back to article German ministry hellbent on taking back control of 'digital sovereignty', cutting dependency on Microsoft

The Federal Ministry of the Interior (Bundesministerium des Innern or BMI) in Germany says it will reduce reliance on specific IT suppliers, especially Microsoft, in order to strengthen its "digital sovereignty". In an official statement, the Federal Minister of the Interior Horst Seehofer states that “in order to ensure our …

Page:

  1. N2 Silver badge
    Trollface

    Uncontrollable costs?

    Yep, it's all smoke and mirrors there.

    1. Adrian 4 Silver badge

      Re: Uncontrollable costs?

      "You could also argue that less time spent fixing broken on-premises IT means more time to focus on innovation; but it is true that cloud computing is a kind of outsourcing and there are downsides."

      Not really. That might be true in the short term, but in the long term the jobs will be deskilled to cut costs, so the postholders won't be able to do any more than they're required to.

      Whether that's a good thing or a bad thing is a subject for tech/beancounter 'discussion'.

    2. bombastic bob Silver badge
      Linux

      Re: Uncontrollable costs?

      the biggest cost is in the SWITCHING. Some time ago didn't a German government institution switch BACK TO MICROSHAFT _FROM_ Linux??

      now it's BACK AGAIN. AGAIN.

      And THAT is where the "uncontrollable costs" will be - re-re-training, re-re-procurement, hiring new consultants, kicking upstairs or laying off old ones, yotta yotta.

      I hope they stick with a good commercial LInux solution, maybe a GERMAN company?

      I'm thinking Suse Linux.

      1. Lusty

        Re: Uncontrollable costs?

        Yeah, Suse is a German company. Wholly owned by a Swedish company.

      2. trisul

        Re: Uncontrollable costs?

        Munich switched from Microsoft to Linux and switched back to Microsoft after they promised to set up a HQ in Munich, bringing loads of revenue to the city. This is not a tech argument, in effect Munich was paid by Microsoft to switch back.

        1. Kristian Walsh

          Re: Uncontrollable costs?

          Two problems with your theory: First, Microsoft didn't move to Munich, they'd been there for thirty years. All they did was relocate from a suburb into the city centre. The second problem is that they did so on the back of a generous relocation subsidy from the City of Munich. So, bringing revenue to the city? No. Probably a net loss in the medium term to Munich, and breaking even after.

          Munich's failure was precisely because its plan was based on ideology, not a rational analysis of what was needed and what could be delivered. A gradual multi-year phase out of Windows would have worked, but the people driving this change wanted to have a Linux-only world working perfectly in an unreasonable timeframe. Replacing Windows with Linux on the desktop meant effectively writing a lot of software from scratch. That created a much higher IT budget than under the Microsoft system - the burden of filling in process holes fell on the city IT department, whereas previously it could be solved with a far cheaper application software purchase.

          The hope had been that other municipalities would switch over too, and help spread that cost, but that never happened, partly because Munich's "Great Leap Forward" plan resulted in a lot of short-term chaos that put other cities off the idea... City administrators really aren't the kind of people to say "Fuck it, let's just do it and see what happens!".

          They could have still got things going right, but the shift to mobile and cloud-based working was the last straw: Linux servers might run all of these services, but the client end of the deal is very poor, with poor integration to the application software that the City had chosen to replace Office.

          You might think an office suite is "outdated", but you're probably a software developer or IT manager whose work only barely touches on policymaking, where such software is essential. MS Office might not be a great piece of software, but it's miles ahead of any other office document suite, and critically, it offered a private-cloud solution that could be managed as "pay this much a month and stop worrying about it"

    3. Unicornpiss Silver badge
      Alert

      Re: Uncontrollable costs?

      One thing for sure. While it sounds good on paper, IMHO no one has ever saved money by moving their data centers to the cloud. But many have reduced security, speed, uptime, and consistency by doing same.

      Eventually when you outsource everything, you can find yourself in a situation where if you wanted to go back to in-house, you no longer have the facilities, hardware, or talent to do so. You may not even understand your own infrastructure. It's comparatively easy to outsource everything. But if the wind changes direction, not so easy to go back. CIOs that outsource all their resources and personnel are signing a deal with the devil and helping create legal monopolies. That monster in the room is soon going to have you by the short hairs. It's as silly as people that choose variable rate mortgages because it sounds like a great deal. Sure, it's cheap at first..

