SUNFISH ("SecUre iNFormatIon SHaring in federated heterogeneous private clouds") addresses the lack of infrastructure and technology. It allows public sector players to federate their private clouds and at the same time respect legislative and security barriers to using commercial technological solutions. In particular, SUNFISH’s “Federation-as-a-Service” approach covers federation administration, runtime and offline monitoring, data security assurance, and data transformation services.

SUNFISH addresses the following objectives:

  • Integrate different clouds while assuring information security
  • Improve infrastructure usage efficiency, thanks to more effective workload management between shared private clouds
  • Develop services for EU citizens that use sensitive data shared securely between different private clouds

Who is SUNFISH designed for?

The SUNFISH platform, a solution tailored specifically for public sector bodies and potentially private sector players. Currently there are three real-world use cases implemented:

The Italian Ministry of Economy and Finance (MEF)

The Italian Ministry of Economy and Finance's Department of General Administration manages payroll functions for more than 1.5 million Italian public sector employees. Managing a payroll system requires accessing highly sensitive data (such as health, religious orientation, information on military missions abroad) from multiple public and private entities.

Due to Italian privacy guidelines, some types of data may not be accessed in their original form by MEF. Instead, data must be pre-processed and encrypted by the data provider before being sent to MEF. As a result, MEF has to work with different entities to gather the required data in a secure and reserved manner. This raises cross-border confidential data propagation problems.

The SUNFISH framework will enable MEF to create and deploy a cloud application to perform credit checks, while accommodating all the security requirements of relevant regulatory frameworks. The payroll application will interoperate with multiple data sources to collect data about employees. It will leverage the SUNFISH framework to enforce data confidentially requirements.

The Maltese Ministry for Finance (MFIN)

The Taxation Departments within the Maltese Ministry of Finance requires taxpayers, employers, banks, and other data providers to submit information to the Commissioner for Revenue. These are submitted via a website or via web services. While medium-sized or large companies have IT systems to generate and submit the information, the majority of small businesses still use paper documents for this.

Consequently, the tax authorities in Malta want to enable small businesses to submit the required information by providing affordable solutions in the form of Software-as-a-Service that help SMEs generate and submit the required information. The system will also be used to reduce the tax authorities' costs of operating the systems for collecting information from taxpayers.

This use case will seek to advance the processing of data in an efficient and effective manner; manage a large number of data providers via the web; manage different workloads according to the tax and business cycles; ensure the confidentiality, integrity, and availability of data that is stored and processed on a public cloud infrastructure; and provide opportunities to share computing resources between public clouds and the MFIN private cloud.

The South East Regional Organized Crime Unit (SEROCU)

SEROCU is the regional organized crime unit for South East England (covering Kent, Sussex, Surrey, Hampshire, and Thames Valley). Besides its regional role, it also operates nationally as required to assist the National Cyber Crime Unit (NCCU) to investigate and prosecute offenders based in Europe and beyond.

SEROCU currently needs to ensure the efficient and secure reception, supply, and storage of intelligence/data between regional units, local policing forces, and governmental departments (such as the National Crime Agency and the Government Communications Headquarters). As it stands, the storage of data is localised to each department, i.e., the data for the regional units is held separate from each other.

Ideally, the solution resides in a federation of private clouds exactly as the one envisioned in the SUNFISH framework. This would allow SEROCU to reap the cost, usability, and connectivity benefits of the cloud, while sharing the infrastructure safely and reliably between many different government and policing agencies.

How will SUNFISH benefit end users?

Privacy and control of information propagation are becoming increasingly relevant issues in the public sector. Through these new technologies, the SUNFISH consortium aims at improving security in federated “national”, as well as “cross-border”, clouds. The impact of the wider adoption of cloud federation technologies will enable a greater infrastructure usage efficiency, encouraging a better resource utilization of the cloud infrastructures of public administration bodies, thanks to a more effective workload management between shared private clouds. During the project, a secure approach for federating private clouds is being developed, to guarantee a high level of safety for EU citizens and businesses who benefit from public services. In addition, a continuous monitoring of inter-cloud communications will be provided, as well as the ability to share services between different private clouds, in a fast, flexible and secure way with reduced management costs of IT infrastructure for public sector entities.


Micha Moffie, IBM Research - Haifa