Bavaria: "Don't rely on open source alone"
Bavaria wants to build a central IT infrastructure – with the Anstalt für Kommunale Datenverarbeitung in Bayern on board, but also Microsoft.
(Image: SuPatMaN/Shutterstock.com)
After Bavaria's Microsoft plans became known, the state is now presenting its digital strategy. It is intended to bring state and municipalities to a common digital standard. Wolfgang Bauer from the Bavarian Ministry of Finance presented the results of the "Future Commission Digital Transformation" in Munich. It is intended to set the guidelines for digital administration in the coming years.
Bauer recalled the increase in cyberattacks on cities and districts, which had caused IT outages lasting for weeks in many places. Often a missing update, an open mail server and entire administrations come to a standstill. According to Bauer, an important building block of the digital strategy is therefore a central municipal IT service provider.
"We want secure, scalable, cost-effective IT infrastructure through bundling of IT tasks and central operations," said Bauer. In Bavaria, there is "a special situation with an institution under public law." The Anstalt fĂĽr Kommunale Datenverarbeitung in Bayern (AKDB) is already a large provider, "which, of course, is not a mandatory service provider for municipalities." The AKDB is not to be sidelined; instead, the state wants to "restructure it, spin off parts [...] and develop this municipal IT service provider from it."
Multi-stage architecture
Bauer also held out the prospect of a possible model according to which particularly sensitive data could be processed in Bavarian data centers. For data with medium protection requirements, processing by German cloud providers such as Ionos, Telekom Cloud, or StackIT is possible. Less critical applications via services such as Microsoft Azure, Amazon Web Services (AWS), or Google Cloud – all coordinated by a central cloud service provider.
Videos by heise
However, this excludes police IT in Bavaria – similar to the tax sector – which has a historical special status and is therefore not part of the general data center consolidation. Both areas operate their own highly secure data centers but are strategically subject to the same security requirements.
Control by the State Office for Information Security
Bauer also emphasized that centrally operated cloud solutions are more secure in his view than individual local systems. Security updates and monitoring can be implemented more professionally there. The supervision and security of the systems are to be coordinated by the Landesamt fĂĽr Sicherheit in der Informationstechnik (LSI), which already monitors the state authorities' network. The LSI analyzes and checks security-relevant incidents daily, detects attacks early, and can therefore initiate countermeasures at short notice. "The moment a municipality is integrated into the authorities' network, all security functions are immediately activated. This means that the LSI monitors the security situation in the authorities' network daily in the situation center. And when a municipality joins, the municipality is also monitored," said Bauer.
Additional agreement for Microsoft
An additional agreement with Microsoft was reviewed and approved by the Bavarian State Commissioner for Data Protection, Dr. Thomas Petri. Bauer emphasized: "Data protection is a very, very high asset that should not simply be abandoned in Germany." One should only consider "how far that has to go." As an example, he cited the complex configuration of M365: "There are Excel spreadsheets with 1500 pages, plenty of lines where I can tick boxes everywhere." Every point could be discussed for hours, and at the same time, administrators must be trusted. In his view, there is a risk that "we will no longer progress in digitalization." Therefore, such processes are to be regulated centrally in the future.
When asked whether it was actually more economical to purchase software from the market rather than developing it yourself, Bauer explained: "If I just consider Google's Chrome browser: there are 350 people in Munich who do nothing else all day but develop and further develop the browser." This is only about a browser and not yet a complex application. "I don't know if that can be achieved in state structures, or if one wants to," Schröder raised concerns.
Open Source vs. Proprietary
In his opinion, proprietary standard software solutions are generally more economical to purchase as long as they offer the required quality and security. State in-house development is only sensible where no suitable solution is available or particularly high security requirements exist. In response to the question about rising costs for license models, as is the case with Geographic Information Software Esri, Bauer replied that this is a question of digital sovereignty. An alternative would be hybrid approaches with open-source components. This requires more in-house personnel and developers who can further develop such a solution, "because then I cannot rely solely on the open-source community to implement everything I need, perhaps also quickly for security requirements, immediately."
Finally, Bauer gave a cost example and referred to the IT service provider Dataport. The price at Dataport for OpenDesk is 30 euros per user per month, Microsoft's list price is 50 euros. "However, if you consider that M365 includes a lot of endpoint security, the difference is not as economically significant as is often claimed," said Bauer.
Digital Only
Another pillar of the strategy is "Digital Only." Administrative services are to be offered digitally, and paper-based duplicate processes are to be reduced. People who do not own or can operate devices are to receive help accessing services. This must be well organized "in the field." Therefore, there should be contact points, for example in town halls, where navigators go through the process with people who cannot do it themselves. The Once-Only principle is also to be implemented: citizens should only submit data to authorities once. This has been possible in Austria for a long time.
Bavaria AI
Another focus of Bavaria's digital offensive is the targeted use of artificial intelligence (AI). Bauer emphasized that this is not just about individual pilot projects, but about building a long-term sustainable platform. It is planned to support processes such as document review, text classification, or application analysis with AI, while simultaneously adhering to strict data protection and security standards. The generative "Bavaria AI," which currently runs with OpenAI within the Azure cloud, is to be expanded to provide administrations with intelligent tools for language, translation, and knowledge management.
For this purpose, Bavaria is currently building its own AI infrastructure to make administrative processes more efficient. The IT Service Center Bavaria (IT-DLZ) has already procured 40 GPUs from Nvidia for this. These will be used to train and operate AI models in the state and municipal sectors without sensitive data leaving Bavaria.
(mack)
