Is AI, Serverless, and IoT Still a Priority for Public Administration?
These emerging technological areas—artificial intelligence, serverless computing, and the Internet of Things—are not dismissed but rather considered “non-prioritized” within the current needs expressed by the French Digital Service (DINUM) in its requests to trusted cloud service providers.
The DINUM has set out a framework classifying the priorities of various technological functionalities into five levels. Priority level 1 (P1) indicates the highest importance, while level 5 (P5) signifies the lowest. Any items marked as NP are categorized as “non-prioritized.” These priorities are assigned both to minimum viable products (MVPs) and to particular features.
Container Technology Prioritization
For container orchestration, the MVP holds the top spot at P1, focusing on core capabilities such as orchestrated containers. This MVP also encompasses two specific functionalities: minor version updates of the cluster and secret management through an external service.
More critical upgrades, like major version updates of the cluster and GPU-enabled compute nodes, are classified at P2. The MVP concerning container registries also falls into this category.
Automatic minor version upgrades of the cluster and shared persistent block storage are deemed important enough to be assigned to P3. Additionally, vulnerability scanning of container images and the deprecation of outdated images are placed at this priority level.
Container repository replication (both private and public) and automatic major version upgrades of the cluster are considered less critical, positioned at P4.
Some advanced features, such as service meshes and service directories, are currently non-prioritized. This also applies to secret management via orchestration platforms.
Infrastructure Component Priorities
The baseline MVP for virtual machines and compute resources is top-tier at P1, including essential elements like deprecation of VM images. Storage solutions—both block and object storage—share this highest level of priority.
When it comes to GPU-based compute nodes and auto-scaling features, these are set at P2. For object storage, features like version management, data replication across regions, internet exposure, and object locking for specific periods also fall under this priority.
At the P3 level, the MVP for file storage and its automatic storage management are considered vital. For object storage, capabilities such as restoring data containers to specific points in time are also categorized here.
Lower-priority tasks such as VM stop/start scheduling and data replication across regions, or indefinite object locking, are typically assigned to P4. Multizone replication for block storage is considered least urgent, at P5.
The list of non-prioritized elements includes advanced hardware and storage features like hot-add capacity, bare metal servers, FPGA integration, placement groups, hibernation, live migration, dedicated VMs, ephemeral instances, multi-region file storage, multi-attach storage volumes, non-disruptive volume modification, multi-region replication, cold storage solutions, and enterprise desktop as a service.
Networking Technologies and Priorities
Core networking MVPs such as DNS, private interconnection, load balancing, firewalls, and virtual private clouds (VPCs) are all top priorities at P1.
Secondary networking features—like the bastion host, VPC peering, public subnets, and the exposure of load balancers on the internet—are positioned at P2.
VPN services are rated at P3, along with web application firewalls (WAF) and third-party filtering rules. Load balancing management features, including “first available,” “least connections,” and session affinity, are also at this level.
Management of services/backend within private interconnections and DNS resolution restrictions within VPCs are set at P4. Multi-region DNS features such as GeoDNS and failover mechanisms are at P5.
Advanced CDN (Content Delivery Network) and DDoS mitigation layers, covering network and application layers, are currently non-prioritized. There are also several non-prioritized VPC-related features including Bring Your Own IP, traffic cloning, flow logging, IPv6, and connectivity verification.
Security Priorities
Fundamental security MVPs like Identity and Access Management (IAM), federation between Identity Provider (IdP) and Service Provider (SP), and Key Management System (KMS) all hold the top position at P1. These are accompanied by key rotation and the use of hardware security modules (HSMs) that are managed by the service provider.
Security configuration compliance checks are classified at P2, while intrusion detection/prevention systems (IDS/IPS) and Security Information and Event Management (SIEM) solutions are set at P3. Vulnerability assessment and compliance reporting functions also fall into this priority class.
Real-time monitoring and automated remediation are considered less urgent at P4, with Endpoint Detection and Response (EDR) systems occupying P5. Other security services like chain-of-trust management (certification authorities), TLS certificates, and Data Loss Prevention (DLP) are currently non-prioritized.
Data Management and Storage
Data-related MVPs are prioritized as follows: relational databases and associated features such as automatic minor version updates and storage management are at P2. Documentation databases, with similar upgrade features, are also in this tier.
At P3, key-value databases with automated versioning and relational databases supporting read replicas, major version upgrades, and point-in-time restores are positioned. For document databases, features such as automatic storage management, autoscaling, and version updates are also designated here.