      1. Jeff 11

        Re: Uncontrollable costs?

        "IMHO no one has ever saved money by moving their data centers to the cloud"

        Untrue - outfits I've worked with who've adopted serverless compute have definitely saved money from not having to run virtual machines 24/7 for workloads that aren't constant. I'd like to see anyone emulate the same with in-house kit in their own DC...

  2. DavCrav Silver badge

    "Not really. That might be true in the short term, but in the long term the jobs will be deskilled to cut costs, so the postholders won't be able to do any more than they're required to."

    It's not just that. Innovation is done by highly skilled staff, usually. If the highly skilled staff are working for the cloud company, that's where any innovation that happens will occur. So you lose all of the extra value generated by the innovation.

    1. JimC

      Yep

      And once the skills have gone they are never coming back.

      1. Doctor Syntax Silver badge

        Re: Yep

        They can come back but it would require some effort to rebuild the organisation. Effort that the C-suite would be unwilling and/or unable to exert.

  3. Shadow Systems Silver badge

    Do you want to be held hostage by Microsoft?

    Relying on their software means you're up shit creek if they decide to pull your access to "your" data on *their* servers. You are similarly screwed if MS is told by Trump to hand over your data (or just sends in the jack booted thugs to steal MS servers storing your data to thwart MS lawyers from ever having a chance to try any fancy legal footwork to deprive you of having a chance of getting your data back while the courts deal with it), thus you can never be sure of your national security when your data is in another country's hands.

    Now change Microsoft to any other company not wholly beholden to your government. See what happens? If you want sovereignty & security then don't use another country's software.

    1. Doctor Syntax Silver badge

      Re: Do you want to be held hostage by Microsoft?

      "If you want sovereignty & security then don't use another country's software."

      And certainly don't use another country's servers.

      1. whitepines Silver badge
        Black Helicopters

        Re: Do you want to be held hostage by Microsoft?

        And certainly don't use another country's servers.

        Especially ones that USA headquartered companies hold private keys for. Look up the Intel ME and AMD PSP. All that for your Hollywood's protection, you see -- there's no way to get an Intel or AMD machine without the unwanted megabytes of backdoor-capable signed firmware.

        Thankfully non-x86 options exist, but they're not widespread yet. Maybe this will help give a bit of a shove in the right direction?

        1. Arthur Daily

          Re: Do you want to be held hostage by Microsoft?

          And now the firmware has been hacked, exposing new tweaks.

          1) No TP security updates - old machines more than 3 years - tough titty, no vendor updates as if BIOS updates were bad enough.

          2) Circular Keyboard/Mouse drivers - Windows 10 insists on NOT loading keyboard drivers but using say synaptics driver in the UEFI jungle. I now don't trust that device or enforced must use policy.

          3) InSnide UEFI transmitting WiFi shit before the PC Boots.

          I believe China is now getting the sovereign risk message, and seeking to remove binary blobs and key dependencies. It is possible for the US to disable most Chinese produced devices on demand.

          Or a bad actor to disable via a remote connection, lots of things. Say voting machines, and voting apps. But so far both countries are keeping such baked in dependencies.

    2. veti Silver badge

      Re: Do you want to be held hostage by Microsoft?

      i see your point, but how exactly can you avoid it? Any government may decide to come after you. Case in point, the US government has been picking fights with several US companies (Amazon, Ford, Microsoft). It's not clear to me how hosting their data anywhere else would make any of them more secure against gov't-level interference.

      Particularly if the gov't is prepared to ride roughshod over the law, in which case - even if your "rights" are cast-iron in legal terms, it can still take years to assert said rights.

      Basically, there's no realistic defence against government-level attacks on your business. At least, not in the sense of preventing them. There are some mitigation strategies, but I'm not sure if "hosting your own data" would qualify as one.

      1. big_D Silver badge

        Re: Do you want to be held hostage by Microsoft?

        That is the whole point. And we are talking about government offices here.

        The government should host the data and applications itself, and where possible have oversight on the code being executed.

        That either means using local providers (inland) or using your own staff and your own software or open source software.

