A strategy for the Italian Public Administration’s digital infrastructure
“National Strategic Pole” proposed as a security measure for all basic digital services belonging to the Italian Public Administration, saving billions of euros
Questo articolo è disponibile anche in italiano
Digital infrastructures may be invisible, but are no less important and strategic than other, visible infrastructures like freeways, railways, power stations and electricity grids. Digital infrastructures are made up of networks and servers through which a country’s strategic services travel every day; they manage sensitive citizen information and make the operation of critical systems like healthcare, security and telecommunications possible.
To date, the problem with digital infrastructures is that they are, with very few exceptions, in a state of total chaos. To cope with this situation, the Digital Transformation Team has begun to work on digital and cloud infrastructures. The goal is to:
- reduce the enormous waste of energy and resources, saving Public Administrations many billions of euros;
- increase the security (including the physical security) of the infrastructures used by the country’s most important services.
We want to move Italy away from its current inefficient system by adopting a model used by the most exemplary countries in Europe and the rest of the world. Here we will share with you our strategy for achieving these goals.
From out of the rubble
Describing the current scenario is the first step in understanding what we’re talking about and why digital infrastructure is so urgent.
There are currently about eleven thousand data centers in Italy. Together, they serve more than 22,000 central and local Public Administrations. This means that for every two administrations, there is approximately one data center, a scenario in which almost every municipality manages its own services. These may be located in a specially rented building or (in the case of smaller centers) a basement, a citizen’s personal desk or the Town Hall.
This situation involves a number of negative consequences. In particular:
- Managing a data center, even a small one, is very expensive. Maintenance costs, rent, energy consumption, the need to dispose of heat generated by the plant, machine obsolescence and connectivity all contribute to the high costs. Multiply this cost by eleven thousand individual data centers and the amount spent reaches approximately two billion euros a year. That’s nearly a third of the roughly 5.8 billion euros spent by the Italian Public Administration each year on ICT (Consip/Smith).
- Small data centers are poorly secured, not only in terms of information security but also in terms of physical security and the protection of servers and their functioning. Data centers are almost always located in unsuitable places like residential areas, or in places associated with seismic or hydrogeological risks. This isn’t a theoretical problem: there are many cases in which public services have gone haywire due to exogenous factors like a sudden blackout, an explosion caused by a gas leak in an adjacent apartment, or, in the most extreme example, the earthquake of Amatrice.
The situation is so critical that legislators already set forth clear objectives for rationalizing sites and digital infrastructures back in 2012 (“Growth Decree 2.0” — DL 179/2012).
Three Pronged Strategy
The Digital Team set as first goal the rationalisation of the Public Administration’s digital infrastructure by drafting a short, a medium and a long-term strategy (available in Italian). A Three Pronged strategy designed to solve the problems we’ve just described.
The strategy is based on the fundamental distinction between:
- Non-essential public services. These are the vast majority of services managed by local and central authorities. They have no strategic value in terms of the security and functioning of the country’s operating system. This category includes widely used services like email, protocol register, and institutional press releases.
- Essential or strategic services, expressly listed as such by the European Union’s NIS directive (2016/1148) on computer and network security. These services involve healthcare, energy, transport, banking, financial market infrastructure, the supply and distribution of drinking water, and digital infrastructures. Due to their strategic nature, these services cannot be interrupted and must be protected with the highest level of security.
Clarifying this distinction is important because the two macro-areas require radically different actions, as outlined in the strategy’s three points.
1. The non-essential services cloud
The first area on which the strategy focuses is the increased use of the cloud for managing non-essential services and sharing the infrastructures that make their functioning possible. This requires moving from a model in which each Public Administration manages all of its services internally, to one in which some services can be managed through cloud, with contributions from private or public suppliers (i.e. other Public Administrations, in-house companies, or free-market companies).
Using cloud to manage an ever-increasing number of services makes it possible to:
- liberate institutions from infrastructure and maintenance costs, relegating them to suppliers (cloud service providers) responsible for supplying services and guaranteeing their operation;
- reduce service costs, even with regard to economies of scale, through the aggregation of requests for the same type of service coming from multiple public administrations;
- boost the growth of small Italian ICT companies, the ideal actors for providing a vertical demand for specific services (as in the already mentioned examples of protocols register and institutional press releases).
