Polo Strategico Nazionale protects PA data

Physical security plays a key role. Each Data Center is equipped with an automatically activated alarm system which interconnects with public and/or private surveillance systems.

These installations are equipped with external perimeter protection sensors and are guarded as well by video surveillance and recording systems. System access is granted only and exclusively to security personnel who are adequately identified according to the relevant privacy rules and procedures.

Data Centers in dual Italian regions

The Cloud infrastructure is hosted by four Data Centers distributed throughout Italy. These Centers have been set up hundreds of kilometres apart in a dual-region configuration (North and South) and in dual-AZs (Availability Zones), i.e. as a pair of Data Centers working some dozens of kilometres apart in a business continuity configuration. 

The workload is clearly distributed and a HA (High Availability) configuration enables infrastructure service continuity between the two Data Centers in the same region. In this way, we ensure the Cloud platform’s innate ability to respond to disastrous events by allowing the resumption of workloads within one of the two AZs or in a different region. The resumption of workloads is thus protected by the activation of a Disaster Recovery (DR)/Business Continuity (BC) solution. This allows individual PAs to autonomously manage the restarting of each individual application according to their own DR or BC plans.

Our know-how in protecting critical national infrastructure allows us to provide the Hub with solutions and services that ensure the highest level of protection and cyber resilience. We do this through our capacity to anticipate threats, control risks, and effectively manage any external attacks. We also ensure the confidentiality, integrity, and availability of information through protective measures targeting infrastructure, networks, and archives. The measures adopted are commensurate with the existing level of vulnerability to cyber risks and risk analysis is carried out periodically using special assessment tools. This also allows tracking any identified remedial actions.

We ensure compliance with applicable laws and regulations, including those relating to information security and personal data protection. These include those applicable to Essential Service Operators (OSEs), Digital Service Providers (DSPs), and entities included in the National Cyber Security Perimeter (Perimetro di Sicurezza Nazionale Cibernetica/PSNC).

Any technical and organisational measures identified will be subject to ISO/IEC 27001 and ISO 22301 certification. They will also be noted in any specific Security Policies drawn up by our Security Organisation, particularly in relation to IT system and network infrastructure security and compliance.

Our logical security measures also stipulate that a “segment” architecture be defined within each end-customer environment. Policies will then be applied in each segment that are consistent with the type of application being hosted. 

Our logical security system includes creating a dedicated segregated area in the Data Centers, which is completely managed by Polo Strategico Nazionale personnel. 

The Security Operation Center (SOC) and Computer Emergency Response Team (CERT) work to provide security management for the network infrastructure and all Cloud services. 

SOC

Polo Strategico Nazionale has a dedicated Security Operation Center (SOC), located outside the Hub’s Data Centers. The SOC manages the security platforms required to address aspects such as device protection or managing access, encryption keys, and policies. The Security Operation Center also monitors the security status of the entire infrastructure.

CERT

The Computer Emergency Response Team (CERT) of Polo Strategico Nazionale is a dedicated entity which is organisationally separate from the units managing IT infrastructure and the SOC. It ensures being able to respond to potential cyberattacks by using tools, procedures, and personnel which focus on assessing threat scenarios and coordinating response actions. 

CERT provides proactive security services that include cyber threat intelligence, vulnerability assessments, and the ability to identify anomalous behaviour. The aim is to improve the security posture of infrastructures by anticipating threats. With regard to response services, CERT manages reactions to security incidents by defining the best response strategy. The aim is to minimise impacts and restore the affected services as quickly as possible. 

Cryptography

Given the high level of security required by Polo Strategico Nazionale’s services, encryption capabilities play a key role in ensuring data sovereignty and protecting and controlling Cloud-stored information. With this in mind, the Hub provides encryption and key management services to ensure data protection needs are met.