Le politiche dell’innovazione per la crescita del digitale ... · sviluppo dell'economia e della...

PwC Digital & Innovation

Le politiche dell’innovazione per la crescita del digitale in Italia

Massimo Pellegrino Partner PwC-Strategy& Digital Strategy & Inovation Leader

PwC’s Digital Services

Politiche, Strategie, Risorse

Strumenti


PwC’s Customer Practice

Politiche e Strategia di Innovazione

Strumenti

A livello europeo, nazionale e regionale esistono numerose politiche e strategie per stimolare l’innovazione, la digitalizzazione e la competitività

Innovation Union

Digital Single Market

EU Industrial Policies

Industria 4.0

Piano Triennale P.A

PON Ricerca e Innovazione Strategia EU 2020

Smart Specialization Strategy Strategia per la banda larga

Strategie di specializzazione intelligente Naz/reg

Strategia per la crescita digitale

PON Imprese e Competitività

POR FESR – Ricerca e Innovazione, Agenda Digitale, Competitività


Risorse per l’Innovazione

Negli ultimi anni si sono moltiplicate le opportunità di finanziamento a sostegno delle politiche e delle strategie di innovazione

Horizon 2020

COSME

77 € Mld

2,3 € Mld

InnovFin Finance for Innovators 48 € Mld

EFSI 315 € Mld

FESR- Ricerca e Innovazione 3,3 € Mld

PON- Ricerca e Innovazione 1,2 € Mld

Industria 4.0 7,1 € Mld

Agenda Digitale

PON- Imprese e Competitività 2,3 € Mld

10,5 € Mld

Strumenti


Italia

Risultati


Innovation Scoreboard

Risultati

L’Italia si conferma un Moderate Innovator. Nel corso del tempo (2010-2016) le performance sono diminuite dello 0,2 %.

Le performance dell’Italia si mantengono costantemente al di sotto della media euopea

L’Italia si posiziona 23° nell’Innovation Index (20° se consideriamo solo i Paesi di EU 28).


Digital Economy and Society Index

Risultati

l'Italia è al 25esimo posto. Per quanto riguarda l'utilizzo delle tecnologie digitali da parte delle imprese e l'erogazione di servizi pubblici online, l'Italia si avvicina alla media. Rispetto all'anno scorso ha fatto progressi in materia di connettività, in particolare grazie al miglioramento dell'accesso alle reti NGA. Tuttavia, gli scarsi risultati in termini di competenze digitali rischiano di frenare l'ulteriore

sviluppo dell'economia e della società digitali.

Digital Economy and Society Index (DESI) 2017 ranking

4 Integration of Digital Technology

5 Digital Public Services


Digital Competence

Risultati

Sempre più persone sono on-line, ma le competenze restano basse in tutti gli indicatori. Le competenze digitali sono ormai un fattore strategico per la competitività del nostro sistema socio-economico, ma la consapevolezza della loro importanza è ancora troppo poco diffusa così come poco diffusi sono gli skill nelle imprese, nelle pubbliche amministrazioni, nei cittadini. Le stime per l’Europa prevedono la creazione di nuovi posti di lavoro per ruoli e professioni a elevata qualificazione e una diminuzione significativa di quelli a bassa qualificazione.

Human Capital

Digital competence

Employment


La consapevolezza della loro importanza è ancora troppo poco diffusa così

come poco diffusi sono le skill nelle imprese, nelle

pubbliche amministrazioni, nelle

università

85 mila Posti scoperti

DIGITAL COMPETENCE


Disallineamento tra beneficiari e politiche di innovazione

Problema 1


Trasferimento Tecnologico

SISTEMA PRODUTTIVO SISTEMA DELLA CONOSCENZA

• Difficoltà a comprendere il fabbisogno specifico di innovazione e tecnologia

• Difficoltà a selezionare competenze specifiche

• Difficoltà ad integrare la tecnologia all’interno della catena del valore

• Difficoltà nel definire strategie tecnologiche e manageriali

• Difficoltà di allineare le evoluzioni strategiche aziendali alle evoluzioni tecnologiche

• Difficoltà sistema della conoscenza a formare risorse competenti nei settori più richiesti

• Difficoltà sistema della conoscenza nel tradurre i risultati della ricerca in servizi e prodotti migliori

• Difficoltà sistema della conoscenza nel trasformare le proprie scoperte in modelli di business competitivi

Problema 1


“Culture eats strategy for breakfast”

Problema 2

Peter Drucker


Cultura del digitale

Il digitale non è un elemento elitario all’interno delle aziende. Ovvero non può essere riferito a singoli campioni che uniscono in modo ottimale e creativo profonda conoscenza del contesto aziendale con un ottima preparazione in termini di conoscenza e cultura dei nuovi paradigmi digitali.

E’ un processo collettivo che deve essere affrontato dalla socializzazione delle nuove esigenze culturali indotte dall’innovazione e necessarie per tutti i lavoratori e per tutti i lavori.

LA CULTURA DIGITALE NON E’ PIU’ SOLO UNA DISCIPLINA O UNO SPECIFICO MESTIERE, MA UNA NUOVA VISIONE IMPRESCINDIBILE DEL MONDO, DAL LAVORO AL VIVERE QUOTIDIANO

Problema 2


Ricostruire pragmaticamente la distanza tra beneficiario e politica di innovazione

Applicazione


Ha adottato la sua Strategia di

Specializzazione Intelligente focalizzando gli interventi su 5 ambiti

tematici

15

Regione Basilicata

100 Mln


T3 Innovation_Soggetto intermedio di

Trasferimento Tecnologico e Innovazione della Regione Basilicata

16

PwC


T3 Innovation

STRATEGIA DI SPECIALIZZAZIONE INTELLIGENTE REGIONE BASILICATA

IMPRESE STARTUP RESEARCHER NEET

T3 Innovation è il soggetto catalizzatore della Strategia di Specializzazione Intelligente della Regione. Il suo obiettivo è favorire la crescita del livello di competitività del sistema produttivo e del sistema della conoscenza regionale principalmente nelle cinque aree di specializzazione individuate: Aerospazio, Automotive, BioEconomia, Energia, Industria Culturale e Creativa.


T3 Innovation_Ecosistema

La finalità che si intende perseguire è quella di creare un sistema virtuoso di collaborazione tra il sistema produttivo e il sistema della conoscenza regionale, riuscendo a supportare l’attuazione degli investimenti in politiche di innovazione e di sviluppo.

