SAP has cut European deals with Microsoft, Capgemini, and Orange to ostensibly deliver an emergency disaster recovery failover if Microsoft is legally blocked from delivering European services.
The plan is unlikely to be needed, analysts agree, but it wouldn’t likely work for very long even if it was needed, based on the scant details the companies announced on Tuesday.
SAP, through its wholly-owned Germany-based Delos Cloud, along with Microsoft and France’s Bleu (owned by Capgemini and Orange), are touting a partnership to “support Europe’s digital sovereignty and resilience in crisis scenarios.” Additionally, Delos Cloud and Microsoft signed a separate agreement to ensure business continuity if sanctions restrict Microsoft’s cloud services in Europe.
“Delos Cloud and Bleu signed a mutual assistance commitment for cross-border cooperation in extensive crisis and emergency scenarios. This includes technical and operational cooperation to ensure rapid, coordinated crisis response even in extreme scenarios, such as military conflict or cyberattacks,” SAP’s statement said. “This partnership includes enabling cross-border capabilities for early detection, analysis, defense, and remediation of cyber incidents.”
US is the wildcard
Analysts said the EU and the UK, along with regulators from other regions including Japan, Australia and Canada, are highly unlikely to fully shut out Microsoft, a move known as the kill switch. The United States, however, is the wildcard. If US government officials want to pressure European governments for some reason, they might threaten to ban US hyperscalers from servicing the region.
Danilo Kirschner, managing director of the European cloud-native IT consulting firm Zoi, pointed out, “there have been non-logical nonsensical decisions in the past year” from the US government. “From a European perspective, we need to prepare for anything.”
Dario Maisto, senior analyst at Forrester, shared the concern that the US would be the only government likely to try to pull a kill switch.
“The big problem nowadays is not the EU cutting off these hyperscalers. This is not going to happen. Some 75% of the EU market is in the hands of the hyperscalers,” Maisto said. “But what if the US administration pulls the kill switch? It would be the weaponization of IT, because the US knows about this dependency.”
After all, Maisto added, “the kill switch is something that the US would pull because they want to sanction some companies, they want to frighten some countries.”
Biggest problems are technical
But both Maisto and Kirschner agreed that a much more problematic issue is technical. The problem is that a strict interpretation of regulatory restrictions in a kill switch scenario would likely make a Microsoft failover deal nonviable after a relatively short period, because Microsoft could not provide the support it typically delivers.
When contacted by CIO seeking comment, Microsoft media relations said that it was “looking into this for you” and did not provide further comment by the time we published.
“How long can the Microsoft platform survive with no updates from Microsoft in the Delos Cloud?” Maisto asked. “Will they have time to migrate workloads?”
Kirschner was even more adamant.
“Although the deal satisfies the sovereignty requirements of the EUCS [the European Cybersecurity Certification Scheme for Cloud Services] by legally transferring control, the operational reality is far riskier. Having the technology is not the same as having the know-how to run it,” Kirschner said. “Azure is millions of lines of code updated daily. Running a lifeboat version of it, disconnected from Microsoft’s global security intelligence and engineering graph, risks rapid security degradation and feature stagnation. It creates a fragmented franchise model for the internet that other nations may soon demand, but the operational viability of such a severed cloud remains untested.”
Kirschner added, “this break glass scenario glosses over the physical reality: disconnecting from the global grid would trigger an immediate, massive requirement for independent infrastructure management and energy resources to sustain hyperscale workloads that were never designed to run in a regional vacuum. If Delos/Bleu had to take over operations in a crisis, they would be doing so on a grid that has zero buffer capacity and without the option to shift workloads to a different region to load-balance, which is Microsoft’s standard operating procedure.”
The ultimate technical problem is, he said, “an Azure environment severed from Microsoft’s global engineering brain—security patches, AI updates, optimization—will degrade quickly. This is a lifeboat, not a luxury liner. Your disaster recovery plans must account for the fact that a sovereign cloud in crisis mode will likely be a static, maintenance-only environment.”
But all of that addresses software issues. What about the hardware?
“Azure runs on highly specialized, custom-designed server gear and networking equipment. If geopolitical tensions are high enough to block software access, how will you source the specific proprietary hardware required to repair or expand this infrastructure without violating the same sanctions?” Kirschner asked. “If you activate this clause and take over operations, you are effectively forking Azure. How do you plan to merge back? If the crisis lasts six months, the global Azure platform will have moved on. Are you telling CIOs that their rescue environment will eventually become a technological dead end that requires a total rebuild to reconnect to the global grid?”
More risk management than compliance
Setting aside the technical concerns, even the attempt to create such a partnership signals that Microsoft is either taking seriously the threat of a kill switch, or at least believes that enterprise executives are concerned enough to make this move to placate them.
“This agreement will have to be tested in court once the problem happens, when it could be too late,” Forrester’s Maisto said. “This is not compliance as much as risk management. The likelihood is really really low in my opinion, but the impact would be massive.”
Kirschner said the marketing finesse of the Microsoft/SAP deal deserves some applause.
“This agreement is a strategic masterstroke that effectively turns sovereign cloud from a compliance blocker into a disaster recovery plan,” Kirschner said. “By offering a break glass option where local partners like Delos and Bleu can access source code during geopolitical ruptures, the EU tries to guarantee digital sovereignty and resilience in crisis scenarios. But can it really work?”
He paints the picture in terms of geopolitics.
“While hardliners like France want to ban US cloud providers from the highest sovereign level, Microsoft paradoxically cements its vendor lock-in,” Kirschner said. “They have removed the single biggest political risk to using American hyperscalers in the public sector. But what is the alternative? The EU simply doesn’t have the technology, nor the infrastructure, to be truly independent from the big three in the US.”
Read More from This Article: SAP touts Microsoft disaster recovery plan for Europe; Analysts doubt it will work
Source: News