The German Competence Center Cloud Technologies for Data Management and Processing invited people from industry and academia do discuss secure data management at the Einstein Center for Digitalization in Berlin. This blog entry contains what stuck in my head and what I can extract from my notes during the event.
There was a lot of talk about the need for a sovereign cloud. Europe is stuck between US and Chinese big tech companies. Recent events and the erratic behaviour of the US have made it very clear that perhaps the US is not a particularly reliable partner that you would entrust with providing fundamental and essential services. China is focussed on partners in Asia because of import restrictions. Both the US and China run very centralised infrastructures. A European approach should be decentralised and federated.
The question of whether we can run sovereign cloud infrastructure given that we cannot produce our own chips came up. This was countered with the question if we were preparing for an at-war or at-peace situation. That's all somewhat worrying. Perhaps building systems that are modular and flexible would allow us to interchange US and Chinese hardware as required. I suspect that even the Americans will have problems without Asian electronics. So, the sovereign cloud is then a software stack that is entirely under European control. This calls for modular systems and lots of opens source software. The 8ra Initiative works on next generation open cloud infrastructure. NeoNephos is a Linux Foundation Project that works on an abstraction layer for cloud services. Another Linux Foundation Project, sylva looks into cloud roaming.
The sovereign cloud stack consists of
- bare metal
- ceph for storage
- openstack for cloud software with - keystone identity management and - neutron network segmentation
- kubernetes for managing containerised applications
There is also the Association for Operational, Open Cloud Infrastructures e.V..
Accessing data was a big topic and a cause for regular complaints. One researcher said that it is easier to get the data from medical instrument manufacturers than from the organisation. Another topic which interested me was how research code can move to production medical devices. To me, this calls for research software engineers. One way to accelerate this process is for researchers to collaborate with industry partners. Another wish was for a platform where researchers can share their code for pre-processing data pipelines. I would argue that we already have such a platform with our internal gitlab forge. I guess the problem is discoverability. Researchers would need to maintain good meta data so their code can be found by others. More work for RSEs.
Medical applications that run on (private or public) cloud infrastructure were also presented. MediCoRE. These applications run in a secure processing environment (SPE) on top of cloud infrastructure and provide a trusted research environment (TRE). Somehow data needs to be accessible so that researchers can do the work. At the same time they need to be secure so that they cannot leak. Those two positions are fundamentally opposed. The German Genome-Phenome Archive (GHGA) provides secure storage where the raw data is encrypted. Adjacent cloud infrastructure allows researchers to select data sets to work on. These data get pseudonymised on the fly for each project. They plan to use AI to monitor derived data sets to ensure no raw data is leaked. Crypt4GH is used to encrypt genomic data.
I very much enjoyed the event. It provided a good overview of what is going on in the world of cloud infrastructure.