This area of intervention is called Public cloud and was discussed in more detail in a post from 2018, “From infrastructure to services.” The post also explains how different types of services can take advantage of the cloud’s benefits (e.g. outsourcing infrastructure or relying on a provider to manage part of the process, if not the entire service).
The goal is to develop a market for public services in cloud, creating a demand that will have to be met by qualified suppliers according to the criteria established by the Agency for Digital Italy (Agid newsletter n.2 and n.3 from April 9, 2018, available in Italian), which guarantee reliability (security) and consistency with the public sector (e.g. avoiding lock-in).
In another post from 2018, “Differently connected: a virtuous example” (available in Italian), we showed how the use of a cloud infrastructure saved the Court of Auditors 750,000 euros a month, also generating increased efficiency for the service.
2. The National Strategic Pole for digital infrastructures
The strategy’s second area concerns securing all essential services managed by the Italian public administration, premised on the distinction between essential and non-essential services.
This second point proposes the creation of:
- a small number (between three and seven) of national data centers, built according to maximum security and energy efficiency criteria and located on as many suitable sites throughout the country;
- An administrative entity, the National Strategic Pole for digital infrastructures, which, at the central level, will be responsible for managing these data centers in a coordinated manner.
By suitable sites, we mean places without associated seismic or hydrogeological risks that are far from urban centers but guarantee the proximity of multiple electrical networks, the connectivity of numerous operators, and adequate military defense. These are all requirements that many of the small data centers presently in operation cannot fulfil.
It’s important to clarify that the role of the strategic pole is not to manage services but only to make physical places, capable of operating at the highest level of security and energy efficiency, where public administrations can keep their servers. The only services offered will be:
- the physical space inside a protected building (controlled access, perimeter defense);
- electricity and a ventilation system with which to expel heat, using technologies for optimizing the amount of energy used.
Central Public Administrations (ministries) and local authorities (regions and municipalities) will be able to move their servers from their premises (or from under the stairs, as we have seen!) to these centers and continue to manage them in total autonomy, without ever having to leave the office. This is why the strategic pole’s activities should not be confused with those of other central poles, which already provide cloud services (i.e. Sogei, which administers the ANPR national registry service).
Offering a space where Public Administrations can keep their servers seems like a minor step. However, this transition, which can be achieved in the short/medium term, makes it possible to provide security for both servers and services and guarantees huge economies of scale, avoiding costs due to energy waste (efficient infrastructures consume one tenth the energy of obsolete ones), renting ad hoc premises and establishing security systems, insurance, connectivity, etc. for individual administrations. Just think: in a shared space, connectivity between two administrations can be achieved with a simple cable linking two servers within the same building.
The relocation of servers as the first step in this process could then allow important developments to take place as part of a second phase, eventually making it possible for the National Strategic Pole to offer cloud infrastructure services (IaaS), including virtual servers, which Public Administrations can use to manage their own services independently. This development would represent another step forward in terms of both service efficiency and energy savings.
The idea of a central pole comes from the very strong economies of scale that can be generated if you consider that calculation capacity is a utility provided by a handful of large centers to whoever needs it. It’s a bit like electricity: nobody would think of installing a power plant in the basement. We all buy energy from a few national providers with the skills and infrastructure for producing the service safely and efficiently.
Central poles have already been successfully implemented in other countries around the world, as well as by many large private companies (among them, Eni). For example, in 2013 the UK Government launched the Crown Hosting Data Centres project, which made it possible to:
- activate two national data centers in 2015;
- unite the platforms of nearly all central Public Administrations (24 out of 27) and five local administrations.
Thanks to this simple step, every administration to adhere to the project has recovered the cost of transition within the first year and saved up to 60 percent in management costs by the second year. At the same time, the British government can now enjoy greater security for many of its most important services, including defense, healthcare, education and law.
3. The process of service transformation
Transitions don’t happen overnight. Even the rationalization of digital infrastructures that provide services must be accompanied by a cultural transformation.
We want to facilitate this transformation with the creation of “competence skill centers” that bring together IT technicians, experts and managers from a variety of Public Administrations to define and promote standards, processes and regulations designed to help institutions:
- map their own services;
- distinguish between essential and non-essential services;
- manage the transition of essential services to the National Strategic Pole;
- evaluate which non-essential services to manage in cloud, according to which strategy.
We have already begun work on this process, in collaboration with the Agency for Digital Italy, and will be publishing a post with more details in the coming weeks.