Norwegian public and private enterprises outsourced services for many years. This allows them to focus on their core activities and leave for example IT services to an external party. In recent years cloud computing has become an important outsourcing alternative. We see that a growing number of both infrastructure and software services are being supplied in the cloud. This also applies to services aimed at the public sector.
One could ask whether we need a separate strategy for cloud services; after all, we have been outsourcing services for many years now. However, cloud services differ from traditional outsourcing models in important areas which create challenges for enterprises considering using such services and, in particular, for public sector enterprises: it is not always possible to know exactly where or when data is stored or processed, and the agreements regulating these services are often standard contracts issued by the service providers. Many enterprises have concerns about the security of cloud services and whether current regulations permit their use.
The public sector must become more cost-effective in the coming years, and the use of ICT and the digitisation of services constitute a vital element in this process. But the operation of digital services and public ICT systems must also be cost-effective. In the Circular on digitisation for 2016, which applies to all public sector enterprises, we therefore require that they consider cloud services as an alternative when procuring ICT. In this strategy we propose measures to make it easier for both public and private enterprises to conduct this type of assessment.
It is also important that public sector enterprises operate their ICT systems reliably and securely. A key element of the development of this strategy has been to assess existing legislation to ensure that it makes clear what is permissible and what is not. In following up this strategy, we will establish resources that can provide guidelines for procurement of cloud computing on topics such as: information value assessment, information security, risk assessment and contract management for the public sector. Such resources will also have transfer value for business and industry.
During the development of this strategy the Ministry of Local Government and Modernisation has held workshops with public sector enterprises, municipalities and the ICT industry, as well as regular meetings with an advisory group with representatives from central government, local government and key stakeholders in data protection and security. During the same period, the Norwegian Association of Local and Regional Authorities has conducted a feasibility study of the use of cloud computing in the municipalities. The two projects have cooperated closely. I would like to thank everyone involved for providing important input.
Jan Tore Sanner
Minister of Local Government and Modernisation