Protection of Security Critical Information in an Infrastructure as a Service Cloud

Purpose and goal

The project´s main objective was to analyze, test and evaluate a patient information system of Region Skåne, get a good picture of the security requirements, and the technical conditions that exist, to move the safety-critical services to the infrastructure clouds. The project has, by carefully analyzing security requirements to meet these, demonstrated and verified in real cloud environment that it is possible technically, practically achiving higher level of security than that offered in today´s commercial systems.

Expected results and effects

The main conclusion from the project is that we have been able to mature and prove the initial technical hypothesis that is it possible to use Trusted Computing for the verification of cloud resources. We have now a deep understanding of how to improve security in public infrastructure clouds such that it can be offered for processing of security critical data. The project has managed to produce unique new results of how to protect data during process and storage in infrastructure clouds. We have not yet negotiate or start sharp product development or procurement.

Planned approach and implementation

The project started with planning phase where one of Region Skåne´s most critical journalsysten was selected to serve as a demonstrator. A collaboration with Siemens initiated and a test environment was established . The project was working with finding solutions to supplement the security that is perceived lacking in the market. This work resulted in a solution that now works and complements the security of cloud services . A number of seminars have been held and publications of results. The project ends with the objectives are met and hope that the results achieve commercial status.