Speaker
Description
The rapid growth of data-intensive life science research requests infrastructures and services that guarantee security, compliance, and interoperability across federated environments. EPIC Cloud (Enhanced PrIvacy and Compliance Cloud) represents the highly secure region of INFN DataCloud, representing the backbone of the Italian EOSC national node. Designed to meet stringent privacy and data protection requirements while ensuring FAIRness of scientific data, EPIC Cloud Information Security Management System is certified under ISO/IEC 27001, 27017, and 27018, ensuring a process-based approach to information security, cloud service governance, and personal data protection.
This contribution describes the organizational, architectural and operational principles underpinning the INFN EPIC Cloud, highlighting how ISO-certified information security processes enable trustworthy infrastructures to manage sensitive biomedical data and AI-driven workflows. EPIC Cloud supports critical use cases such as the Italian Health Ministry founded Health Big Data project, addressing the creation of a secure data lake for medical research in Italy, several use cases coming form NRRP-funded projects such as ICSC-Spoke8 and DARE (Digital Lifelong Prevention), the BBMRI-ERIC use case aimed to hosting AI pipelines implemented to analyse digitized tumour tissue samples and exploring the federated authentication, and the BOSCO computational genomics platform, powering large-scale analysis in compliance with GDPR and FAIR principles. By embedding security and compliance into the infrastructure lifecycle, EPIC Cloud advances data sovereignty, fosters secure research collaboration, and aligns with EOSC’s vision for global open science.
A distinctive feature of EPIC Cloud is its advanced process-oriented governance model, inspired by ISO/IEC 27022:2021 guidelines for information security process management and strategically aligned with Porter’s Value Chain framework. This approach goes beyond compliance, embedding security, and privacy as integral components of INFN’s organizational and operational ecosystem.
Security and compliance are not treated as isolated functions but as value-generating activities embedded throughout the chain:
- Primary Activities: Data ingestion, AI-driven analytics, federated
authentication, and secure data sharing are reinforced by ISO-driven
controls, ensuring trust and reproducibility. - Support Activities: Infrastructure management, personnel training,
and regulatory alignment provide the foundation for operational
resilience and scalability.
We will describe how this integration allows INFN to identify critical dependencies, optimize resource allocation (skilled personnel, operational time, and financial resources), and enhance the overall value delivered to stakeholders in EOSC, in life sciences and open science communities.
Moreover, we’ll present the ongoing evolution of INFN EPIC Cloud towards a multiregion cloud that today already includes three INFN sites located in Bologna, Bari and Catania and how EPIC process-based governance model delivers tangible benefits: improved operational resilience, enhanced transparency, and readiness for multi-region scalability.
By embedding security into the value chain, EPIC Cloud establishes a replicable blueprint for scientific infrastructures committed to openness without compromising trust.
