After adopting the Cloud to increase productivity, agility, and reduce operational costs, companies are now relying on multiple cloud service providers, 5 on average according to Gartner (2018), we call this multi-cloud strategy. This evolution is due to the desires both to no longer be dependent upon one single provider, but also to benefit from the most agile and most innovative solutions on the market, with higher levels of availability. Multi-cloud however means new security issues. For, in a context where, according to the Going Hybrid study (carried out for NTT Communications in March 2018), 84% of European businesses have adopted a multi-cloud approach, guaranteeing interoperability and flexibility in exploiting data, services and communication, therefore their security and dependability, has become a major issue. This is the challenge that the SUPERCLOUD project has managed to take up thanks to the European Union’s largest research and innovation programme, “Horizon 2020”, aimed at stimulating Europe’s economic competitivity.
“Horizon 2020”: a synergy of skills at the service of innovation
The aim of the actions of “Horizon 2020” is to foster collaboration between public and private sectors so as to develop research and innovation. With its partners from the consortium selected and financed by this programme, Orange is at the origin of a three-year project aiming to create a new and unprecedented secure Cloud infrastructure: the open source SUPERCLOUD framework, presented to the European Commission during its final review on 15th March this year in Brussels.
It is dedicated to the development of “on-demand” security services for multi-cloud environments. The SUPERCLOUD consortium unites nine organisations: industrial partners, research institutes, SMEs, and universities *, coming from six European countries and widely recognised in their respective scientific and technological fields. Each partner contributes its leading expertise, for example data protection for IBM, system security for Darmstadt University, security policies and network security for the Institut Mines Télécom, network virtualisation for the University of Lisbon, or the medical field for pilot projects carried out for Philips Healthcare and Electronics and for Maxdata Software. Furthermore, Technikon managed the administrative coordination of the project. Marc Lacoste, researcher in security at Orange specifies: “Orange’s teams, in synergy with the partners, defined a scientific vision of the project, and piloted it from a technical viewpoint”. Plus, Orange provided its expertise to design and develop the SUPERCLOUD technology through production of several components of the framework, for example those linked to virtualisation for multi-cloud, advanced cryptography for flexible data protection, or supervision of virtualised network security.
A user-centric Cloud or “U-Cloud”
In a multi-cloud environment, the general lack of interoperability and flexibility poses security and dependability problems. Furthermore, as each provider imposes its own security services – the “lock-in” phenomenon – it is difficult to configure them to closely adapt to user needs.
The SUPERCLOUD framework thus proposes a new approach to the management of security and of the availability of multi-cloud environments. This user-centric architecture enables the user to choose, autonomously and on-demand, their protection requirements and the security services necessary to guarantee these. In this way, the user defines “U-Clouds”, or isolated sets of services and data operating in multi-clouds. Their security is ensured thanks to the SUPERCLOUD framework, or security layer, deployed over existing public or private Clouds, separating user Clouds from those of providers.
“The SUPERCLOUD vision is built around four requirements: security must be in self-service mode, i.e. completely at the hand of the user; it must also be guaranteed end-to-end, i.e. transversely to all of the systems; equally, it must be automated, so self-managed; and finally, it must guarantee resilience, meaning resisting failures”.
The Commission’s assessors congratulated the consortium for the progress made, and in particular for the very high scientific and technical level of its solution. Thanks to this experiment, Orange brought to the fore the excellence of its research in the field of security. Notably via the dissemination of over 40 project articles in distinguished international publications, the coordination of a “Vision Paper” published at the IEEE, and even the co-organisation of several workshops such as during the ACM EuroSys 2017 conference.
SUPERCLOUD for all, an example in the medical imaging field
Who can benefit from this new approach? All Cloud providers and companies that handle sensitive customer data and who wish nevertheless to benefit from the advantages of the Cloud. “The SUPERCLOUD enables freedom from the barriers set by current public or privates Clouds, and the combining of the deployment security that one finds in private Clouds with the upscaling flexibility of public Clouds”.
To prove this, the consortium completed, inter alia, a pilot project of a distributed medical imaging platform. Medical imaging is used more and more to perform telemedicine or diagnostic assistance for example. Hospitals store these images in several Clouds, and often need to send this data to each other, in a completely secure manner. To do this, the consortium deployed a distributed platform implementing the SUPERCLOUD framework. Hospitals can thus manage their imaging data exchanges thanks to an infrastructure that is powerful enough to guarantee both data dependability – for it to be accessible from any place at any time, and its security – to prevent it from being taken or used by unauthorised persons.
The medical field is far from being the only area that could benefit from this new security model in multi-cloud environments: “SUPERCLOUD uses are virtually limitless. As the framework is open, it can easily be used by all professions with specific security needs, like those of the financial sector for example, or the automobile industry, and of course all Cloud operators themselves”.
Orange is a major player in network security performance research, serving the development of emerging technologies that will be included in the innovative uses of tomorrow. To achieve this, the company initiates and carries out pioneering scientific research, teaming up with the best researchers in their fields. Its major participation in the SUPERCLOUD project is a superb demonstration of this.
* Technikon Forschungs- und Planungsgesellschaft mbH, Austria,
Orange SA, France,
IBM Research GmbH, Switzerland,
FCiências.ID – Associação para a Investigação e Desenvolvimento de Ciências, Portugal,
Institut Mines-Telecom, France,
Technische Universität Darmstadt, Germany,
Philips Medical Systems Nederland, Holland,
Philips Electronics Nederland, Holland,
Maxdata Software SA, Portugal