SISTEMA PRODUTTIVO

SISTEMA DELLA CONOSCENZA

SISTEMA IMPRENDITORIALITA’ INNOVATIVA

SISTEMA PUBBLICO

SISTEMA FINANZIARIO

ECOSISTEMA


T3 Innovation_Servizi per le imprese Da concordare con Massimo

Integrare la catena della conoscenza all’interno della catena del valore aziendale

SCREENING MEETING INNOVATION AUDIT LEARNING PAGE

PERISCOPE SERVICE DESIGN INNOVATION REPORT


T3 Innovation_Servizi per la ricerca Da concordare con Massimo

SCREENING MEETING VERIFICA

TRL LEARNING

PAGE

ASSESSMENT EXPLOITATION STRATEGY

STRATEGY EXECUTION

Valorizzare i risultati della ricerca attraverso la protezione della proprietà intellettuale e l’applicazione in campo industriale delle scoperte scientifiche

MAPPING

EXPLOITATION PLANNING


T3 Innovation_Servizi per le startup

SCOUTING MEETING ENGAGE &

EVA. LEARNING

PAGE

INCUBATE START

ACCELERATE INCUBATE PROTOTYPE

Trasformare le idee in progetti imprenditoriali solidi ad alto contenuto tecnologico

BUSINESS PLANNING

EXIT


L’Ufficio di Trasferimento Tecnologico e Innovazione della Regione Basilicata ha sede presso il Campus Universitario di Macchia Romana, Potenza. Gli spazi sono stati pensati per facilitare l’emersione di idee, la collaborazione e la co-progettazione. Siamo convinti che per realizzare progetti innovativi anche gli spazi fisici debbano facilitare l’applicazione di nuove metodologie che mettono l’utente, e i suoi bisogni, al centro.

T3 INNOVATION HUB


T3 Innovation_HUB

La distribuzione degli spazi riflette il flusso della metodologia con la quale vengono erogati i servizi di consulenza strategica:

Area riservata alle postazioni degli Innovation Advisor che sono quotidianamente impegnate sulle Linee di Attività oggetto del Servizio; è l’area in cui si svolgono le attività di assessment in relazione alle esigenze dell’utente.

Area dedicata allo sviluppo di nuovi servizi tramite la collaborazione e la co-progettazione tra gli stakeholder coinvolti a vario titolo su progetti specifici di innovazione e trasferimento tecnologico; è l’area in cui si progettano nuove soluzioni.

Area dedicata a sviluppare prototipi basati sulle App della Google Cloud Platform e G-Suite con la finalità di definire e testare (anche tramite metodologie di design thinking) servizi tecnologici innovativi; è l’area in cui si integra la tecnologia all’interno dei progetti.

PROTOTYPE DESIGN ASSESS


PLATFORM


KIT2B

L’erogazione dei servizi del progetto avverrà tramite l’utilizzo della piattaforma kit2b.

La piattaforma tecnologica è uno strumento operativo a supporto del management of innovation.

Confidential information for the sole benefit and use of PwC’s client. 25

COLLABORA COMUNICA

GESTISCI

ARCHIVIA


RISULTATI


T3 Innovation_RISULTATI (2 mesi)

STARTUP RESEARCHER IMPRESE

40 46 25


EMPOWERING EVERYONE TO INNOVATE

Grazie per l’attenzione

www.t3basilicata.com

Cloud Federation-as-a-Service:Opportunities for the Cloud providersInnovative and secure solutions to stand out in the Public sector

market and beyond

2

DISCLAIMERSUNFISH (SecUre iNFormatIon SHaring infederated heterogeneous private cloud) isfunded by the European Commission’sHorizon2020 Research and InnovationProgramme. The information and views set outin this publication are those of the SUNFISHConsortium and cannot be considered to reflectthe views of the European Commission.

November 2017

1

Topics1. Executive Summary…………………………………………………………….………….. 2

2. Cloud Computing Opportunities in the Public Sector….……….……….. 3

3. The SUNFISH Proposal……………………………………………..…………….......... 5

a. A Cloud Federation service for the Public Sector….…….. 5

b. SUNFISH Key Components,…….………………….…………......... 7

4. SUNFISH Use Cases………..……………………………………………….…….…………10

a. Ministry of Economy and Finance (MEF) of Italy: Onlineservices for managing personnel salaryaccounts…………………………..………………..………………..……….. 10

b. Ministry of Finance of Malta (MFIN): Use of Public CloudPaaS to host SaaS and/or to integrate with commercialSaaS solutions and MFIN own private cloud to providedata to MFIN, while ensuring data confidentiality, integrityand availability………………….…..…………….……..…………………12

c. South East Regional Organised Crime Unit (SEROCU) in UK:Secure Cloud Storage forData………….…………..……………..……………………..…………………14

2

EXECUTIVE SUMMARY

This document aims at demonstrating how the innovations developed throughSUNFISH enable interoperability and resource sharing among different cloudinfrastructures in order to encourage a better utilization of each PublicAdministration’s private cloud and improve security in federated cross borderclouds. It will provide an overview of the technology developed throughSUNFISH, both in its entirety and in its separate components, showing howcloud providers can benefit from its result to increase their offer.

SUNFISH guarantees: i) a blockchain solution for democratic and decentralisedcloud federation governance, ii) a dynamic federation of clouds and theirservices with service level and optimal workload, iii) advanced, innovativeprivacy-preserving services enforcing access control and monitoring.

The SUNFISH technology provides a specific solution to the lack ofinfrastructure and technology in European public sectors and in publicadministrations of EU Member States (and beyond) allowing the federationof private clouds.Funded by the European Union within the Horizon 2020 framework, theSUNFISH Project has been developed by a Consortium composed of elevenpartners: Ministero dell’Economia e delle Finanze (Italy); Ministry of Finance(Malta); Malta Information Technology Agency (Mailta); South East RegionalOrganised Crime Unit (UK); Università degli Studi di Roma, La Sapienza(Italy); Technische Universität Graz (Austria); University of Southampton(UK); Cybernetica (Estonia); IBM (Israel); PwC Advisory SpA (Italy) and A-SIT,Zentrum für Sichere Informationstechnologie (Austria).

3

CLOUD COMPUTING OPPORTUNITIES INTHE PUBLIC SECTOR

Cloud computing solutions are now among the most innovative tools and itsadoption within European public sector organisations would allow them to takethrilling advantages from their adoption. While in a rapidly evolvingenvironment, cloud services are one of the cheapest means to secure a largepart of e-Government services with improved features of effectiveness,efficiency, transparency, participation, data sharing, cooperation,interoperability and security.

The interest in adoption of cloud computing solution also for PublicAdministration services has been emerging as a key target in the design of nextgeneration public services. This process requires the selection of the mostsuitable solutions in order to fill into the current public sector technologicalgap, and to be able to face the challenges of the “EU Digital Market” for the nextyears. Cloud computing is surely a key enabling technology in order to improveefficiency and cost effectiveness while deploying new public services.

Cloud infrastructure is capable of introducing in the public sector mechanismsfulfilling citizens’ demands and it is particularly interesting when applied tosupport the provision of governmental applications provided to citizens bypublic authorities. Nevertheless, the migration process is not always a smoothprocedure given several issues can emerge when the transition towards Cloudsolutions is applied to the Public Sector. In this case, main concerns in theadoption process for public organisations are the following:

• governance and control of ICT systems also across different PublicAdministration bodies;

• application of the concept of Quality of Experience (QoE) also to cloudservices;

• ownership and asset liability;

• security, privacy and trustworthiness;

• resilience of infrastructures and services;

• interoperability and standards;

• dependencies with vendors;

4

Given such a revolutionary contextcharacterizing new public servicesdelivered via digital means, the SUNFISHproject consortium partners have beencontributing to this challenge byfocusing on cloud development for thepublic sector.

The European Commission’s e-Government Action plan, the Digital Market forEurope Strategy as well as the European Cloud Initiative, are providing ageneral exploitation framework capable of enhancing the benefits of ICTinnovation for the public sector.