      2. jmch Silver badge
        Mushroom

        Re: Do you want to be held hostage by Microsoft?

        "Basically, there's no realistic defence against government-level attacks on your business. At least, not in the sense of preventing them. "

        Yes there is. It's called seperation of powers. Sadly (in the US at least), the legislative branch has lately allowed itself to become irrelevant and is ridden roughshod over by the executive branch. In many countries the seperation of powers wasn't as strong to begin with. More importantly, an independent judiciary and police force is an important part of a functioning liberal democracy. Again, sadly we are seeing in many parts of the US and EU that judicial appointments are being made with heavy political bias, and/or having the executive branch exert undue influence on police activity, in effect deciding who to apply the law against and who to protect.

        The other element is "rule of law", another essential cornerstone of liberal democracy, and again unfortunately the totalitarians (on either side) keep reinterpreting this to mean "we can change law to whatever we want and then the shit we do is legal" rather than the real meaning of "law should be applied to all indiscriminately", and in any case conform to a broad set of accepted principles eg human rights

        The problem is that these defences keep getting eroded using other shit (like artificially-stoked fear of immigration, terrorism, paedophilia etc) as an excuse, and many people are falling for that shit because they're already living on an economic and social knife-edge* and are more prone to scaremongering.

        OK, rant over

        *possibly by design

        1. Reg Reader 1

          Re: Do you want to be held hostage by Microsoft?

          *possibly by design

          Globalization! The wealthy have been able to keep many developed countries GDP high while causing job loss in the middle and lower economic middle classes. Job losses cause what you've described above and lower wages for just about everyone else and that pulls money away from the populaces ability to pay taxes which then hurts education, infrastructure, and healthcare. Decreased educational standards then continue the downward spiral.

          1. jmch Silver badge

            Re: Do you want to be held hostage by Microsoft?

            "many developed countries GDP "

            One of my pet peeves is the use of GDP per capita as a rough proxy of how wealthy / advanced a country is. In most 'western' nations, GDP per capita has grown in the last few years to beyond pre-recession levels, while median income has effectively stagnated at 2007 levels. Taking inflation into account, median income is down.

            Using 'mean' as an average just hides the fact that there is a tiny (and shrinking) class of ultra-rich people whose wealth increases rapidly as everyone else's stagnate. It's no longer a case of the 1% or the 0.1%, we're talking about 0.0001% here

            1. Yet Another Anonymous coward Silver badge

              Re: Do you want to be held hostage by Microsoft?

              >One of my pet peeves is the use of GDP per capita as a rough proxy of how wealthy / advanced a country is

              There are a million people in Chicago.

              The Chicago derivatives exchange does > $1 Tn in trades

              - therefore everyone living in Chicago is a millionaire.

    3. thondwe

      Re: Do you want to be held hostage by Microsoft?

      Unless you write all your own software, you are hostage to someone else?

      If you use an Open Source solution and the authors interests wander elsewhere, what do you take it on (if you have the skills) or spend effort switching? What if the authors of Libre Office start collecting feature usage data to focus their efforts (which is what MS is mostly doing?)? What do SUSE/Redhat/Ubuntu do with their patch management processes - guess they may analyze the data to see how popular packages are... Could a government ask them for IP addresses which have downloaded packages/update needed to support Tor or VPNs etc?

      If your going to be paranoid about MS, you need to be paranoid about them all?

      International Law and Enforcement is what's needed and needs to apply to ALL software houses... (Hence GDPR etc)

      1. big_D Silver badge

        Re: Do you want to be held hostage by Microsoft?

        What do SUSE/Redhat/Ubuntu do with their patch management processes - guess they may analyze the data to see how popular packages are

        You don't need the IP address for that, you just need how many times a package had been downloaded. Given that if you are downloading updates for 50 PCs behind a firewall/router, you only get the single external address 50 times, the IP address is pointless anyway.

        1. Doctor Syntax Silver badge

          Re: Do you want to be held hostage by Microsoft?

          In any case big distros ship with a fairly full set of applications so the patch info will be mostly "everything". At best it might tell them about Gnome vs KDE vs XFCE vs whatever else.

      2. alain williams Silver badge

        Re: Do you want to be held hostage by Microsoft?

        Unless you write all your own software, you are hostage to someone else?

