STRATEGIC: Opening New Horizons in the Secure and
Privacy Friendly Migration, Adaptation, Governance and
Development of Public Cloud Services
Konstantinos Kalaboukas
1
, Giannis Ledakis
1
, Nuria Rodriguez Dominguez
2
,
Fotis Karayannis
3
, Ilja Livenson
4
and Joshua Daniel
5
1
SingularLogic, Al. Panagouli & Siniosoglou, Nea Ionia, 14234, Athens, Greece
kkalaboukas@singularlogic.eu, g.ledakis@gmail.com
2
Atos Spain, C/Albarracín 25, 28037 Madrid, Spain
nuria.rodriguez@atos.net
3
Uranus Computing Ltd., 145 - 157 St. John Street, London EC1V 4PW, UK
f.karayannis@uranuscomputing.com
4
National Institute of Chemical Physics and Biophysics,
Akadeemia tee 23, 12618 Tallinn, Estonia
ilja@kbfi.ee
5
British Telecommunications Public Limited Company,
Newgate st. 41, EC1A7AJ London, U.K.
joshua.daniel@bt.com
Abstract. In this paper, STRATEGIC project is presented, in the scope of
providing an overview understandable to both technical and non-technical
reader. For this reason the project key goals, the stakeholders and the added
value offered by STRATEGIC are described. In slight more technical approach,
the requirements that have been identified and the decisions that have been
drawn in the frames of the design of STRATEGIC framework are presented.
The study that leads to this design has been conducted in a purely top-down
approach i.e. architectural decisions have been made based on the technical
requirements that have been raised by three different European Municipalities
which will adopt STRATEGIC outcomes and findings.
1 Introduction
Cloud computing services (including public cloud services) hold the promise to
deliver a host of benefits to both public sector organizations and enterprises, including
reduced Capital Expenses (CAPEX), improved performance and scalability, enhanced
reliability, as well as an overall reduced Total Cost of Ownership (TCO) for their ICT
infrastructures and services. These benefits are particularly important for public
bodies all over the EU, but despite this importance, the adoption of public cloud
services within public organizations is still low, which is a significant lost
opportunity. This sets the main goal of STRATEGIC of boosting the adoption of
public cloud services, notably within public sector organizations.
Public cloud infrastructures are generally made available to the general public or
even large industrial groups and are usually owned by organizations providing/selling
Karayannis F., Daniel J., Livenson I., Dominguez N., Konstantinos K. and Ledakis G.
STRATEGIC: Opening New Horizons in the Secure and Privacy Friendly Migration, Adaptation, Governance and Development of Public Cloud Services.
DOI: 10.5220/0006144300030015
In European IST Projects - The Quest for Excellence Towards 2020 (EPS Vienna 2014), pages 3-15
ISBN: 978-989-758-101-4
Copyright
c
2014 by SCITEPRESS – Science and Technology Publications, Lda. All rights reserved
3
cloud services
1
. Nowadays, privately held as well as public Cloud computing services
hold the promise to deliver a host of benefits to both public sector organizations and
enterprises, including reduced Capital Expenses, improved performance and
scalability, enhanced reliability, as well as an overall reduced Total Cost of
Ownership for their ICT infrastructures and services. At the same time, the ability to
combine public cloud services could open new horizons for the development of a next
generation of innovative cloud services that fully leverage existing services and APIs.
These benefits are particularly important for public bodies, especially for
governmental agencies, municipalities and regions, all over the EU; the adoption of
public cloud services as part of their numerous e-government transactions is expected
to have a significant economic and social impact
2
.
Despite these potential benefits, their penetration within public sector
organizations is still low
3
. Furthermore, cloud use in the public sector is usually
confined to the use of simple on-line back-office services (e.g., document
management, document sharing, mobile access to document), with only few instances
of use of e-government services by European citizens. Furthermore, security and
privacy management mechanisms (along with related policies) are not yet fully
integrated into public cloud services. This is a significant lost opportunity in an era
where governments are under extreme pressure to reduce operational budgets, while
at the same time citizens seek opportunities for increased satisfaction at less time and
lower cost.