Public sector organisations are now strengthening their approach to Cloudcomputing solutions both at a National and European level. Clear examples ofthis tendency are provided by the EU Regulation 2016/679, with the EuropeanCloud Strategy, and national strategies and plans. They all foresee the adoptionof Cloud computing solutions in order to improve the efficiency and flexibilityof ICT technologies in the national public sector.

According to up-to-date studies, the main common benefits of the adoption ofCloud computing solutions for a public sector organisation are costeffectiveness, green saving, ease of implementation, flexibility, innovation,scalability, redeployment of IT personnel due to Cloud efficiency, focusing oncore competencies and sustainability.

Given the framework, the SUNFISH Project has developed a mechanism thatallows public sector players federalization of their clouds among them and withthird parties (including public clouds).

• National and Supranational regulation.

The migration process towards Cloud solutions consists mainly of four pillars:

• selection of applications/services that have to be migrated;

• technical and process challenges;

• backward compatibility with legacy applications;

• operational cloud setup.

5

SUNFISH PROPOSALSUNFISH offers a service to federate private and public clouds, enabling themto exchange data and services in a secure and controlled manner, basedon a “democratic” governance model: no federation member rules on others.More in details, SUNFISH conceives, designs and implements Federation-as-a-Service (FaaS), a secure-by-design cloud interoperability solution based onblockchain technology. This service is realised via a software platform, named“SUNFISH Platform”, whose forming components represent essential parts ofthe overall functioning. If we categorize by the kind of delivered service,SUNFISH architecture is developed to be scalable and easily adoptable to anycloud environment and cloud system via an adequate layer of API abstractions.

A Cloud Federation service for thePublic Sector

The SUNFISH project coined Federation-as-a-Service (FaaS) a secure-by-designCloud federation solution that enables public sector organisations to federatetheir clouds in a distributed and democratic manner, thanks to an underlyingblockchain infrastructure.

Federation-as-a-Service (FaaS): createsa homogenous goal-oriented aggregationof cloud systems,which allows sharingof data and services.All participating nodesare peers: they enjoythe same duties andauthorities.

The corner store of FaaS is its democratic and decentralised federationgovernance. Generally speaking, it offers the these key features:

•

•

•

Dynamic Federation of Clouds and their services with service level agreement policy and optimal workload strategies;

Cloud Federation Governance supporting trustless coalitions where participating clouds are governed by a federation contract agreed with a distributed consensus;

Privacy-Preserving Services enforcing an advanced and innovative access control and monitoring.

6

Blockchaintechnology:

Blockchain is atechnology thathas appeared onthe market inrecent years,firstly used aspublic ledger forthe Bitcoin cryptocurrency. It mainly consists of consecutive chained blockscontaining records that are replicated and stored by nodes of a peer-2-peernetwork. The records witness transactions occurred between the nodes of thenetwork. Transactions may feature a cryptocurrency like, e.g., the Bitcoin, orother kinds of assets. The collection of transactions and their enclosing in chainblocks is carried out in a decentralised fashion by distinguished nodes of thenetwork, called miners. Besides cryptocurrency, blockchain offers so-calledsmart contract, immutable program deployed and executed autonomouslyupon a blockchain.

This technology offers a decentralised computation infrastructure at hand thatalleviates the need for a trusted-third-party and reduces systemic risk ofdisputes and frauds.

7

SUNFISH Key ComponentsThe SUNFISH Platform isa modular softwaresolution that enables thedynamic and securecreation of cloudfederations and theirmanagement. Itscomponents interactbetween them toestablish the FaaSapproach but their use isnot limited to this as all ofthem can be deployedindependently. These are:

Identity Management(IDM). Software providinga set of services to authentify the access to and within a FaaS federation. Itsupports the authentication of all the entities part of the federation, varyingfrom users and administrators to service providers and platform components.The added value is that by abstracting the existing IDM solutions to pre-agreedroles in the federation, it enables a flexible definition of data access and datausage policies. This enables the setup of a SUNFISH federation, that uses thepre-deployed IDM solutions. Furthermore, the platform is integrated with eIDASand it enables a pan-European user authentication.

Data Security (DS). Software aiming to enforce the access control policiesassociated with the federated services. Its main role is to decide whether toallow access requests concerning service requests and provisioning. Existingapproaches focus on access control or data-usage control. The added value ofthis component is provided by combining these approaches and rely ondeveloped advanced data protection mechanisms. Extensions are based onwell known access control languages. Furthermore, this component interceptsthe main communication channel and applies the defined policies, based ondata as well as endpoint characteristics.

8

Federated Administration and Monitoring (FAM). Software representing thelogical entry-points for the management of a FaaS federation, hence, for theinteraction with the SUNFISH platform components. It provides a front-end forthe administrators and service consumers of the federation based on agraphical web interface. It permits the administration of member clouds (i.e.,entering and leaving a federation), tenants (i.e., creation and deploying oftenants), service publishing (i.e., registering a service to the federation), andservice provisioning (i.e., management of Service Level Agreement and accesscontrol policies).

Intelligent Workload Management (IWM). Software performing servicebrokerage of the federated services offered by the member clouds. Inparticular, once a service consumer requests a service, it provides an optimalfederation-based workload deployment target to satisfy such a service request.To actually deploy the workload, the IWM interacts directly with the clouds tocreate / delete virtual machines running on the federated clouds. The IWM canprovide different workload management strategies optimised according todifferent parameters. It thus solves an optimization problem based on thecurrent state of the federation and the requested service. IWM offers acomprehensive set of services as a stand-alone component, with added valuebeing: accent on end-user, pushing more IT governance to the edges, reducingoperator's load, integration with blockchain Service Ledger offering higherguarantees against malicious data manipulation.

Data Masking (DM). Software providing a generic service for masking in aselective way personal and/or sensitive information. This service is calledmasking service. The service, given a policy and payload (e.g. text, JSON, XML),results with a masked payload. The masked payload itself is identical in formatand structure to the original payload except for the personal or sensitiveinformation that is masked. The added value provided by the maskingcomponent is its combinded support for selecting the sensitive elements andthe actions performed (redaction, tokenization, encryption). Moreover, both theselection and action are highly configurable using a flexible policy.

Anonymization (ANM). Software providing Micro data and Macro dataanonymization services. Micro data anonymization: a data set is released withthe k-anonymity guaranty. This process ensures the protection of sensitiveinformation against linkage attacks using other open data sets.

9

Macro data anonymization: statistical data are released with differential privacyguarantees. This process adds noise to the summary statistic such that theprobability to identify if a single person is added or removed is extremely small.The added value of this component is its flexible support for different privacyguarantees when releasing a data set. Specifically the component allows theuser to select the required privacy guarantee that best fits the use case: datapertubation, k-anonymity and crowd blending.

Federated Runtime Monitoring (FRM). Software providing a distributedinfrastructure to intercept (via transparent plug-in proxies) and monitor everyaccess control request received and possibly authorised by the Data Security(DS). The added value lays in the usage of smart-contracts (programs thatfacilitate, verify, or respect the negotiation or execution of a contract).

Federated Security Audit (FSA). Software providing an automatic detectionagainst security breaches possibly occurred within the federation. The addedvalue of this component is its use of Role Mining techniques to identify realneeds from users' behavior. This allows to identify vulnerabilities and securitybreaches with much more confidence.