        If you use an Open Source solution and the authors interests wander elsewhere, ...

        There is an easy solution to that : pay the Open Source authors to provide solutions that meet your needs and then continue to pay them for maintenance.

        Oh, you say "that will be very expensive", true but:

        1) what is the cost of paying a closed source provider for decades ? Once OSS does what you want the development costs will drop to a lower maintenance level.

        2) the costs will still be large, but we are talking about governments/similar here, they are paying huge amounts to Microsoft, etc, already.

        3) the costs are still large - so why not notice that there is a large amount of overlap in the requirements of governments in different countries. How about working together ? This will really bring costs down - the hard bit will be getting this idea into the heads of politicians who will be being bribed by the proprietary system vendors who do not want the geese to die.

        4) put some of your own staff onto the the projects that interest you. That keeps some of the cash that you pay in your country rather than send it to the USA, it also increases the number of skilled people in your country.

        5) smaller businesses in your country will benefit from the filter down and not have to send so much of their income to the West coast of the USA.

        Summary: it should be a complete no brainer to have governments support OSS; however it is unlikely to happen.

    4. jmch Silver badge

      Re: Do you want to be held hostage by Microsoft?

      "you're up shit creek if they decide to pull your access to "your" data on *their* servers."

      I'm not a cloud expert, and been in IT long enough to know nothing is trivial, but surely keeping a backup on your own servers of anything that's in the cloud isn't a huge extra bit of work.

      "You are similarly screwed if MS is told by Trump to hand over your data"

      Erm, no - MS already have already told Uncle Sam to do one in exactly those circumstances. Of course there's no way of knowing if they are secretly mirroring the data to some TLAs on the side, but the shit hitting the fan if that ever came to light would be enormous. If it ever came to light that Azure (or AWS etc etc) were passing any client data to third parties, they would lose half their business overnight and long-term, be finished as a going concern.

      "(or just sends in the jack booted thugs to steal MS servers storing your data to thwart MS lawyers from ever having a chance to try any fancy legal footwork to deprive you of having a chance of getting your data back while the courts deal with it)"

      Given that has MS already has European-only data centres where they keep data for EU clients, that's gonna take quite a jackboot!

      1. Zippy´s Sausage Factory

        Re: Do you want to be held hostage by Microsoft?

        Erm, no - MS already have already told Uncle Sam to do one in exactly those circumstances.

        They gave up on that as soon as the CLOUD act passed - https://www.theregister.co.uk/2018/04/04/microsoft_agrees_doj_cloud_act_renders_email_battle_moot/ (sorry can't remember how to link this)

        Given that has MS already has European-only data centres where they keep data for EU clients, that's gonna take quite a jackboot!

        I thought they were moving them back to the US now, after the recent privacy policy update (that i can't seem to find any trace of, which makes me question either my memory or my Google skills...)

        1. Doctor Syntax Silver badge

          Re: Do you want to be held hostage by Microsoft?

          And ISTR a rather vague statement somewhere that implied the German data trustee arrangement was no longer operative. If that's so it was withdrawn with a lot less publicity than it was announced.

      2. Alumoi

        Re: Do you want to be held hostage by Microsoft?

        I'm not a cloud expert, and been in IT long enough to know nothing is trivial, but surely keeping a backup on your own servers of anything that's in the cloud isn't a huge extra bit of work.

        If you keep your own servers for backup, what's the use of the cloud?

        1. amanfromMars 1 Silver badge

          Re: Do you want to be held hostage by Microsoft?

          If you keep your own servers for backup, what's the use of the cloud? ..... Alumoi

          Howdy Alumoi,

          Are you not familiar with the expression "belt and braces" and that enduring Scout motto "Be Prepared" for second and third party failures/first party opportunities?

        2. jmch Silver badge

          Re: Do you want to be held hostage by Microsoft?

          "If you keep your own servers for backup, what's the use of the cloud?"

          Any decent-sized company that has at least 1 big central data centre and a business continuity plan should have a backup data centre mirroring all the data, and with the possibility of switching all operations to the backup in an emergency. ie you need not only the data but all the operational software that is correctly configured and ready to go at a few hours' (or for some critical businesses, minutes') notice. All that stuff costs a lot, and you're paying for most of it twice*, just to be sitting there in backup, and one of the selling points for cloud is that it is cheaper to operate.

