- Česky (cs)
- English (en)
eGovernment cloud
eGovernment cloud description
The basic objective of the eGovernment Cloud project (hereinafter also referred to as "eGC") is to increase the efficiency, scope of services provided, quality and security, and at the same time reduce the costs of operation of information systems and public administration applications by using shared ICT services at the level of infrastructure, computing platforms and standardizable applications. This fulfils the 3E strategy while increasing the quality and security of the acquisition and operation of public administration information systems by using shared cloud-based eGC services. Another objective of the eGC project is to facilitate the architectural, security, procurement and project processes of individual ISMS administrators to the maximum extent possible by using eGC services.
The Information Concept of the Czech Republic takes into account the basic objectives and concepts of eGC, established by the resolution of the Government of the Czech Republic in the Strategic Framework of National Cloud Computing (UV 1050/2016) and elaborated within the project Preparation of eGovernment Cloud Construction, the outputs of which were approved in November 2018 by the Government of the Czech Republic (UV 749/2018).
The eGC services include three main categories of cloud services: IaaS (Infrastructure as a Service - services at the level of data centres, networks and HW), PaaS (Platform as a Service - services at the level of standard software platforms such as databases, web servers) and SaaS (Software as a Service - complete functionality of standard or standardizable applications provided as a service, e.g. email, economic system, filing service, etc.).
The eGC services will be provided by the commercial part of the eGC (KeGC - services operated by commercial entities using their own data centres and communication infrastructure) and the state part (SeGC - services operated in data centres and on HW and SW platforms owned by the state and operated by organisations controlled by the state - the provider of state cloud computing).
Part of building eGC is also consolidation of data centres and HW platforms, which means gradual transfer of operation of most information systems and public administration applications from data centres of individual institutions to selected data centres of the state (state part of eGC), or to data centres of verified commercial entities (commercial part of eGC). The consolidated infrastructure and HW/SW platforms will be provided in the form of IaaS and PaaS services of the eGC. The development of these services includes, among others:
- defining minimum standards for the provision of IaaS and PaaS services for the government and commercial part of the eGC,
- unification of the operational environment of information systems and applications operated in the state part of eGC on several selected platforms,
- ensuring the necessary security, reliability, scalability and uniformity of ICT services operation.
The eGC build-out also includes the gradual definition of standards for selected software applications supporting the same agenda or support and administrative process. The standardised application services will be provided in the form of SaaS eGC services. The use of standardised applications will contribute to the standardisation of working procedures (business processes) in public administration.
Building eGC will enable public administration organisations to focus more on their core processes instead of supporting processes such as operation of information systems and applications. However, organisations still need to be able to define their ICT service requirements and integrate them into their core processes.
One of the basic rules for using SeGC or KeGC services is to ensure the required level of security of eGC services depending on the security level of the public administration information system for which the eGC services are used. This security level is derived from the security implications of the IS in question. The SeGC shall ensure the highest level of security and is designed to operate eGC services of the highest security level. The KeGC is designed to operate eGC services of other security levels and allows the use of market mechanisms to ensure optimal pricing to the maximum extent possible.
The second decisive criterion for the use of eGC services is the calculation and comparison of the cost of ownership (TCO) of individual IS in the model of on-premise operation (on own infrastructure) and with the use of eGC services. For both methods of determining security and economic intensity, methodological aids were developed in 2018 and are available at:
- Determination of economic intensity
- Determining safety requirements
The area of cloud computing is regulated from 1 August 2020 by the relevant provisions of Act 365/2000 Coll. on Public Administration Information Systems, where Title VI of the Act introduces a new mechanism for the registration of cloud computing requests and offers in the cloud computing catalogue and introduces the obligation for public administration bodies to use from 1 August 2020 only such cloud computing that has been registered by the Ministry in the cloud computing catalogue on the basis of fulfilling the conditions specified in the Act. On the basis of an analysis of the situation and practical experience, these provisions of the Act are currently being amended, with an expected effective date of 1 March 2021.
To set the rules for the registration of cloud computing demand and supply in the cloud computing catalogue, the Ministry has issued a methodology available on the Ministry's website for the eGovernment cloud project.
The scope of the data recorded in the cloud computing catalogue on demands, offers and used cloud computing is specified in Decree No. 433/2020 Coll., on data recorded in the cloud computing catalogue.
The eGovernment Cloud Governing Body (also referred to as the eGC Governing Body) coordinates the building and development of the eGC, develops and maintains methodological procedures for the eGC, controls and manages the KeGC competition mechanism and the SeGC service offerings. The eGC DG will build and maintain the eGC Portal, where it will publish the eGC Service Catalogues and provide information and methodological support to IS administrators for the use of the eGC.
For the purchase of eGC services listed in the cloud computing catalogue, the dynamic buying system (also known as DNS) will be used. A Portal for ordering and managing services is also being prepared, but it will not be launched together with the DNS, but its launch can be expected after 2022. The reason for this shift is that according to the current wording of the law, the Information System for Cloud Computing (ISCC) must be primarily built, the first version of which will focus on supporting the cloud computing bid and request entry processes newly described in the amended law.