Secure Multi-party Computation (SMC). Software enabling privacy-preservingcomputation of senstive data. It can be thus used for computing tasks onconfidential data. The added value of this component is that it is integratedwith the governmental backbone technology UXP (X-Road) already deployed inEstonia, Finland, Namibia, Haiti, Azerbaijan and ongoing deployment in Ukraine.This is a novel way of securely processing administrative data that enables touse private or public cloud resources.

Service Ledger (SL). Blockchain-based infrastructure managing the storage andevaluation of governance data. Its seamless integration with the SUNFISHplatform via the Service Ledger Interface component permits realising the FaaS“democratic” governance. The Service Ledger offers a set of APIs used byauthorised components to invoke smart contracts deployed on the ServiceLedger.

10

SUNFISH USE CASESBeing SUNFISH conceived following a user-centric approach, its practicabilityhas been tested on the three public administrations partner of the Project andshaped around their real needs. These use cases are effective demonstrators ofthe how the platform works and how the public sector can take advantage of itstechnology. In the following paragraphs this document presents in order: theItalian Ministry of Economy and Finance’s use case, the Maltese Ministry ofFinance’s use case and the UK South East Regional Organised Crime Unit’s one.

Ministry of Economy and Finance (MEF)of Italy

Online services for managing personnel salary accounts

The General Administration, Personnel and Services Department (DAG) of theItalian Ministry of Economy and Finance (MEF) is in charge of the managementof payroll functions for approximately 2.1 million Italian public sectoremployees. Such service is provided through a unique payroll function, NoiPA –which currently manages annually more than €51 billion in payments. Startingin 2015, the compulsory entrance in NoiPA of Italian police and militarypersonnel generated an increase of around 25% of the monthly payslipsmanaged by the system.

The Italian legal framework forces the Ministry of Interior (MIN), in charge ofPolice Forces, to be the exclusive controller of sensitive data of its employees.The main problem generated by the entrance in NoiPA of MIN’s employees wasovercoming segregation of Public Bodies data among Clouds for calculatingpayslips.

In particular, the MEF must compute local taxes on actual residence, which ishowever sealed for data classification purposes within the MIN. The MEF andthe MIN had therefore to balance two contrasting needs: on one side, the MEF’sneed to have certified computation of sensitive data, on the other side theMIN’s need to keep sensitive data within its perimeter. This created a problemfor the overall calculation of taxes and to overcome it the MEF and the MINwere forced to an intricate cooperation keeping low level of efficiency andelevated costs. The potential conundrum was overcome via a Federation-as-a-

11

Service platform and its blockchain-empowered Service Ledger infrastructure.This system, put in place by SUNFISH, allows the democratic governance ofcloud federations: none of the federated clouds rules on the other, but each ofthem shares the same duty and authority.

The SUNFISH platform is conceived to be deployed in a distributed manner ontop of all federated clouds, thus to avoid any centralised control andcomponent. Moreover, privacy-preserving components secure storage, sharingand computation of sensitive data. Through the installation of the SUNFISHPlatform in their respective private clouds, the two ministries split the payrollapplication in two parts, one placed on the MEF to compute the bulk payrolland one on the MIN to process localised sensitive data.

MEF’s Payroll Application in SUNFISH Use Case

This test-bed is used as a demonstrator for the SUNFISH platform so as toenable the processing of sensitive data and personally identifiable informationhosted in the cloud and shared between the MEF and MIN. The SUNFISHframework demonstrates the capability of sharing resources from differentprivate clouds, boosting the efficiency in the utilization of both infrastructuresand of the overall process

SUNFISH has also set the basis, and parts of it are currently being used, fordeploying a large-scale digital transformation programme - Cloudify NoiPA -meant to evolve and expand the services provided by Italy’s NoiPA platform.

Sunfish Plat form

sensitivedatapayroll

BLOCKCHAIN-EMPOWEREDSERVICELEDGER

payrollapp

smartcontract

SERVICELEDGERINTERFACE(SLI)


MEF MIN

FaasFederat ion

12

Ministry of Finance of Malta (MFIN)Use of Public Cloud PaaS to host SaaS and/or to integrate with commercialSaaS solutions and MFIN own private cloud to provide data to MFIN, whileensuring data confidentiality, integrity and availability

The Maltese Ministry for Finance has been leading the innovation of theCountry’s Public Sector with the goal of easing citizens’ interaction with theGovernment. This has been achieved by adopting a once-only principle and byfacilitating the re-use of public data. Pushed by the growing awareness ofcentral public administrations’ need to promote a different role across Europe,the Ministry’s interest for innovation led it to look for proposals in the field ofcloud computing for the public sector.

Such kind of development is a great opportunity in particular within theTaxation Department, which requires taxpayers, employers, banks and SMEs,to submit information to the Office of the Commissioner for Revenue. Thisinformation relates to Payroll, Financial Statements, information related topayments that qualify for deduction from chargeable income, and receipts ofpayments that need to be included in taxable income, trading records andaccounting records that maybe subject to audit checks.

Large enterprises can lean on their financial capability to submit payroll dataand financial statements via the Department’s website and await for the end ofthe year to receive their tax deduction back. Small businesses, on the otherhand, might struggle because of their financial means.

Where applicable, the Department requires data from Employers and otherthird parties for the calculation of tax statements and eventual issuance ofrefunds. To provide a holistic solution, the Department can make use of publiccloud services to host Software-as-a-Service (SaaS) solutions and to federatethese with its own private cloud.

This use case enables the use of public cloud Platform-as-a-Service (PaaS)offerings to deploy applications which collect data and perform requiredcalculations and validations while ensuring compliance with the secrecy, privacyand data protection legislations and regulations. It also allows for the use offederated systems between the MFIN application on the public cloud PaaS andother commercial SaaS solutions providing services such as payroll etc.

13

MFIN Use Case Flow Diagram

Thanks to SUNFISH, it will be able to federate the different clouds, which hostthe required data, and to calculate simultaneously taxes and tax refunds. Theframework provides the enabling platform to exploit these new services,permitting the integration of heterogeneous platforms and providing anaffordable alternative, which drives down the cost of compliance for allbusinesses. The Ministry’s decision to adopt SUNFISH has allowed itsemployees to calculate taxes and social security contributions efficiently andimmediately after legislative changes. This happens because they can promptlyaccess payroll information and amount of tax and contributions due byemployers.

While safeguarding information online and compliant with secrecy and dataprotection legislation, SUNFISH reduces the cost of the Tax Authorities tooperate the systems collecting information from taxpayers and employers andprocesses data in a more efficient and effective manner. The efficientmechanism offered by SUNFISH avails SMEs to present, and obtain feedbackon, the information required by the Tax Authorities. SMEs, who have not beenable up until now to comply with data provision requirements in a cost effectivemanner, are the main beneficiary of this platform.

Datarelease

Tax app

MIN

Taxcalculat ion

Tax datauploading

Taxdeduct ion

Payroll payers

Society

Bank

Public Service

Open d

ataTax payers

PUBLICCLOUD

Sensit ive tax data

14

South East Regional Organised CrimeUnit (SEROCU) in UK

Secure Cloud Storage for Data

South East Regional Cyber Crime Unit (SEROCU) is one of the nine RegionalCyber Crime Unit (ROCU) operating across the UK. Besides its regional role, itcollaborates on a national level with major crime units, all ROCUs and theNational Cyber Crime Unit, to prosecute offenders based in Europe andbeyond.

