Cloud services are an important component in building the infrastructures required for the digital transformation of the Federal Administration. Cloud services offer the potential for faster and more agile project implementation, with the aim of providing efficient administration services for citizens, businesses, education, the scientific community and the authorities. Cloud services are IT services from a freely accessible provider that makes these services available online for everyone (e.g. Microsoft, Google, Dropbox, etc.). Typically, the services provide rapidly customisable storage and computing power, application software as a service or access to new technologies on demand.

Growing need for public cloud services

Public cloud services are already used by individual administrative units to generate and offer their public services efficiently (e.g. swisstopo's map services). The use of public cloud services meets a growing need on the part of the departments and the Federal Chancellery, as revealed in a survey conducted in autumn 2019 by the Federal IT Steering Unit (FITSU). Moreover, an increasing number of IT services are now offered exclusively as cloud services (e.g. Microsoft 365, SAP HR).

Public clouds are thus an important component when setting up the platforms and infrastructures for the digital transformation of the Federal Administration.

In addition to the services of the public clouds, services will continue to be obtained from the Federal Administration's Swiss data centres, including federally owned private clouds. These two options should allow the various needs of the departments to be met using the latest technology.

Federal Administration's cloud strategy 

In order to ensure the orderly and safe use of cloud services, basic principles have to be established. To avoid the departments/the Federal Chancellery and the offices each devising their own set of principles, the FITSU, in close cooperation with the departments and the Federal Chancellery, has drawn up a common cloud strategy.

Federal Administration's cloud strategy  (in german and french)

As a first step towards implementing the cloud strategy, a WTO public tender procedure (WTO-20007 ‘Public Cloud Bund’) sought providers of public cloud services that offer high-quality, cost-effective and scalable infrastructure and platform services, as well as a broad range of new technologies and services.
With this WTO procurement, which is limited to five years, it will be possible for the units of the federal administration to use the services of public clouds as and when needed. However, this does not mean that units of the federal administration will use the public cloud services or determine how they might do it. Whether and to what extent this happens depends on the project concerned. If services are used, a specific risk assessment must always be carried out. Applications and data with a high protection requirement will continue to be operated or processed on federally operated infrastructures and platforms (including federally owned private clouds) in the Federal Administration’s own data centres.

Swiss Cloud

The Swiss Cloud issue must be distinguished from the of ‘Public Clouds Bund’ procurement project (WTO-20007). While Public Clouds Bund procurement benefits both the central and the decentralised Federal Administration, Swiss Cloud was about examining the need, the design, the necessity and the feasibility of a Swiss state cloud solution. This was done in collaboration with experts from business, academia and public administrations at all three levels of government.
 (ad es. In December 2020, the Federal Council took note of the report on the needs assessment. The report was published (Report). It indicates that there is no need for a ‘Swiss Cloud’ in the form of an independent technical infrastructure subject to public law and as a success factor for Switzerland as a business location. In the first half of 2021, the option of a certification system for cloud services was examined. No clear state regulatory need for a national certification system was identified. In particular, a wide range of standards and certification systems (such as CSA, STAR, FedRAMP, ECSA, TCDP, C5:2020) already exist for the key aspects of data protection and information security.

Work is continuing to explore inclusion in European initiatives (e.g. secure and trustworthy data infrastructure for Europe, GAIA-X). The DTI is still in contact with experts from industry and academia in order to monitor developments in this dynamic technological environment.