However the current state of the art of cloud computing is slowing finding its way
to public sector. Governments are replacing their legacy IT systems with cloud
computing technologies and implementing new cloud-based tools for collaboration
and information sharing across agencies and units. Cloud Computing provides a great
opportunity for enabling reliable e-Governance quickly and at lower costs, while if
the needs have to be covered in-house they will have to cover peak demands (at
specific points of time) paying for over provisioning and leaving part of the
infrastructure unused for significant amounts of time. Cloud computing features like
application virtualisation, end-to-end service management, instant deployment and
ease of maintenance are catalysts, that jumpstart application deployment on the
Cloud. The biggest benefit of the Cloud is that it helps consolidate all data centres and
optimize resource utilisation, reducing support and maintenance costs by more than
half, without compromising on performance, availability and reliability of
applications
4
.
Centralising data storage and processing offers economies of scale that even the
largest organisations cannot achieve by themselves. Cloud computing therefore
represents considerable savings in IT budgets, and the end of headaches linked to
older computing methods. Private sector businesses using cloud computing report 10-
20% lower IT costs, while cloud computing can also help the public sector improve
efficiencies and lower costs, according to European Commission
5
.
According to European Union Agency for Network and Information Security
(ENISA), public bodies can be a key player in Cloud computing area as it offers
scalability, elasticity, high performance, resilience and security, together with cost
efficiency while at the same time it can enable and simplify citizen interaction with
government by reducing information processing time, lowering the cost of
government services and enhancing citizen data security. Governmental Clouds offer
4
EPS Vienna 2014 2014 - European IST Projects - The Quest for Excellence Towards 2020
4
to the public bodies, including ministries, governmental agencies and public
administrations (PAs), the potential to manage security and resilience in traditional
ICT environments and strengthen their national Cloud strategy
6
.
ENISA also identified the Member States with operational government Cloud
infrastructures and underlines the diversity of Cloud adoption in the public sector in
Europe, while suggesting solutions to overcome those barriers, and to sharing best
practices paving the way for a common set of requirements for all Member States
(MS).The ENISA study
6
showed that, while there is no common agreement on a
definition of Governmental Cloud, a common concept exists:
A gov-Cloud (or G-Cloud) is an environment running services compliant with
governmental and EU legislations on security, privacy and resilience.
A gov-Cloud is a secure and trustworthy way (private Cloud or public Cloud) to
run services under public body governance (how)
A gov-Cloud is a deployment model to build and deliver services to state agencies
(internal delivery of services), to citizens and to enterprises (external delivery of
services to society) (for who)
After the examination of the wide and heterogeneous landscape of the EU countries a
governmental Cloud classification is presented based on basic criteria:
the existence of a legal background to support the implementation of Cloud
computing in administrative systems, i.e. national Cloud strategy or digital
agenda,
and the advancement of the governmental Cloud implementation (design,
implementation, projects running etc.).
The purpose of this paper is to describe the STRATEGIC project approach on the
aforementioned facts. The approach followed by STRATEGIC is described in terms
of objectives and expected results and also in terms of technical achievements.
2 STRATEGIC Approach
STRATEGIC defines a framework of interconnected solutions and services that offer
a cloud enablement on various infrastructures while offering a set of services related
to public bodies, opening new horizons in the secure and privacy friendly migration,
adaptation, governance and development of public cloud services.
2.1 STRATEGIC Objectives
In this context, STRATEGIC emerges from leading edge R&D results (Optimis
Toolkit, STORK and Semiramis projects) in order to open new horizons in the secure
and privacy friendly migration, adaptation, governance and development of public
cloud services, notably in terms of e-government services operated and used by public
bodies.
5
STRATEGIC: Opening New Horizons in the Secure and Privacy Friendly Migration, Adaptation, Governance and Development of Public
Cloud Services
5
The primary goal of STRATEGIC is to boost the adoption of public cloud
services, particularly within public sector organizations, through working towards
three complementary directions
7
:
The migration/porting of existing on-line services to the Cloud (i.e., the cloud-
enablement of existing services). The cloud-enablement of existing on-line
distributed services (i.e. the vast majority of public bodies in the EU) can on the
one hand, facilitate public bodies to leverage the benefits of cloud computing,
while on the other hand, it can also significantly enhance the number of public
cloud services that could become readily available for replication and (re)use by
other public bodies.