SEROCU is responsible for the investigation of offences categorised under theMisuse of Computer’s Act 1990 and other offences where a digital aspect isbelieved to be involved. Its powers include the seizure and forensicexamination of digital data and electronic devices, as well as live networkinvestigations. Part of SEROCU’s mandate is to store securely large quantities ofcyber-crime evidences and highly sensitive data, such as: high-level corporateinformation, data produced from network servers and personal digital storagedevices. Its investigations generate evidences with different securityclassifications, each of which, depending on Governmental guidance, comeswith its own strict handling conditions.

The storage of such data must be localised on the Unit’s premises but at thesame time, each unit must ensure access, in a regulated manner and withdifferent levels of accessibility, to all other ROCUs while investigations are inprocess. The sharing of such information among ROCUs not only encountereddifficulties brought about the different interfaces implemented, but it wasconvoluted and hardly automated. Moreover, due to changing reportingprocedures around cyber-crime issues, it is impossible to predict with certaintythe future demand for the unit and, therefore, data capacity and processingrequirements. There is a current need to ensure the efficient and securereception, supply, and storage of intelligence/data between the regional units,local policing forces, and governmental departments

Clouds have the ability to help overcoming concealed ROCUs data storagesystems by fostering cross-Cloud regulated sharing of information. This wouldallow reaping the cost, usability and connectivity benefits of the cloud, whilst

15

sharing the infrastructure safely and reliably between many differentGovernment and Policing agencies.

Nevertheless, SEROCU would find it difficult to set up, run and sustain a cross-Cloud sharing system by itself and its main difficulty, namely making dataavailable to the Cloud federation participants, while keeping them private, maynot be addressed. SUNFISH has developed a cloud federation-based systemthat allows SEROCU, and the other nine Regional Cyber Crime Units (ROCUs), tomake their cyber-crime evidences searchable and shareable. Due to the criticallevel of sensitivity of the data managed by each ROCU, various requirementsrelating to access, computation and sharing of data must be enforced.

SUNFISH deploys a platform to securely federate different Clouds keeping thecontrol on owned data and resolves the conundrum of “privacy vs. availability”by the use of Secure Multiparty Computation (SMC). The Platform offers a state-of-the-art Secure Multiparty Computation service, based on advancedcryptography techniques, which ensures that a functionality can be carried outon privacy sensitive data without leaking any private bit. Namely, SMC offers aprivacy-preserving approach to search keywords on distributed data sources.The servers carrying out the search on the data does not have any clue on thedata they are searching, neither on the keyword of interest they are searchingfor.

SEROCU Federation Architecture

16

Exploiting SUNFISH and its SMC services ensures that data is securely stored ineach unit, but at the same time searchable without maximum privacy andhandling guarantees. This way, SEROCU sensitive data is automatically queriedaccording to vetting levels and security classification policies. This widensconnections and collaboration with all other Units and improves effectivenessof criminal investigations.

SUNFISH provides a proof-of-concept and a first-time application to cyber-crimeevidences of privacy-preserving cross-Cloud searchable data. In the increasingpressure of austerity, the successful outcome of this use case forms a businesscase that SEROCU could put to, among others, the UK National Crime Agency,Police ICT office and other ROCUs for consumer-grade deployment of SUNFISHat the national scale.

17

Ministry of Finance

18

www.sunfishproject.eu | [email protected]

1

Cloud Federation-as-a-Service:Opportunities for the Public Sector

Security-centric and cost-e�ectiveness improvement of Publicservices.

2

DISCLAIMERSUNFISH (SecUre iNFormatIon SHaring infederated heterogeneous private cloud) isfunded by the European Commission’sHorizon2020 Research and InnovationProgramme. The information and views set outin this publication are those of the SUNFISHConsortium and cannot be considered to reflectthe views of the European Commission.

November 2017

1

Topics1. Executive Summary…………………………………………………………….……………3

2. Adoption of Cloud Computing in the Public Sector….….……….………… 5

a. Common benefits for the Public Sector……………………….. 7

3. The SUNFISH Approach..…………………………………………..…………….......... 10

a. A Cloud Federation service for the Public Sector…………. 10

b. SUNFISH Functionality.…….……………………………..……………. 12

4. SUNFISH Use Cases………..……………………………………………….…….………… 14

a. Ministry of Economy and Finance (MEF) of Italy: Onlineservices for managing personnel salaryaccounts…………………………..…………………………………………… 14

b. Ministry of Finance of Malta (MFIN): Use of Public CloudPaaS to host SaaS and/or to integrate with commercialSaaS solutions and MFIN own private cloud to providedata to MFIN, while ensuring data confidentiality, integrityand availability……………….….……….….…………….………………. 16

c. South East Regional Organised Crime Unit (SEROCU) in UK:Secure Cloud Storage forData………….…………..……………………………….…………………......18

3

EXECUTIVE SUMMARY

This document aims at demonstrating how the innovations developed throughSUNFISH enable interoperability and resource sharing among di�erent cloudinfrastructures in order to encourage a better utilization of each PublicAdministration’s private cloud and improve security in federated cross borderclouds. SUNFISH guarantees: i) a blockchain-based solution for democratic anddecentralised cloud federation governance, ii) a dynamic federation of cloudsand their services with service level and optimal workload management, iii)advanced, innovative privacy-preserving services enforcing access control andmonitoring.

Cloud computing is drawing wide attention in the Public Sector. Nowadaysmain bodies rely on their own private clouds, leading to a multitude ofsecluded, not-interoperable cloud centres. The lack of reliable cross-cloudinfrastructure hinders e�ective and practicable exploitation of clouds in thePublic sector. SUNFISH has built upon this need by providing a softwareplatform that via the principled usage of a blockchain infrastructure offersdecentralised, democratic and secure federation of private clouds.Funded by the EU within the Horizon 2020 framework, the SUNFISH Projecthas been developed by a Consortium composed of eleven partners:Ministero dell’Economia e delle Finanze (Italy); Ministry of Finance (Malta);Malta Information Technology Agency (Malta) South East RegionalOrganised Crime Unit (UK); Università degli Studi di Roma, La Sapienza(Italy); Technische Universität Graz (Austria); University of Southampton(UK); Cybernetica (Estonia); IBM (Israel); PwC Advisory SpA (Italy) and A-SIT,Zentrum für Sichere Informationstechnologie (Austria).

5

ADOPTION OF CLOUD COMPUTING INTHE PUBLIC SECTOR

Cloud computing has been part of the computing landscape for more than 10years and it is lately increasing its deployment within businesses and individualcostumers. It provides substantial bene�ts in particular by o�ering: i) economicgrowth by providing an IT environment where technology is located in themost e�icient way; ii) more choice and lower cost, increasing competitionamong providers.

While in a rapidly evolving environment, cloud services are one of the cheapestmeans to secure a large part of e-Government services. Cloud computingovercomes barriers typical to the public sector by improving features ofe�ectiveness, e�iciency, transparency, participation, data sharing, cooperation,interoperability and security. Cloud computing solutions are now among themost innovative tools and their adoption within European public sectororganisations would allow them to take thrilling advantages from theiradoption.