Further down the priority list, at P4, are caching or in-memory databases, search-optimized databases, cloning, and autoscaling for relational databases, with similar features for key-value and document databases. Data restoration to specific points in time, clustering, document lifecycle management, and automatic storage management fall into this category.
The least urgent data features (P5) include cloning for key-value and document stores, object lifecycle management, autoscaling, and major/minor version updates. Multiregion replication for databases is considered non-priority, along with support for data warehouses, blockchain, graph, and time-series databases.
Middleware Functionality and Their Prioritization
Middleware features such as application load balancers are set at P2, with internet exposure for the load balancer being key. Advanced load balancing options—like “first available,” “least connections,” and session affinity—reach P3.
At P4, queue management and batch data processing services are emphasized, including minor and major version upgrades and autoscaling. Higher-level middleware functions like scheduled schedulers, SMS and email notifications, FIFO queues, and batch processing autoscaling are positioned at P5.
Numerous middleware services remain non-prioritized, including API management, data buses, orchestrated schedulers, ETL processes, data visualization, data catalogs, anonymization, and real-time data streams.
Administration and Operational Oversight
Core administrative tasks such as quota management, usage tracking, and IT asset management are top priority at P1. Monitoring of consumption forecasts and alert systems for budget thresholds are at P3, with environmental monitoring MVPs—covering Power Usage Effectiveness (PUE) and Carbon Usage Effectiveness (CUE)—at P4.
Billing systems and resource reservation alerts are classified at P5. Other operational functions, like quota management during workflows, license management, tier three configuration events, Cloud Shell services, service catalog management, and patching, are currently non-prioritized.
Categories of Non-Prioritized Services
All MVPs related to development tools—such as integrated development environments (IDEs), code assistants, repositories, code review tools, build management, and artifact repositories—are not prioritized.
Similarly, features pertaining to testing—such as reference datasets, data management, Software Composition Analysis (SCA), code quality checks, load testing, static and dynamic application security testing—are deferred.
Serverless computing functions in languages like Python, Node.js, PHP, Java, .NET, and Ruby are also not currently prioritized. Advanced AI tools—such as notebooks, studio environments, content security, video indexing, speech synthesis, translation, and recommendations—are considered lower in priority.
Mobile applications, media processing workflows, Internet of Things (IoT) messaging, digital twins, asset management, and data migration (servers, storage, databases, containers) are also categorized as non-prioritized. This list may extend to deployment tools for applications and middleware, as well as database provisioning.
Main Regional Service Requests and Priority Assignments
For regional implementations, top priorities at P1 include MVPs for object storage, private interconnection, VPC, IAM, KMS, and quota management.
At P2, critical services include orchestrated containers, container registries, network firewalls and load balancers, backups, configuration compliance, and network/ infrastructure/container monitoring.
Second-tier services at P3 encompass bastion hosts, WAF, relational databases, document databases, application load balancers, IDS/IPS, SIEM, and budget alerts. Moving further down, P4 covers file storage, key-value databases, batch processing, and vulnerability scanning. The lowest tier, P5, includes message queues, scheduled orchestrators, SMS and email notifications, in-memory caches, EDR solutions, and search databases.
Some lower-priority services are VM and compute solutions, as well as environmental monitoring.
Prioritization When Incorporating Encryption
Considering encryption—particularly with external keys—five MVPs are strongly prioritized at P1: VM/compute, block storage, object storage, network firewalls, and KMS.
Container management and registry MVPs shift to P2, akin to relational and document databases. Next, at P3, are backup, security compliance, IDS/IPS/SIEM, and infrastructure/network/container monitoring.
At P4, encryption-focused MVPs include file storage, key-value databases, and vulnerability assessment. In the lowest tier, P5, encryption-related MVPs involve deployment, messaging queues, scheduled orchestrators, batch processing, notifications, caching, and search databases.
Security management MVPs within administration and oversight domains are not prioritized—and neither are load balancer security features, VPC security, WAF, or EDR solutions. Notably, encryption features become more prominent at higher priorities if external cryptographic keys are involved, with container registries and databases also descending in priority when encryption is applied.
Data Backup and Recovery Priorities
Critical backup and recovery features feature prominently at P1—specifically, for virtual machines, block storage, and object storage. At P2, document databases are included, followed by file storage and key-value stores at P3. The search-optimized databases are further down at P4.
In summary, while cloud technologies like AI, serverless, and IoT are not deemed immediate priorities, they are acknowledged as important future areas, with current focus remaining on core infrastructure, security, and storage elements essential for public administration.
