The new cloud computing projects of the Italian Ministry of Economy and Finance

“NoiPA” – the IT system of Italy’s Ministry of Economy and Finance, and in particular of its Department for General Administration, Personnel and Services, which has constantly been managing Italian civil servants remuneration aspects – has experienced an important evolution in recent years. In particular, it has been expanding both in terms of services offered, as well as in terms of number of managed public employees, and finally also from a service management / delivery mode point of view.

This evolution has been managed through a particularly innovative approach, characterized by several unforeseeable developments. Key challenge has been how to combine two usually conflicting objectives: performance and security. A trade-off that has arisen having to face an actual goal. The 2014 Italian national regulation “Legge di Stabilità”, set the deadline of January the 1st 2016 for including also all the Italian Armed & Police Forces personnel within the “NoiPA” pay slip management system.

It is clear that managing information related to the remuneration of these new staff categories (especially some particular positions, for example military staff employed in foreign country missions) requires higher security levels than those ordinarily used. On the other hand, entry of such personnel has increased the overall number of individual positions managed via “NoiPA”, bringing them from approximately 1.6 million, to over 2 million. Even before this latest increase, processing time of the pay slips for such high volumes was rather long. This also in consideration of the fact that the system not only has to calculate the salary, process the pay slip and make it available to the employee, but it also automatically interacts with a high number of other public institutions and organisations (such as the Bank of Italy, the Social Security Agency, the Internal Revenue Agency, the General Accounting Office, as well as several Trade Unions, Finance companies, Pension funds, etc.).

A particularly complex workload that must meet precise deadlines, given that everybody is waiting for his/her own salary on scheduled dates, and delays are not acceptable. Adding to this already complex system additional security features, may negatively affect the overall efficiency.

Obviously, to meet these new requirements, several re-engineering actions of the system have been put in place, aimed at improving its performance, as well as agreeing in the meanwhile, both with the Armed Forces and with the Police Forces, on specific tailored solutions to ensure an appropriate level of security in information management.

These actions, however, are not fully satisfactory, both because partial and only short-term oriented, but mainly because extremely burdensome in systems running. To overcome this, innovative solutions have been explored, starting from a major internal element of innovation. This major innovation has been the completion of the consolidation project of the IT infrastructure of the Department. A project which took almost three years of intense work, which -however- has finally created a cutting-edge datacenter from all points of view (physical security, energy savings, redundancy, management efficiency, etc.). This new datacenter consists of a fully virtualized infrastructure, in which a platform for the provision of services in cloud modality has been embedded. Today, in fact, other smaller Italian public organizations are using IaaS from the Department’s datacenter.

One of the key challenges related to the Italian National Police Department, the first of these authorities to benefit from the services provided by “NoiPA”, being also an organisation which owns a significant size datacenter, has been to find an adequate management approach for processing pay slips making the two systems dialogue, so to combine:

  • security,
  • efficiency,
  • and, low management costs.

In order to face this challenge, the European Commission’s Research and Innovation programme “Horizon 2020”, appeared as a worthy solution to be discovered. Among activities funded by Horizon 2020, there are also projects aiming at increasing the “perceived” security and trust of Public Administration, even at the whole European level in a “cross-border” context, facilitating the development of the “digital single market”. This includes also the cloud computing enhancement area, particularly in settings where privacy and control of information propagation are considered as essential factors (for example, e-government, e-health, etc.), with the connected goal of a favoring a better use of available ICT resources.

There is clearly a strong similarity between the European Commission’s objectives in the EU “cross-border” context, and those at a national level, which the NoiPA system is currently facing.

This is why the Italian Ministry of Economy and Finance is currently coordinating a Horizon2020-funded Research and Innovation Action called “SUNFISH” (www.sunfishproject.eu), launched in January 2015 and lasting until the end of 2017, involving 11 different organisations, from 6 different countries, including four public administrations, three research institutes, and four private companies.

The Innovation and Research scope on which SUNFISH is currently working is the development of advanced Cloud Infrastructure and Services; in particular, the general problem addressed by the project consortium is the lack of infrastructure and reliable technologies that can enable Public Administration bodies to federate their private cloud infrastructure.

SUNFISH’s goal is therefore to develop and integrate a new technology and a software platform enabling secure federation of Cloud infrastructure, with a particular focus on the requirements that characterize the public sector.

Thanks to this, three major objectives should be achieved:

  1. Possibility to integrate different public sector “clouds”, ensuring information security.
  2. Greater efficiency in the use of IT infrastructure.
  3. A new impetus to the development of services for EU citizens who may benefit form sensitive data shared securely between different private clouds.

In this context, SUNFISH has to deal with various key challenges:

  • E-government is rapidly moving towards the adoption of private clouds. However, the few public bodies able to start this process are facing the problem of integrating services provided by their own private cloud with data and services provided by external private clouds. The task becomes even more challenging when information and data has to be shared among private cloud platforms and public cloud infrastructure, provided in this case by private companies. Moreover, in most cases, the typically complex security policies of Public bodies cannot easily fit into public type cloud platforms, thus aggravating the complexity of integration of “hybrid” cloud models.
  • Storage of information in the cloud is considered an acceptable risk only if the long-term security and confidentiality of data can be guaranteed effectively. Currently, the encryption mechanisms used by cloud platforms are based on traditional encryption techniques, and do not allow a precise access control that can ensure interoperability in federated cloud scenarios. In addition, the data owners have the need to be able to monitor the security policies of their provider and potentially move their data to a different provider if their requirements are not adequately met. Most of the supply contracts proposed by the major suppliers of technology today are not designed to allow this type of control on the service provided.
  • Furthermore, choosing to store data on external systems could potentially expose to the risk of data being stolen or used for fraudulent purposes. Although in reality these are more “perceived” risks rather than actual “tangible” risks (i.e. almost all the Italian Public Bodies still rely on external suppliers for the management of their information systems), users are still concerned about the confidentiality of their data, or also avoid completely using cloud services, or explicitly keep on requiring implementation of expensive and complex procedures for encryption of their data. Altogether, these critical issues still slow the spread of cloud technologies, preventing the European Public Sector to fully seize the opportunities offered by this new technology.

 

The SUNFISH platform is meant to ensure a high level of security and a continuous monitoring of the inter-cloud communications, while implementing cheap services, quickly, flexibly and securely between different private clouds. The solution will be developed mainly for European public organizations, and potentially also private sector companies could benefit from it.

More practically, the project aims setting-up a “demonstration platform” to be tested across three different use cases related to three European Public sector bodies. One of these use cases addresses precisely the processing of the pay slips of the Italian State Police personnel by the Ministry of Finance (via NoiPA), so to find an ultimate solution to the problem with which we began.

In fact, SUNFISH could be an asset, led by Italy, with a much more general value of the single use case. The implementation of the platform will provide evidence of how cloud-based services in heterogeneous and multi-layered cloud environments can be federated. All this assuring a durable impact, putting users and data owners in full control over how their data is shared, processed and stored in a federation of private and public clouds, including addressing the new challenges related to security aspects.

The federation could serve as the vehicle for the development of a cloud infrastructure for the entire Public Sector, overcoming the present fragmentation among a myriad of obsolete datacenters, inefficient and with a low degree of security assurance. However, this is another story. In general, the project will be able to generate:

  • Economic value, reducing the investment required for cloud adoption and reducing the risk of cyber-attacks that currently generate high economic losses.
  • Social value, promoting public trust in cloud technologies while increasing their uptake, even with innovation impact on both public and private bodies.

Environmental value, improving the use of resources while reducing energy consumption.

Link