Replication and re)use of existing services i.e. of services which have been already
successfully deployed across EU countries and regions. This migration and
customization effort is required in order to adapt the services to different legal,
ethical and governance requirements, while also including the necessary
localization effort.
Composition of new value-added services. Successful public cloud services can
also serve as a basis for building innovative value-added services, thereby
extending the pool of available services and encouraging end-users (i.e. business
and citizens) to use them. As a result, the ability to compose and integrate novel
public cloud services based on other existing/legacy services could allow public
administrations to streamline their processes thereby reducing overheads,
alleviating bureaucracy and overall improve citizens’ benefits and satisfaction.
STRATEGIC focuses on the provision of tools and techniques for the interoperable
migration and replication of public cloud services across different EU countries and
their regions. STRATEGIC will emphasize and demonstrate the importance (and the
merit) of a unified homogeneous marketplace of public services, thereby alleviating
the high fragmentation of the market.
To this end, the project will systematically study processes and needs associated
with the secure and privacy-friendly replication, migration and extension of public
cloud services and will accordingly integrate a novel cloud-based framework
(including various tools, other EU project outcomes and techniques) that will
successfully address these needs for a number of stakeholders including public
bodies, cloud application developers, cloud service providers and ISVs. This unified
framework will comprise security-by-design principles that will ensure the effective
management of authorizations for security and trust and will be integrated on the basis
of mature readily available R&D results from background projects of the partners.
2.2 STRATEGIC Identified Requirements and Functionalities
In order to come up with a proposed solution for public cloud services, the
requirements of the target communities were identified after analyzing a diverse set of
public and private sector organisations. Public sector ones include governmental
agencies (central government), municipalities and other regional or local
governments, while private sector ones include cloud application developers, cloud
solution providers, cloud services providers, cloud solution integrators, Independent
Software Vendors (ISVs) and more. Both requirements and business strategies were
6
EPS Vienna 2014 2014 - European IST Projects - The Quest for Excellence Towards 2020
6
considered. Diversity in terms of cloud maturity was also taken into account, ranging
from cloud-“immature” to cloud-“mature”.
The identified methodology comprised two main axes: the state of the art review
in the area of e-Government/public cloud services and the development of a
questionnaire supported by few selected interviews in order to get input from a
diverse set of stakeholders, both cloud users and providers (including cloud
developers, integrators, brokers, and software vendors). The state of the art review
identified several key findings that are analysed further below. A list of about 155
stakeholders was created. The questionnaire
8
was opened on 11.3.2014 and remained
open for roughly one month. A total of 117 responses was received, however 112
usable responses were gathered. The conclusions from both the state of the art review
and the questionnaires are presented in the next subsection.
Fig. 1. Overview of the adopted methodology.
2.2.1 Main Findings
Focusing mostly on e-Government Cloud and other relevant initiatives, and despite
the fact that many of them are rather new, there are some important messages and
requirements that can be extracted from both the state of the art review and the
questionnaire/interviews analysis.
1. Limited Provision of Cloud Services by the Public Sector – Use of Services
(Consuming Services) however is at a Good Level - STRATEGIC in the Heart of
the Problem. First of all the provision of Cloud computing in public administrations
is limited or in many cases even non-existent. Although there are cases that can be
considered early adopters, especially at national level (having G-Cloud initiatives
such as the UK G-Cloud), these are still the minority and most countries are still in
the investigation, planning or pilot phase. Furthermore, at local level (e.g.
municipalities), even for those early adopting countries, cloud services do not exist
and are mostly at planning or pilot phase. The use of Cloud services (consuming
Cloud services) is at a much better position, and only a 12,5% of questionnaire
respondents state that they do not use or plan to use the Cloud. This first finding
amplifies the role of STRATEGIC, which has a rather modest, but important scope of
“cloudifying” current solutions, reusing solutions from other providers or creating
new cloud services.
7
STRATEGIC: Opening New Horizons in the Secure and Privacy Friendly Migration, Adaptation, Governance and Development of Public
Cloud Services
7
2. Preference on “Cloudification” of Existing Services and Development of New
Services, rather than Reuse of Cloud Services Running in other Providers.