          Of course every company would have it's own cost-benefit analysis, but given the risks of having your precious data being ONLY in the cloud combined with the cost savings of having some operations in the cloud, it could work well for some companies to have part of their operations in the cloud as opposed to fully on their own systems. Having everything on the cloud is mental

          *AFAIK some software licensing allows an backup/failover system for free as part of the main license, some charges a small %age for backup systems, some might charge full whack. All the hardware needs to be there in place though.

  4. Kev99

    I still question the sanity and intelligence of any company or government that puts its data on "the cloud". Not a day goes by where there isn't an article on this company or that government has had data leaked, stolen, or otherwise compromised.

    1. werdsmith Silver badge

      Has that never happened with on premise data then?

      1. JimC

        Lets put it this way

        I wouldn't be surprised if the air gap has to return the way things are going.

      2. VikiAi
        Facepalm

        Of breaches have happened on local servers too. And will almost certainly continue to do so in the future.

        But the question is: do you want such a mishap to be an occasional and relatively local disaster, or do you want frequent and widespread data breaches as par-for-the-course?

      3. big_D Silver badge

        It has, but it is generally a lot harder. You have control over your network, you configure it and you are responsible for its loss. Also the firewall is at the perimeter of your network and is "easy" to configure for the sys admins.

        A hosted VM with its own virtual firewall on the other hand, being configured by a finance department lackey , if you are lucky, is a whole other kettle of fish. You have to configure the local and remote firewalls to allow the transmission of the data to and from your premises, that's the "easy" bit. Then you need to configure the virtual firewall to also allow access from your mobile workers, only what IP addresses do they use? Do you even know how to identify them? Or do you just allow any external IP address access? Yes, that sounds good, because your mobile workers can be anywhere...

        And the configuration of the VM and the software running on it isn't always easy, either. Mix up the two and you have pre-programmed chaos.

        If you have a corporate network, only external users with your VPN software and your VPN keys and a valid username and password can get at your systems and you, generally, have the expertise to set this up and enforce it. If one of the servers is misconfigured, it might allow your employees to see more than they should, but it isn't available to every Tom, Dick and Harriet that stumbles across you external IP address.

        It isn't foolproof, but it is a lot easier to contain than having departments running their own virtual servers in a cloud somewhere, where nobody knows how to properly configure it, the virtual switch and the virtual firewall properly.

        Even if you have the expertise in house, are they being re-trained to configure all these different virtual components from all these cloud suppliers? Are they going to be there in a couple of years, when you need to make changes or things stop working?

        And, most importantly, you are responsible for the data. Even if you get it right, if your cloud provider screws up and your data is leaked anyway, you are still liable for fines and prison time, because it is your data and your responsibility. I'd much rather face a fine/lose my job/go to prison for my own stupidity than the stupidity of others that I have "no" influence over.

    2. jmch Silver badge

      "Not a day goes by where there isn't an article on this company or that government has had data leaked, stolen, or otherwise compromised."

      True, but not all of them are cloud-related. Data has been being leaked / stolen / left behind on the train etc etc since forever. It's happened from 'closed' corporate systems, air-gapped systems where some muppet gets data on a CD / USB, unsecured / unencrypted laptops etc et etc.

      The problem isn't 'cloud' per se, it's implementation by muppets at the behest of halfwits, which in turn is a symptom of beancounters refusing to provide the necessary budgets for staff, equipment and training and clueless business users imposing artificially and absurdly short deadlines.

      There certainly can be a business justification for 'cloud' (which essentially is just a fancy name for outsourcing your data centre to a third party), but the business case has to include the contingencies for the cloud being inaccessible, just like an 'in-house' plan business continuity by having multiple data centres, mirrored server instances etc etc

      1. Doctor Syntax Silver badge

        he business case has to should include the contingencies for the cloud being inaccessible, just like an 'in-house' plan business continuity by having multiple data centres, mirrored server instances etc etc

        FTFY

        If the driver is cost will those contingencies be included. Maybe, but very likely only after the need for them has been cogently demonstrated by an outage.

