Google offers the key, but holds the door
Image:
Hayete Gallot, president of customer experience at Google Cloud, says the company has a responsibility to build the tech ecosystem
Google’s insists data it holds is secure and it won’t create lock-in for the UK government, but do the answers match the ambition?
Peter Kyle’s announcement of a large-scale partnership between Google and the UK government has, it’s fair to say, been treated with suspicion – not least in this publication. Writing from Google Cloud London last week, I asked three important questions: How will data sovereignty be respected? Is putting a US hyperscaler at the heart of digital government wise? And how will the government avoid vendor lock-in?
I was able to talk to Hayete Gallot, Google Cloud’s president of customer experience, the same day to get some answers.
Despite only joining Google this year, Hayete has plenty of Big Tech experience; she previously spent 15 years at Microsoft and a decade at Canadian telephony giant Nortel. One would expect her to toe the party line, and she did – but that line turned out to be pretty vendor-agnostic.
Data sovereignty
Concerns about data sovereignty aren’t limited to Europe, Hayete told me. Instead, “It’s a global requirement,” even – increasingly – for firms in non-regulated industries.
“When you’re non-regulated, it’s more, ‘How can I show to my government that, strategically, I’m minimising my dependence on a US company, and I’m making sure that as a key company from the country, I have a plan?”
That sentiment is “driving a lot of demand” for a public cloud data boundary, like the one Google launched in May. More on that below.
The company is also setting up a network of “trusted local partners,” because customers “want a company that is linked to the country to operate the service,” giving both data and operational control.
Currently, this service – known as Google Cloud Dedicated – is only available in France, though a German expansion is coming.
A spokesperson told me, “We have active partnerships, like the ‘The Cloud de Confiance by S3NS’ with Thales in France, designed to offer a rich set of Google Cloud services with GPUs to support AI workloads, and is operated by S3NS, a standalone French entity.”
Finally, the most stringent option is an air gap solution totally disconnected from the internet, often used in sectors like defence and intelligence.
US cloud in UK government
Those services are all very well, but how do they work with the US CLOUD Act? This controversial law is a big driver towards data sovereignty; it allows US authorities to compel US-based tech firms to provide data stored on their servers, regardless of whether that data is stored locally or on foreign soil.
Hayete says, for some customers, encryption keys guard against that scenario.
“If you’re on Data Boundary, you can control your encryption keys… If we receive a request from the government, we then direct that to the customer. Since they own their encryption keys, they can decide whether they want to decrypt that information or not.”
This sounds good in theory, but governments around the world (including in the UK) are trying to force tech firms to provide back doors into their encryption. And Google’s belief that providing encrypted data will satisfy its legal requirements hasn’t yet been tested in a court of law.
So, whether your data is protected from CLOUD Act requests as a Data Boundary customer is still up in the air; but, Hayete pointed out, local partners like France’s Thales don’t have to follow US government directives. If you’re concerned about US intrusion, Google Cloud Dedicated may be a safe route – but only if you live in France.
For everyone else, we have to rely on the legally untested protections offered by Data Boundary, or the nuclear option of air gapping.
Hayete couldn’t confirm if the UK government is a Data Boundary customer.
Lock-in
In his speech, Kyle made a big deal out of “ball and chain” legacy contracts that were costing the public sector money without delivering in return. So, it was a surprise to see him then turn around and talk passionately about the new deal with Google. What, I asked, is to stop the same thing happening again?
“We don’t lock people onto Google stack,” said Hayete. “I think what [Peter Kyle] was saying is, ‘I’m working with a vendor that’s willing to work with us, but we [Google] will have to prove ourselves.’”
The lack of technical lock-in is a good thing. But, part of the Google-government announcement was a commitment to train and upskill 100,000 public sector workers on digital and AI skills by 2030. What about those people? Won’t training them on Google technology create indirect lock-in?
There are two tracks public sector workers can take in this training, Hayete explained. The first is a generic set of training that simply educates people about AI, cybersecurity and digital. The second allows people to choose a specialisation; this track operates on Google Cloud.
The main point of the programme is to “build that digital literacy”, which “has nothing to do with the [Google Cloud] platform.”
Hayete added, “Most of the skilling, I think, that is being envisioned is just employees who are trying to get literate in AI [and] in digital.”
You may have noticed that this isn’t an outright denial of the theory that this programme will create indirect lock-in. While the majority of people may only follow the generic training, it’s reasonable to assume that technical employees will opt to choose a specialisation using Google Cloud.
Hayete says the training is part of Google’s “responsibility to drive the [tech] ecosystem,” in the same way the company created an agent-to-agent protocol.
“At the end of the day, [that] will help our customers being able to actually deploy those multi-agent experiences. You give on one side, you get in the longer run… Like skilling: if you want the technology to be adopted, you need to make sure everybody can participate.”
The partnership between government and Google raised eyebrows when it was announced last week. While these answers will soothe industry concerns, some of the responses still lack clarity – and that’s not what you want in government.