Regarding the requirements on the STRATEGIC possible services (with multiple
answers allowed) 61% of Cloud providers opted for “Cloudification” of existing
services running locally, only 20% of re-using-adapting “foreign” services, and 51%
for development of new services. It has to be better understood why providers do not
want to adapt/localise Cloud services running elsewhere (only 13% condensed to
100% sum). Either providers underestimate this opportunity or they assess that
adapting maybe sometimes more complex than rebuilding the services from scratch.
3. Trends in Cloud Service and Deployment Models Show that “Private” and
“SaaS” are Dominant respectively, while a Distribution of Customer Target
Groups (from Internal to External) can be observed. Both state of the art and
questionnaire analysis lean towards a “Private” service model. The questionnaire
analysis shows indeed the “Private” model dominating (close to 50%), while
“Hybrid” is following (~30%) and “Public” last (with around 20%). The state of the
art review shows national G-Cloud early adopters have taken different paths in
choosing for their cloud solutions. Although there are a few countries that have opted
for public solutions, it appears that most countries currently working or planning
towards a G-cloud lean towards Private cloud (i.e. a governmental agency hosting the
G-cloud services with own-resources). Regarding the deployment model “Software as
a Service”(SaaS) again appears to be the most favourite approach, although a
combination of other models (Infrastructure as a Service - IaaS, Platform as a Service
-PaaS and SaaS) is also common (especially if there is a need for the agency hosting
the G-cloud to provide resources (at the IaaS or PaaS level to other governmental
agencies). Regarding the target audiences of Cloud services, the trend appears to be
clearly towards servicing all players, i.e. citizens, business and governments, i.e.
B2C/G2C, B2B/G2B, G2G.
4. Regarding Specific Requirements that need to be taken on-Board by the
STRATEGIC Solution, there are Requirements that have been confirmed by
both the State of the Art and Questionnaire-interviews Analyses (such as Privacy
and Security), while there are Others that are not confirmed by Both (such as
Interoperable and Standard Interfaces). The most important confirmed
requirements from both state of the art and questionnaire analyses are:
Security and privacy
Lowering costs
Performance and availability
Conflicting requirements from the two analyses are:
Interoperability
Portability
Standard interfaces.
In the state of the art review interoperability, standards and portability where deemed
quite important, while the questionnaire answers do not confirm this view. Either it is
felt that moving between providers is not a great effort and thus interoperability or
standards are not that important or this requirement has been underestimated in the
questionnaire analysis. In the first option, we have to also take into account that more
8
EPS Vienna 2014 2014 - European IST Projects - The Quest for Excellence Towards 2020
8
than half of the respondents are public bodies for who standards and vendor lock-in
may not be a priority/issue.
5. Main Benefits for Public Entities in using the Cloud:
Reducing costs for their information system infrastructures, platforms and services
Embracing new (cloud-based) service delivery models to accelerate innovation
and benefit from economies of scale as these become available
Sharing resources and experiences, and integrate services with other local
authorities or other countries, again to reduce costs and share support and
knowledge
Making use of national G-Cloud services as they become available
Increasing the effectiveness, scalability and elasticity of current online services
and invoke some new ones
6. Marketplace and Brokerage Services. The role and importance of marketplace
and brokerage services all together will raise in the future. Premium paid on top of
provider prices are mostly 1-10% but in some cases providers are willing to pay up to
20%.
7. Other findings:
There is an absolute need for data privacy (both the vast majority of Cloud users
and providers deem it as important or very important )
There is need for a central user directory, both for internal users (with higher
importance) and external users (with lower importance)
Single Sign On is a second priority requirement, mostly for internal users (50%)
An API for the management of cloud resources by the customers is also a second
priority requirement (~50% of cloud providers)
Electronic Identity (eID) for authentication is also a second priority requirement.
Fig. 2. STRATEGIC conceptual architecture.
9
STRATEGIC: Opening New Horizons in the Secure and Privacy Friendly Migration, Adaptation, Governance and Development of Public
Cloud Services
9
2.3 STRATEGIC Conceptual Architecture
Based on the requirements and functionalities identified an initial identification of
services and core concepts that STRATEGIC should entail have been identified. The
produced STRATEGIC conceptual architecture is presented in the following figure
and focus on the layers that compose STRATEGIC framework
7
.
