Skip to content

Secure Public Cloud

Polo Strategico Nazionale has created a customised cloud service for managing critical data. Secure Public Cloud uses Hyperscaler, Microsoft Azure and Google Cloud with the implementation of cryptographic keys exclusively managed by Polo Strategico Nazionale. This coded language ensures the highest level of IT security for the Public Administration. Secure Public Cloud also guarantees safekeeping of data and applications in Regions located only in Italy.

image

Sovranità e sicurezza: i punti di forza di Secure Public Cloud

Gli elementi fondanti del servizio Secure Public Cloud sono la sicurezza garantita dal criptaggio dei dati, e la sovranità assicurata da operazioni effettuate solo in Italia. 

image

Sovereignty and security: the strengths of Secure Public Cloud

The founding elements of the Secure Public Cloud service are security guaranteed by data encryption, and sovereignty ensured by operations that are only carried out in Italy. 

These are the 3 cornerstones of Secure Public Cloud security

  •  The encryption keys. All Public Administration workloads are encrypted with BYOK and HYOK master keys. The codes are owned by the PA, but managed by Polo Strategico Nazionale and located within the Data Centres situated in Italy. 
  • Cyber Security Postures are tested and implemented according to the specific needs of each administration. Security operations follow the main best practices and relevant frameworks. 
  • Networking Management because all traffic is monitored through a Hub & Spoke architecture that allows data to be controlled through firewalls, WAF and SIEM. 

These are the strategic choices to guarantee sovereignty: 

  • The strict policy of only imposing workloads in Italian Data Centres of the selected Public Cloud. Moreover, the only services that can be enabled are those that meet security standards with external key management systems. 
  • Double set of backups. Backups are used both in the Polo Strategico Nazionale Data Centres and in the Public Administration infrastructures to ensure double storage of applications.