The interest in adoption of cloud computing solutions also for delivering PublicAdministration services has been emerging as a key target in the design of nextgeneration public services. This process requires the selection of the mostsuitable solutions in order to fill into the current public sector technologicalgap, and to be able to face the challenges of the “EU Digital Market” for the nextyears. Cloud computing is surely a key enabling technology in order to improveefficiency and cost e�ectiveness while deploying new public services.

Cloud infrastructure is capable of introducing in the public sector mechanismsfulfilling citizens’ demands and it is particularly interesting when applied tosupport the provision of governmental applications provided to citizens bypublic authorities.

The European Commission’s e-Government Action plan, the DigitalMarket for Europe Strategy as well as theEuropean Cloud Initiative, are providing ageneral exploitation framework capableof enhancing the bene�ts of ICT

6

innovation for the public sector. Public sector organisations are nowstrengthening their approach to Cloud computing solutions both at a Nationaland European level.

The European Commission study – “Measuring the economic impact of cloudcomputing in Europe, 2016” - estimated that in the period 2016-2020, cloudcomputing could add a cumulative total revenue of EUR 449 billion to theEU28 GDP (including in the Public Sector). Of these EUR 103,2 billion would benet new GPD generated in the year 2020, representing a share of 0,71% of totalEU GDP.

According to this study, the cumulative impact on employment is expectedto reach 1,6 million jobs created up to 2020 (ranging from 2,5 millionaccording to the optimistic scenario and slightly over 1 million in the pessimisticscenario). In terms of business creation, approximately 303.000 newbusinesses, in particular SMEs, could be created between 2015 and 2020through the development and deployment of cloud computing.

Economic Impact of Cloud Computing in Europe, Source: Data based on EuropeanCommission Report “Measuring the economic impact of cloud computing in Europe,

2016”

According to IDC's Worldwide Quarterly Cloud IT Infrastructure (2016),traditional datacenters in 2017 weigh nearly 60% of IT infrastructure, while theremaining 40% are on clouds (with about 25% of public clouds). In 2021, thesituation will reverse: traditional data centers will weigh about 45%, while thecloud for nearly 55%, of which about 35% will be public cloud while 20% private.However, according to Gartner (2016) by 2020 hybrid cloud will be the mostcommon use of the cloud.

7

IDC Worldwide Cloud IT Infrastructure Market Forecast (2016)

Clear examples of how governments are embracing this strategy are providedby the EU Regulation 2016/679, with the European Cloud Strategy, and nationalstrategies and plans such as i) the Italian AGID’s three-year Plan for 2017-2019;ii) the British government's cloud computing plan (G-cloud); iii) the French Guidesur le Cloud Computing et les Datacenters à l’attention des collectivités locales; iv)the Spanish Líneas estratégicas del plan de Administración Electrónica delGobierno.

Common benefits for the Public SectorAccording to up-to-date studies, the main common ben��s of the adoption ofCloud computing solutions for a public sector organisation are:

Worldwide Cloud IT Infrastructure Market Forecastby Deployment Type 2015 -2021 (sharesbased on Value)

2015

Tradit ional DC Public Cloud Pr ivat e Cloud

0 % %

20 % %

40 % %

60 % %

80 % %

100 % %

2016 2017 2018 2019 2020 2021

• Cost effectiveness: the use of Cloud computing solutions do not have allthe maintenance costs that physical data centres do have. Especially in thepublic sector there is the need to rationalize public expenses and costsavings are a significant key factor;

• Sustainability & Green saving: most data centres are environmentally andeconomically unsustainable due to their scares energy consumptionefficiency. The adoption of Cloud computing solutions, would allow on onehand to cut CO2 emissions, through a reduction of hardware use, andenergy consumption thanks to the use of more efficient cooling systems; on

8

the other hand public sector organisations would be able to pay the Cloudsolution less than a data centre one, as there is a huge saving in energyconsumption even for the providers.

• Ease of Implementation: public sector organisations can deploy cloudcomputing rapidly as there is no need to purchase hardware, softwarelicenses, or implementation services;

• Flexibility: cloud computing solutions offer more in matching ICT resourcesto business functions than past computing methods. It can also increasestaff mobility by enabling access to business information and applicationsfrom a wider range of locations and devices, enabling public sectoremployees to easily access data even if they are out of office through anykind of device;

• Innovation: innovation represents a deep need of public sectororganisations, as most of the time they lack innovation processes. Once theCloud is adopted, its architecture would facilitate services across systemsand organisational borders, such as the exchange of data among differentadministrations of the same public sector organisation;

• Scalability: public sector organisations adopting cloud computing solutionsdon’t need to procure any additional hardware and software when users’loads are increasing, but can instead simply add and subtract capacity to theCloud when and if needed. In this way, resources are used only whenneeded;

• Redeployment of IT personnel due to Cloud efficiency: by reducing oreliminating constant server updates and other computing issues, andconsequentially cutting expenditures of time and money, public sectororganisations can relocate ICT personnel on higher-value tasks;

• Focusing on Core Competencies: the ability to run data centres and todevelop and manage software applications is not necessarily a corecompetency of most public sector organisations. Indeed, the adoption ofCloud computing solutions can make it much easier to reduce thesefunctions, enabling public sector organisations to concentrate on criticalissues such as the development of policy and the delivery of public services;

9

Currently there are several different kind of Cloud computing solutionsavailable and categorized by the kind of delivered service or by the pursueddeployment model.

If we categorize by the pursued deployment model:a) Public: The cloud provides di�erent services (i.e., IaaS, PaaS or SaaS)

that external users can buy. With this cloud solution, the provider of theservice is responsible for the management and maintenance of theinfrastructure. This type of cloud environment is appealing manycompanies, as it reduces lead times in testing and deploying newproducts and reduces also maintenance costs and resource fororganisations. In fact, the cloud is deployed on the premises of theprovider and the user has no control on the actual infrastructure.Speaking of security level, it is in the public eye the feeling that securitycould be lacking with a public cloud, but security breaches seems still tobe rare events.

b) Private: The cloud infrastructure is provisioned for the exclusive use ofa single organisation. The cloud can be owned and managed by theorganisation itself or by a third party and resides on company’s intranetor hosted data centre where all data is protected behind a �rewall. Thiscan be a great option for big organisations, as the public sector ones,who already have expensive data centres because they can use theircurrent infrastructure. Private clouds o�er an increased level of securityand they share very few, if any, resources with other organisations, notexposing data to relevant external risks.

c) Hybrid: it is an integrated cloud service utilising both private and publicclouds to perform distinct functions within the same organisation.

If we categorize by the kind of delivered service:a) Infrastructure-as-a-Service (IaaS): it provides cloud consumers with

the capability to use cloud computing resources for deploying andrunning arbitrary software.

b) Platform-as-a-Service (PaaS): it provides cloud consumers with thecapability to deploy onto the cloud consumer-created or acquiredapplications relying on the libraries and services of the cloud platform.

c) Software-as-a-Service (SaaS): it provides cloud consumers with thecapability de�ned applications the cloud.