Each layer of STRATEGIC framework is described in the following list.
STRATEGIC Portal, Toolkit and Marketplace of Public Services.
STRATEGIC marketplace of public services is the main interaction point between
STRATEGIC and its users. It supports the co-existence and operation of multiple
cloud services that can also be re-used or combined for the creation of new cloud
services. These services are offered through the marketplace and can be instantiated
monitored and managed with a unified way. Development tools for the preparation of
the services that will be published to the marketplace are offered.
Set of STRATEGIC APIs. This layer includes APIs (Client API, Appliance API
and Service) that are defined and are providing the connection between
STRATEGIC Marketplace and internal services that are provided through
STRATEGIC.
Set of Internal Tools & Services. This layer includes various tools that are
provided from STRATEGIC as services to end user of STRATEGIC, and are
focused on governmental bodies. (e.g. adaptation, localization, cross-border
authentication and data exchange and multi-cloud security services: data, server
and application protection)
Brokerage Services Layer. Brokerage capabilities layer encapsulates the
functionalities required in order to allow the discovery, access and negotiation
between cloud services published in the Marketplace and the cloud infrastructure
providers.
Interoperability Layer. Interoperability layer makes possible the deployment of
public cloud services to different infrastructure options. It is used by Brokerage
layer and Marketplace as well.
Infrastructure Layer. Interoperability layer includes all IaaS solutions that are
supported from STRATEGIC
5
.
2.4 High Level Description of Components Functionality
Taking under consideration the aforementioned technical requirements and the
conceptual architecture of the framework, the high-level architecture has been
designed. The following figure summarizes the STRATEGIC architecture and the
main components needed for its implementation.
The high level architecture consists mainly of a Packaged Application Repository,
Configuration Recipes Repository, an Application Instantiation Workflow
Component, a Governance Component, a Credential Management Component, a
Configuration Server and a Billing Component. Moreover, the Cloud Orchestrator is
accompanied by two external Services; the Threat Intelligence Service and the
Monitoring Service.
10
EPS Vienna 2014 2014 - European IST Projects - The Quest for Excellence Towards 2020
10
Fig. 3. STRATEGIC High Level architecture.
The Packaged-Applications Repository contains all applications that can be
instantiated in an IaaS environment. The critical aspect regarding the repository is the
formulation of an expressive enough application-packaging schema. Such schema has
to cover all the aspects that have been introduced in the requirements section (i.e.
configuration abstraction, dependency management scalability). In addition to the
previous repository, an OS Virtual Machines (VM) Template Repository contains the
available Operating Systems that can be instantiated by various IaaS environments. It
should be noted that the Packaged Applications Repository can be also addressed as
Marketplace.
The Application instantiation Workflow contains a workflow engine that
coordinates the initialization of a deployment to an IaaS infrastructure. The
instantiation process combines information that is user-oriented (what type of
application, what type of guest OS etc) with information that is system-imposed (what
monitoring and security hooks should be configured before and after the deployment)
in order to keep track of all the steps that are required in order for a successful
deployment to be performed. Beyond deployment this workflow engine should take
under consideration all governance aspects such as undeployment, start, stop, pause
etc.
The Credential Management Component is responsible to persistently store the
credentials of an end-user, as far as the various IaaS providers are concerned. The
Application Instantiation Workflow coordinates the deployment of an Application to
an IaaS provider. This implies the selection of the proper host-OS (based on the
application packaging information), the target-IaaS and the initialization of the
11
STRATEGIC: Opening New Horizons in the Secure and Privacy Friendly Migration, Adaptation, Governance and Development of Public
Cloud Services
11
configuration-logic that is dependent to the application.
One of the most crucial components is the Configuration Recipes Repository that
contains the available configuration templates that can be applied after an Application
instantiation. A configuration template is valuable only in the frames of the adoption
of a holistic Configuration Management Framework. Therefore, although a
Configuration Server is not an organic part of the Orchestrator , it constitutes a critical
point since it assures that running instances maintain during runtime a proper-
configuration. Beyond that, the Configuration Framework is extremely valuable for
an additional reason; it acts a single point of reference for any functionality that has to
be horizontally integrated. Indicative functionalities that are subjected to horizontal
integration are Monitoring and Security.