Currently, the placement of public administration IS in eGC (use of eGC services) is completely voluntary. However, following the ongoing amendment of the Act, there is a transition to the long-term planned application of the cloud-first principle, where the placement of public administration IS will be derived from a mandatory TCO calculation, so that on-premise placement for newly acquired systems or as part of the technical evaluation and/or development of a managed public administration information system will remain possible only if the TCO calculation does not prove that it is more cost-effective than placement in an eGC. With the entry into force of the amended law, new decrees are being prepared to describe the methodology for determining cost-effectiveness and determining TCO based on the methodological aids prepared under Phase 1 of the project (see above).
The eGC services will be defined and described in a centrally managed Catalogue of eGC services, which will be part of the eGC Portal and based on the cloud computing catalogue. Providers of eGC services must meet the conditions specified by law, which include in particular the security of the services provided and their operational parameters, but also the credibility of the provider. Compliance with the conditions is verified by the Ministry in cooperation with the National Office for Cyber and Information Security (NUCSIS) and other state agencies.
Security rules for public administration bodies regarding the use of cloud computing and security criteria for the registration of cloud computing providers in the cloud computing catalogue and the registration of cloud computing offerings in the cloud computing catalogue are being prepared in a decree to be issued by the NUCIB on 1 March 2021 (the so-called cloud decree). This decree also sets out the criteria for determining the security level of cloud computing.
eGovernment cloud rules
Decision on joining eGC
With the entry into force of the amendment to the Act on Public Administration Information Systems, administrators of public administration information systems will be newly obliged to carry out an assessment of the economic advantage of the way of operation of the public administration information systems managed by them and to carry out an assessment of the economic advantage of its operation before the acquisition of a public administration information system or as part of the technical evaluation and/or development of a public administration information system managed by them, in accordance with the newly prepared decree. At the same time, they will classify the ISVS operated in terms of security requirements into security levels. Cloud computing used for ISVS of the highest security level can only be provided by a state cloud computing provider (SeGC). The calculation of the economic profitability of managed ISVs according to the forthcoming decree, based on the already published methodological aid (calculation and comparison of the cost of ownership TCO), will be the decisive criterion for deciding on the use of eGC services when compared to the on-premise solution model (on own infrastructure), which will be carried out before the acquisition of the ISV or as part of the technical evaluation and/or development of the managed public administration information system.
The methodological aids for economic and security requirements will be the basis for the prepared decree:
- Determination of economic requirements
- Determination of safety requirements
For the purchase of eGC services maintained in the catalogue, public administrations will use dynamic buying system (also known as DNS) and the forthcoming eGC Portal.
Each authority also needs to be aware that the funding of cloud services is different from running its own solution. The operation and purchase of in-house technology is a CAPEX, i.e. a capital expenditure, and the purchased items remain the property of the authority. On the other hand, the purchase of cloud services is a OPEX, i.e. an operational expenditure, where nothing remains in the authority's possession and it only pays for the service. This different way of financing has to be taken into account in budgeting and spending, because using cloud services for the entire infrastructure of the Authority will dramatically increase operational expenditure and reduce capital expenditure.
Access to eGC by ISVS administrators
Each administrator of a centralised provision of an agency information system should gradually take steps in the management and development of its information systems to separate the infrastructure from the actual technology and application layer of the respective information systems. This means that it should prepare itself by taking incremental steps to operate its centralised agenda information systems in the cloud from a certain point in time and should gradually reduce its dependence on its own data centres and only the technology platforms operated by it.
Currently, the placement of public administration IS in eGCs (use of eGC services) is completely voluntary. However, following the ongoing amendment of the Act, there is a transition to the long-term planned application of the cloud-first principle, where the location of public administration IS will be derived from a mandatory TCO calculation, so that the location of on-premise ISVS for newly acquired systems or as part of the technical evaluation or development of a managed public administration information system will continue to be possible only if the TCO calculation does not prove that it is more cost-effective than location in an eGC. With the entry into force of the amended law, new decrees are being prepared to describe the methodology for determining cost-effectiveness and determining TCO based on the methodological aids prepared under Phase 1 of the project (see above). Thus, the long-term trend is towards the application of the cloud-first principle - mandatory placement of IS in eGC unless the TCO calculation demonstrates a more cost-effective onpremise operation.
Obligations of commercial eGC service providers
The specific obligations are set out in the Act on Public Administration Information Systems and in the decrees issued by the Ministry and the NUCIB on the basis of this Act. The eGovernment Cloud's governing body then prepares and issues methodological guidelines based on the law and decrees. However, there are already rules for the necessity to connect via the CMS/KIVS infrastructure and thus to respect the catalog list of the service of connection via IPSec
Discussion