10

THE SUNFISH APPROACHSUNFISH o�ers a service to federate private and public clouds, enabling themto exchange data and services in a secure and controlled manner, basedon a “democratic” governance model: no federation member rules on others.More in details, SUNFISH conceives, designs and implements Federation-as-a-Service (FaaS), a secure-by-design cloud interoperability solution based onblockchain technology. This service is realised via a software platform, named“SUNFISH Platform”, whose forming components represent essential parts ofthe overall functioning. If we categorize by the kind of delivered service,SUNFISH architecture is developed to be scalable and easily adoptable to anycloud environment and cloud system via an adequate layer of API abstractions.

A Cloud Federation service for thePublic Sector

The SUNFISH project coined Federation-as-a-Service (FaaS) a secure-by-designCloud federation solution that enables public sector organisations to federatetheir clouds in a distributed and democratic manner, thanks to an underlyingblockchain infrastructure.

Federation-as-a-Service(FaaS): creates ahomogenous goal-oriented aggregation ofcloud systems, whichallows sharing of dataand services. Allparticipating nodes arepeers: they enjoy thesame duties andauthorities.

The corner store of FaaS is its democratic and decentralised federationgovernance. Generally speaking, it o�ers the these key features:

11

Blockchaintechnology:

Blockchain is atechnology thathas appeared onthe market inrecent years,�stly used aspublic ledger forthe Bitcoin cryptocurrency. It mainly consists of consecutive chained blockscontaining records that are replicated and stored by nodes of a peer-2-peernetwork. The records witness transactions occurred between the nodes of thenetwork. Transactions may feature a cryptocurrency like, e.g., the Bitcoin, orother kinds of assets. The collection of transactions and their enclosing in chainblocks is carried out in a decentralised fashion by distinguished nodes of thenetwork, called miners. Besides cryptocurrency, blockchain o��rs so-calledsmart contract, immutable program deployed and executed autonomouslyupon a blockchain.

This technology o��rs a decentralised computation infrastructure at hand thatalleviates the need for a trusted-third-party and reduces systemic risk ofdisputes and frauds.

• Dynamic Federation of Clouds and their services with service levelagreement policy and optimal workload strategies;

• Cloud Federation Governance supporting trustless coalitions whereparticipating clouds are governed by a federation contract agreed with adistributed consensus;

• Privacy-Preserving Services enforcing an advanced and innovative accesscontrol and monitoring.

12

SUNFISH FunctionalityThe SUFISH Platform is amodular software solutionthat enables the dynamicand secure creation of cloudfederations and theirmanagement. Its mainfeatures are:

• Dynamic cloudfederationmanagement. Adynamic federation ofclouds and their relatedservices, with optimalservice level andworkload; the serviceoffered is based on “core components” (IDM, DS, FAM, IWM) that arenecessary to assure the creation and essential federation management.

• Democratic governance. An innovative cloud federation governancesupporting trustless coalitions, as none of the federated organizations ruleson the others, thanks to the “Service Ledger” which – based on theblockchain technology – offers decentralised and democratic enforcementof governance rules in the federation. Such governance is then ruledaccording to a federation contract negotiated among partners.

• Data security. Advanced, innovative privacy-preserving services ensuringhigh security of provisioned services and managed data. The backbone ofdata security is a distributed access control infrastructure transparentlyenforcing cross-cloud access policies and privacy-preserving services. Datamasking (DM) ensures that sensitive data can be securely stored protectingsensitive data of interest. Data anonymisation (ANM) ensures that datasetscan be released (both in a micro and macro fashion) without leakingsensitive data. Secure multi-parties computation (SMC) offers privacy-preserving computation of sensitive data: any of the party involved in acomputation can learn anything on the data itself.

13

This set of functionalities is implemented via state-of-the-art technology andtake advantage of the blockchain infrastructure underlying SUNFISHfederations to strengthen security assurance of provisioned services andsecurity controls.

On the fact of it, FaaS and the SUFISH platform appear to be the first blockchain-based cloud federation architecture of its denomination.

• Brokerage of Federated services: Services of single clouds can bedynamically federated and brokered according to security and Service LevelAgreement (SLA) policy. Due to an intermediate layer of API, any type ofservice, ranging from infrastructure to software and data, can be federatedand provided.

• Federation Monitoring: Cross-cloud integrations and distributed nature offederations require advanced monitoring facilities that can ensure theintegrity and correctness of the provisioned services. FRM and FSA offerruntime and offline monitoring respectively to protect from securityviolations such illegitimate accesses and privilege escalations.

14

SUNFISH USE CASESBeing SUNFISH conceived following a user-centric approach, its practicabilityhas been tested on the three public administrations partner of the Project andshaped around their real needs. These use cases are e�ective demonstrators ofthe how the platform works and how the public sector can take advantage of itstechnology. In the following paragraphs this document presents in order: theItalian Ministry of Economy and Finance’s use case, the Maltese Ministry ofFinance’s use case and the UK South East Regional Organised Crime Unit’s one.

Ministry of Economy and Finance (MEF)of Italy

Online services for managing personnel salary accounts

The General Administration, Personnel and Services Department (DAG) of theItalian Ministry of Economy and Finance (MEF) is in charge of the managementof payroll functions for approximately 2.1 million Italian public sectoremployees. Such service is provided through a unique payroll function, NoiPA –which currently manages annually more than €51 billion in payments. Startingin 2015, the compulsory entrance in NoiPA of Italian police and militarypersonnel generated an increase of around 25% of the monthly payslipsmanaged by the system.

The Italian legal framework forces the Ministry of Interior (MIN), in charge ofPolice Forces, to be the exclusive controller of sensitive data of its employees.The main problem generated by the entrance in NoiPA of MIN’s employees wasovercoming segregation of Public Bodies data among Clouds for calculatingpayslips.

In particular, the MEF must compute local taxes on actual residence, which ishowever sealed for data classi�cation purposes within the MIN. The MEF andthe MIN had therefore to balance two contrasting needs: on one side, the MEF’sneed to have certified computation of sensitive data, on the other side theMIN’s need to keep sensitive data within its perimeter. This created a problemfor the overall calculation of taxes and to overcome it the MEF and the MIN

15

were forced to an intricate cooperation keeping low level of efficiency andelevated costs.

The potential conundrum was overcome via a Federation-as-a-Service platform

and its blockchain-empowered Service Ledger infrastructure. This system, put in

place by SUNFISH, allows the democratic governance of cloud federations: none of

the federated clouds rules on the other, but each of them shares the same duty

and authority. The SUNFISH platform is conceived to be deployed in a distributed

manner on top of all federated clouds, thus to avoid any centralised control and

component. Moreover, privacy-preserving components secure storage, sharing and

computation of sensitive data. Through the installation of the SUNFISH Platform in

their respective private clouds, the two ministries split the payroll application in two

parts, one placed on the MEF to compute the bulk payroll and one on the MIN to

process localised sensitive data.

MEF’s Payroll Application in SUNFISH Use Case

This test-bed is used as a demonstrator for the SUNFISH platform so as toenable the processing of sensitive data and personally identifiable informationhosted in the cloud and shared between the MEF and MIN. The SUNFISHframework demonstrates the capability of sharing resources from differentprivate clouds, boosting the e�iciency in the utilization of both infrastructuresand of the overall process

Sunfish Plat form

sensitivedatapayroll

BLOCKCHAIN-EMPOWEREDSERVICELEDGER

payrollapp

smartcontract



MEF MIN

FaasFederat ion

16

SUNFISH has also set the basis, and parts of it are currently being used, fordeploying a large-scale digital transformation programme - Cloudify NoiPA -meant to evolve and expand the services provided by Italy’s NoiPA platform.