Indeed, there are many Monitoring and SLA enforcement frameworks (Nagios,
Zabbix etc) which can be used as-a-service. To do so, specific agents have to be
initialized, configured and patched in the deployment unit that will be hosted in the
IaaS. In a production scenario the communication between the monitoring Agents and
the Monitoring Server should be secured at the application and transport level. All
these actions can be achieved with the usage of a Configuration Server. For the sake
of the reference implementation Puppet Server will be selected.
Finally, the Governance Component is responsible to interact (start, stop, pause
etc) with several underlying IaaS providers. To do so it has to rely on an abstraction
layer between the Orchestrator and the various Hypervisors. Since the risk of vendor-
lock-in is high, the exploitation of OCCI interfaces is imperative. At his point the
reference implementation of the architecture is realized. It is meaningful, to provide
the Application Packaging schema that will be adopted.
2.5 Pilots of STRATEGIC
During the course of the project the STRATEGIC framework focus on being
validated and evaluated on the basis of real service and real stakeholders. For these
reason three pilot public bodies (London Borough of Camden, City of Genoa and
Municipality of Stari Grad
9
) are used for the contribution of several services, and also
horizontal services deployed on the marketplace (on intelligent protection and secure
cloud storage) will be contributed by project partner BT. Furthermore, the project’s
pilot operations are able take advantage of public cloud infrastructures established and
operated by partners BT and SILO. Following the end of the project, the partners will
endeavor to sustain the services of the pilot sites, while at the same time executing an
ambitious exploitation plan, which foresees the radical expansion of the use of the
STRATEGIC framework, both in terms of additional services that will be deployed in
the marketplace, but also in terms of additional cloud services providers that will
interface to the marketplace.
The sustainability of the project’s infrastructures will be pursued as part of the
joint exploitation strategy of the partners, but also as part of their individual
exploitation plans, which foresee the expansion of their activities in the market of
public cloud services.
12
EPS Vienna 2014 2014 - European IST Projects - The Quest for Excellence Towards 2020
12
3 Discussion
3.1 Expected Results
As aforementioned STRATEGIC will primarily address the need of organizations
(notably public sector bodies) to adopt cloud computing and to leverage the benefits
of public cloud services. Thus, the STRATEGIC framework will comprise cloud
infrastructures and tools that will ease public sector organizations to flexibly and
effectively migrate their services to the cloud.
Using the STRATEGIC framework, public bodies will be able to cloud-enable
their services, but also to adapt and localize «best practice» services that have been
successfully deployed by other public bodies in other EU countries and regions. These
adaptation and localization functionalities will greatly benefit (cloud «newcomer»)
public bodies that have no cloud deployments at all, since they will offer them with a
readily available bundle of public services that they could directly adopt.
While the emphasis of the project will be on public bodies, the public
administration and e-government services, several of the services of the project (and
the associated benefits) will be applicable to private enterprises as well. In this way,
STRATEGIC addresses also cloud application developers, cloud services integrators,
independent software vendors (ISVs) and cloud services providers (including
providers of hosting services) as follows:
Cloud service developers and ISVs will be offered with tools and techniques for
developing public cloud services, but also for adapting and localizing existing
ones. In this way, they will have the opportunity to undertake such adaptation and
localization task for a wide range of public bodies in their territories, thereby
increasing their customer portfolios and revenues.
Cloud services providers (including providers of hosting services) will have
opportunities to offer cloud hosting services to the proliferating public sector
organizations that will be gradually adopting public cloud services. The
STRATEGIC framework will offer a rich set of opportunities to cloud providers
wishing to offer «last mile» services associated with the adaptation and
localization of public cloud services to local conditions
STRATEGIC will contribute to the provision of more effective services for citizens
an enterprises, give public administrations the opportunity to benefit from the
experience of other public entities and to provide cost-efficient and improved quality
electronic services as well as offer the technology community a secure framework for
the migration of online public services to cloud.
STRATEGIC project’s goal is to improve the field of public sector IT
administration by offering a cloud framework that will provide services to public
sector. These services include interactions with multiple stakeholders – a list of the
targeted stakeholders and the value proposition for each of them has been described
below.