    3. amanfromMars 1 Silver badge

      IT's a Mad, Mad, Mad, Mad World .... and AI is Madder? And as Mad as Hell*

      Kev99,

      Would the Intelligently Insane be for realising IT a Free and Open Global Source File Utility and Universal Facility?

      *Mad as Hell Networking

  5. Rol Silver badge

    O/S of Damocles

    Microsoft's goal is to have you renting their software and hardware solutions by the minute - by creating an ecosphere where obsolescence is guaranteed.

    Is it any wonder companies are looking for solutions that might last longer than a couple of cycles?

    MS will, for an incredible amount of money, offer a bespoke extended life for your critical systems, that will eventually become more expensive than the O/S upgrade you've been trying to avoid.

    Open-source options similarly get overtaken by newer versions, but they tend to retain support for legacy stuff, or the community / in-house team can come up with a fix, because, well, it's open-source, so anyone can pop the bonnet and spanner away, suitably equipped with the freely available source code, that, like a Haynes car manual, will make the job possible.

    I really can't see the sense behind throwing your lot in with a company that can be so easily manipulated by a government that sees the world as a collection of enemies and potential enemies. Add that obscenity in the White house into the mix, and it's more like when, rather than if, the lights will go out on your MS system, due to some political discourse or other.

    1. JimC

      Re:they tend to retain support

      I'm not sure I've ever seen evidence for that.

      1. big_D Silver badge
        Holmes

        Re: Re:they tend to retain support

        Have you not been following the news for the last year or so?

        1. yoganmahew

          Re: Re:they tend to retain support

          Like Python 2.7 news?

    2. LDS Silver badge

      "but they tend to retain support for legacy stuff"

      Actually, until now Microsoft retained support for "legacy stuff" far more than open source. For the simple reason people can't recompile the "legacy stuff" every new release. Very few companies have the resources to fix their own specific "legacy stuff" for which there's no community at all, and even if you have the source code, it's usually quite expensive to hire someone to maintain it, especially when it's very specific "legacy stuff".

      But it is true that since subscription became the preferred method to extract a constant cash flow from cash cows, fast obsolescence and lack of backward compatibility can be the best way to try to justify the subscription need.

      It may turn out that the "new" (after all, extensively used in the Unix world before the PC...) business model could kill that very cash flow they want now, as users become not so happy to be forced to follow.

      PS: dear Microsoft, with all your telemetry could you fix the Outlook issue which makes it continuously asking for a password? It's years it happens, without a definitive fix. Maybe after all that telemetry is never really used but to profile users, and never to "improve the experience"?

      1. Doctor Syntax Silver badge

        Re: "but they tend to retain support for legacy stuff"

        Actually, until now Microsoft retained support for "legacy stuff" far more than open source.

        The issue with Microsoft was the other way around. By periodically updating the format it meant your "legacy" version of Office couldn't open the .doc or whatever file someone sent from their more recent version so you had to buy the new as well.

        The open approach is to set the file format as a standard and stick to it so our old version of the S/W will open and use a file written by the latest version or even from some other application using the same standard. Microsoft got its arm twisted to use an open standard so they got their own, reportedly of dubious clarity.

  6. IGotOut Silver badge
    Go

    About time.

    If the whole of the EU slung some serious resources at IT maybe we can actually break the stranglehold the US has.

    There are some good European companies that exist but we need more, and we need to promote them better to break the Google, MS and Amazon dominance

    As an example I use Protonmail for email and Here for navigation, both far better than the likes of Outlook and Hotmail.

    Then we should look at funding other "disrupters" (I feel unclean now). If someone.is going to come in and mess up stuff , at least let them be European.

    1. cynic56
      Joke

      Re: About time.

      Oh no. Anything but Europe. Have you never heard of Brexit?

      1. John G Imrie
        WTF?

        Re: About time.

        I've heard of Brexit, but I've yet to see one despite BoJo shouting, 'It's over here, no over there, no dam it, it's that great big thing by the cliff edge'

      2. Anonymous Coward
        Anonymous Coward

        Re: About time.

        Have you never heard the germans can be quite _determined_ when it comes to a strong and united europe, with a strrrrong german leadership..

        ..ehm, got a little carried away here.

        1. Doctor Syntax Silver badge

          Re: About time.

          It might be worth your reading up why, after WWII, it was decided that international cooperation in Europe was a good thing.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020