AI models (DE, EU, USA, CN)

Challenges that our AI platform solves

• A lack of accuracy of conventional AI solutions
• Data protection and secure management of sensitive data
• High costs and complexity of individual AI development
• Lack of qualified AI
• Integration of AI into existing IT systems

More about it here:

• AI integration of an independent and cross-data source-wide AI platform for all company matters

The explosive development of the costs

The costs of cloud services in the federal administration have increased dramatically in recent years. From 136 million euros in 2021, they rose to 344 million euros in 2024. This doubling within a few years underlines the growing need for cloud services in the course of the digitization of administrative processes.

The ITZBUND alone had a budget of 242 million euros for cloud services for 2024. But this is only part of the total costs, since many expenses are not published for confidentiality reasons. In addition to the ITZBUND and the Federal Foreign Office, the expenditure of the Federal Ministry of the Interior, for example for the BKA and the Hacker Authority Zitis, for which household funds of 28 million euros are available in 2024 and 2025 alone.

The financial obligations through framework contracts with cloud providers achieve remarkable sums:

• Bechtle, together with AWS, has won a framework contract for public cloud services with a volume of up to 235 million euros with a term of 48 months
• Ionos received a major order for building a particularly strictly secured cloud solution with an upper limit of 410 million euros over five years
• With Oracle, framework contracts over a total of almost 4.8 billion euros were completed with a term by 2030

Cost drivers and hidden expenses

A study by the Center for Sustainable Transformation (CNT) of the Quadriga University of Berlin comes to the conclusion that public companies in Germany pay up to 120 million euros too much for their cloud services annually. An important reason for this is the high costs that arise when changing the cloud provider. For 60 percent of the public companies surveyed, a change is not worthwhile for economic reasons.

In addition, the published numbers appear incomplete and presumably too low. The lack of transparency in the expenditure for intelligence services and the military as well as the fact that the costs of cloud use are often underestimated suggest that the actual total costs could be significantly higher than the officially mentioned figures.

Projects and initiatives to strengthen digital sovereignty

Despite the existing problems, there are various initiatives to strengthen the digital sovereignty of the federal administration. A central element is the German Administrative Cloud Strategy (DVS), whose implementation project was started in January 2024. It includes the establishment of a coordination office and a cloud service portal, from which cloud applications from different providers can be obtained from the federal government, the states and municipalities.

Another important project is the Ionos cloud, which is designed as a “private enterprise cloud” and is operated in the data centers of the ITZBUND. A special feature of this solution is that it is not connected to the public Internet, but uses the so-called “Air Gapping” concept. This makes it almost impossible for outsiders to access sensitive information.

The controversial Delos Cloud

The Delos Cloud is a particularly controversial project. It is developed under the leadership of the Federal Ministry of Finance (BMF) and is intended to enable the use of Microsoft services (in particular office products and Windows operating system) beyond 2029, since Microsoft plans to pass on on-premise versions. The Delos Cloud is to be operated by German Delos Cloud GmbH on a dedicated infrastructure decoupled by Microsoft technology.

In the Delos Cloud, however, critics do not see any real step towards digital sovereignty, but rather a consolidation of the dependency on Microsoft. Anke Domscheit-Berg points out that there were over 40 high-ranking lobby meetings that were explicitly about the Delos cloud, and even Chancellor Olaf Scholz campaigned for the Delos Cloud at the Prime Minister conference on June 20, 2024.

Open source as an alternative and future perspectives

In the coalition agreement of the former traffic light coalition, the prioritization of open source software (OSS) was planned in order to reduce the dependence on proprietary providers. Konstantin von Notz, digital politician of the Greens, emphasizes that "existing dependencies on individual providers are far too big" and would have to be reduced, for example by "open source developments".

In practice, however, it turns out that the path to more open source and digital sovereignty is rocky. The completed framework contracts with proprietary providers such as Oracle, Microsoft (via Delos) and AWS are partly in contradiction to this goal. At the same time, however, there are also positive developments: Open-Source-based digital workplace, is offered by Zendis GmbH and operated by the cloud-based stackit GmbH and Ionos SE. Other private companies and public IT service providers examine the company and the associated offers.

Suitable for:

• Why the US Cloud Act is a problem and risk for Europe and the rest of the world: a law with far -reaching consequences

Challenges for a really sovereign cloud strategy

The complete digital sovereignty remains an ambitious long -distance goal. The challenges are immense and include technical complexity, high costs, the shortage of skilled workers and the sheer market power of the established actors. A realistic strategy therefore has to aim at management of dependencies than on complete self -sufficiency.

Several factors are crucial for the success of the federal government's multi-cloud strategy:

1. The consistent implementation of political requirements in procurement practice
2. The successful scaling of European alternatives
3. A uniform understanding of the federal, state and municipalities, which should achieve the multi-cloud environment of the German administration
4. A clear governance that guarantees stringent control of the implementation

Between claim and reality

The federal government's multi-cloud strategy pursues the right goal of strengthening the digital sovereignty of public administration and at the same time using modern cloud services for digitization. However, there are considerable challenges and contradictions in the implementation.

The strong dependence on US hyperscalers, the lack of end-to-end encryption in almost all cloud services used and the explosively rising costs raise questions about whether the current strategy really leads to the goal. Despite the significant increase in recent years, the financial resources still appear too low in view of the size of the task.

A successful multi-cloud strategy requires a realistic view of the technical, financial and personnel options as well as the courage to consistently rely on open standards and interoperability. This is the only way to reduce the dependence on individual providers and at the same time to promote digitization of the administration. The way to a really sovereign cloud infrastructure for public administration is still long, but it is without alternative to Germany's digital future viability.

☑️ SME support in strategy, consulting, planning and implementation

☑️ Creation or realignment of the AI ​​strategy

☑️ Pioneer Business Development

Konrad Wolfenstein

I would be happy to serve as your personal advisor.

You can contact me by filling out the contact form below or simply call me on +49 89 89 674 804 (Munich) .

I'm looking forward to our joint project.

Xpert.Digital is a hub for industry with a focus on digitalization, mechanical engineering, logistics/intralogistics and photovoltaics.

With our 360° business development solution, we support well-known companies from new business to after sales.

Market intelligence, smarketing, marketing automation, content development, PR, mail campaigns, personalized social media and lead nurturing are part of our digital tools.

You can find out more at: www.xpert.digital - www.xpert.solar - www.xpert.plus