Citizens - End-users of Public Cloud Services. Citizens will be the end-users of the
cloud services deployed through the STRATEGIC framework. These services may
include governmental services, as well as services provided by public sector third
party providers. Citizens will be able to use ‘cloudified’ versions of existing on-line
13
STRATEGIC: Opening New Horizons in the Secure and Privacy Friendly Migration, Adaptation, Governance and Development of Public
Cloud Services
13
services, as well as replicated versions of best practice services. Therefore they will
directly benefit from their ability to use effective governmental services, as well as
from the reliability and cost-effectiveness of the various services.
Public Bodies - Local/Regional/National Government Agencies. Government
agencies are the major stakeholders of the STRATEGIC framework with capabilities
to cloud-enable existing services, migrate existing services across providers and
develop new cloud-based services (in collaboration with ISVs acting on their behalf).
On the basis of the enablement, migration and development processes outlined above,
government agencies will be able to benefit from the elasticity, cost-efficiency and
reliability of the cloud. At the same time they have the opportunity to create new
proven services and processes based on the existing solutions in other public bodies.
Note that STRATEGIC can provide benefits to a lot of public bodies with a very low
degree of cloud adoption, given that it will provide them with the means to deploy IT
services from a set of readily available functionalities over many cloud services.
Cloud Application Developers, Solution Providers and ISVs. Cloud application
developers and ISVs have access to STRATEGIC marketplace and can publish new
or migrated public services for re-use by the public bodies. ISVs may also leverage
services from the marketplace, along with STRATEGIC tools, in order to develop and
deploy workflows of services that combine governmental and business processes to
the benefit of enterprises.
Cloud Services Providers. STRATEGIC offers a simple way for cloud services
providers, both from a public and private sector, to integrate with a common
marketplace. In this way they will have opportunities for new customers and revenue
streams, through offering hosting services to the users of the STRATEGIC. Note that
STRATEGIC offers extended capabilities for end-users to select a target cloud service
based on the reliability and other non-functional requirements of the applications.
Cloud Broker. Another role and stakeholder within the STRATEGIC framework is
the role of the cloud broker, who will be in charge of operating the brokerage and
marketplace services. It is envisaged that the cloud broker will provide not only
infrastructure, but also services associated with the negotiation of access to public
sector Cloud resources (i.e. access and integration to governmental services) as well.
Note that cloud brokerage services be provided by governmental or EU agencies, or
alternatively provided in collaboration (partnership) with these agencies in order to
ensure a high level of security, data protection, privacy and availability.
4 Conclusions
The rationale of this paper is to provide an overview of STATEGIC project. For this
reason a brief description of STRATEGIC main goals, the expected results and the
value proposition of the project is provided. For the conception of the proposed
solution, a detailed analysis of the stakeholders has been done and their requirements
have been identified. Based on these findings, conceptual and high level architecture
have been briefly described.
14
EPS Vienna 2014 2014 - European IST Projects - The Quest for Excellence Towards 2020
14
Acknowledgements
The work performed in the frames of this paper is funded by the Strategic CIP-PSP
Project (http://www.strategic-project.eu).
References
1. Mell, Peter & Grance, Timothy: The NIST Definition of Cloud Computing. s.l. NIST-July
2009.
2. Neelie Kroes Vice-President of the European Commission (speech): Digital democracy:
how ICT tools can change the relationship between citizens and governments. 18 October
2012.
3. Carsten Bruhn: European public sector failing to embrace cloud computing. Public Service
Europe, January 2013
4. http://www.imaginea.com/images/resources/white-papers/white%20paper%201.pdf
5. https://ec.europa.eu/digital-agenda/about-cloud-computing
6. www.enisa.europa.eu: Good Practice Guide for securely deploying Governmental Clouds,
2013
7. Description of Work of “STRATEGIC: Service disTRibution network And Tools for
intEroperable proGrammable, and UnIfied public Cloud services”
8. http://strategic-project.eu/strategic_public_files/deliverables/STRATEGIC_D2.%201_Repor
t%20on%20Stakeholders%20Requirements_v1.0-public.pdf
9. Dr. Milan Markovic: STRATEGIC project presentation, 29 August 2014
15
STRATEGIC: Opening New Horizons in the Secure and Privacy Friendly Migration, Adaptation, Governance and Development of Public
Cloud Services
15