Ministry of Finance of Malta (MFIN)Use of Public Cloud PaaS to host SaaS and/or to integrate with commercialSaaS solutions and MFIN own private cloud to provide data to MFIN, whileensuring data con�dentiality, integrity and availability

The Maltese Ministry for Finance has been leading the innovation of theCountry’s Public Sector with the goal of easing citizens’ interaction with theGovernment. This has been achieved by adopting a once-only principle and byfacilitating the re-use of public data. Pushed by the growing awareness ofcentral public administrations’ need to promote a di�erent role across Europe,the Ministry’s interest for innovation led it to look for proposals in the field ofcloud computing for the public sector.

Such kind of development is a great opportunity in particular within theTaxation Department, which requires taxpayers, employers, banks and SMEs,to submit information to the Office of the Commissioner for Revenue. Thisinformation relates to Payroll, Financial Statements, information related topayments that qualify for deduction from chargeable income, and receipts ofpayments that need to be included in taxable income, trading records andaccounting records that maybe subject to audit checks.

Large enterprises can lean on their �nancial capability to submit payroll dataand �nancial statements via the Department’s website and await for the end ofthe year to receive their tax deduction back. Small businesses, on the otherhand, might struggle because of their financial means.

Where applicable, the Department requires data from Employers and otherthird parties for the calculation of tax statements and eventual issuance ofrefunds. To provide a holistic solution, the Department can make use of publiccloud services to host Software-as-a-Service (SaaS) solutions and to federatethese with its own private cloud.

17

This use case enables the use of public cloud Platform-as-a-Service (PaaS)o�erings to deploy applications which collect data and perform requiredcalculations and validations while ensuring compliance with the secrecy, privacyand data protection legislations and regulations. It also allows for the use offederated systems between the MFIN application on the public cloud PaaS andother commercial SaaS solutions providing services such as payroll etc.

MFIN Use Case Flow Diagram

Thanks to SUNFISH, it will be able to federate the different clouds, which hostthe required data, and to calculate simultaneously taxes and tax refunds. Theframework provides the enabling platform to exploit these new services,permitting the integration of heterogeneous platforms and providing ana�ordable alternative, which drives down the cost of compliance for allbusinesses. The Ministry’s decision to adopt SUNFISH has allowed itsemployees to calculate taxes and social security contributions e�iciently andimmediately after legislative changes. This happens because they can promptlyaccess payroll information and amount of tax and contributions due byemployers.

While safeguarding information online and compliant with secrecy and dataprotection legislation, SUNFISH reduces the cost of the Tax Authorities tooperate the systems collecting information from taxpayers and employers andprocesses data in a more efficient and e�ective manner. The efficientmechanism o�ered by SUNFISH avails SMEs to present, and obtain feedbackon, the information required by the Tax Authorities. SMEs, who have not beenable up until now to comply with data provision requirements in a cost e�ectivemanner, are the main bene�ciary of this platform.

Datarelease

Tax app

MIN

Taxcalculat ion

Tax datauploading

Taxdeduct ion

Payroll payers

Society

Bank

Public Service

Open d

ataTax payers

PUBLICCLOUD

Sensit ive tax data

18

South East Regional Organised CrimeUnit (SEROCU) in UK

Secure Cloud Storage for Data

South East Regional Cyber Crime Unit (SEROCU) is one of the nine RegionalCyber Crime Unit (ROCU) operating across the UK. Besides its regional role, itcollaborates on a national level with major crime units, all ROCUs and theNational Cyber Crime Unit, to prosecute o�enders based in Europe andbeyond.

SEROCU is responsible for the investigation of o�ences categorised under theMisuse of Computer’s Act 1990 and other o�ences where a digital aspect isbelieved to be involved. Its powers include the seizure and forensicexamination of digital data and electronic devices, as well as live networkinvestigations. Part of SEROCU’s mandate is to store securely large quantities ofcyber-crime evidences and highly sensitive data, such as: high-level corporateinformation, data produced from network servers and personal digital storagedevices. Its investigations generate evidences with di�erent securityclassifications, each of which, depending on Governmental guidance, comeswith its own strict handling conditions.

The storage of such data must be localised on the Unit’s premises but at thesame time, each unit must ensure access, in a regulated manner and withdi�erent levels of accessibility, to all other ROCUs while investigations are inprocess. The sharing of such information among ROCUs not only encountereddi�iculties brought about the di�erent interfaces implemented, but it wasconvoluted and hardly automated. Moreover, due to changing reportingprocedures around cyber-crime issues, it is impossible to predict with certaintythe future demand for the unit and, therefore, data capacity and processingrequirements. There is a current need to ensure the efficient and securereception, supply, and storage of intelligence/data between the regional units,local policing forces, and governmental departments

Clouds have the ability to help overcoming concealed ROCUs data storagesystems by fostering cross-Cloud regulated sharing of information. This wouldallow reaping the cost, usability and connectivity bene�ts of the cloud, whilst

19

sharing the infrastructure safely and reliably between many di�erentGovernment and Policing agencies.

Nevertheless, SEROCU would �nd it difficult to set up, run and sustain a cross-Cloud sharing system by itself and its main difficulty, namely making dataavailable to the Cloud federation participants, while keeping them private, maynot be addressed. SUNFISH has developed a cloud federation-based systemthat allows SEROCU, and the other nine Regional Cyber Crime Units (ROCUs), tomake their cyber-crime evidences searchable and shareable. Due to the criticallevel of sensitivity of the data managed by each ROCU, various requirementsrelating to access, computation and sharing of data must be enforced.

SUNFISH deploys a platform to securely federate different Clouds keeping thecontrol on owned data and resolves the conundrum of “privacy vs. availability”by the use of Secure Multiparty Computation (SMC). The Platform offers a state-of-the-art Secure Multiparty Computation service, based on advancedcryptography techniques, which ensures that a functionality can be carried outon privacy sensitive data without leaking any private bit. Namely, SMC o�ers aprivacy-preserving approach to search keywords on distributed data sources.The servers carrying out the search on the data does not have any clue on thedata they are searching, neither on the keyword of interest they are searchingfor.

SEROCU Federation Architecture

20

Exploiting SUNFISH and its SMC services ensures that data is securely stored ineach unit, but at the same time searchable without maximum privacy andhandling guarantees. This way, SEROCU sensitive data is automatically queriedaccording to vetting levels and security classification policies. This widensconnections and collaboration with all other Units and improves e�ectivenessof criminal investigations.

SUNFISH provides a proof-of-concept and a first-time application to cyber-crimeevidences of privacy-preserving cross-Cloud searchable data. In the increasingpressure of austerity, the successful outcome of this use case forms a businesscase that SEROCU could put to, among others, the UK National Crime Agency,Police ICT office and other ROCUs for consumer-grade deployment of SUNFISHat the national scale.

21

Ministry of Finance

22

www.sunfishproject.eu | info@sun�shproject.eu

Le politiche dell’innovazione per la crescita del digitale ... · sviluppo dell'economia e della...

Documents

Transcript of Le politiche dell’innovazione per la crescita del digitale ... · sviluppo dell'economia e della...