University of Groningen achieves European data sovereignty and data compliance with Fortanix External Key Management for Google Cloud Platform
Overview
Founded in 1614, University of Groningen is the second oldest university in Netherlands with a reputation of excellence in academic research and ranked as a top 100 institution in the global Shanghai ranking. With more than 30,000 students today, it powers some of the most transformative breakthroughs in research activities.
USE CASE
ComplianceINDUSTRY
AcademicPRODUCTS
Business Challenge:
Business Challenge:
- For Raj and his colleagues, what started off as a project with a simple IT infrastructure quickly ramped up to involve multiple European multi-center studies resulting in high volume data ingestion rates. Some of this data was directly identifiable given the need to study one’s mobility through the collection of location information requiring extensive measures to safeguard the privacy of participants.
- With the need for GDPR compliance, and ethical review boards’ increasing concern of the privacy implications of such technology driven research initiatives, the team needed an ironclad data security and privacy strategy.
Solutions
- Easy to use and DevOps friendly solution- The cloud agnostic solution is DevOps/SecOps friendly, easy to use, and enables customers to centrally implement and manage multiple data security capabilities from a single console.
- End-to-end security- for keys and data (at-rest, in-transit, and in-use) protected with layers of defense including Confidential Computing, powered by Intel® SGX, and FIPS 140-2 L3 certified Hardware Security Modules (HSMs); Only authorized users can access keys.
- Highly scalable and available service- Scales horizontally and geographically as demand for managing keys and secrets increases. the solution provides automated load balancing, fault-tolerance, disaster recovery, and high availability. Service is globally available with multi-region deployment capabilities.
Raj JagesarProject Lead, Behapp Research Program
Given the current state of data access and retention laws in the U.S. and privacy laws in the E.U., it is difficult for European initiatives to make use of services from American cloud providers. Our data has to be sovereign, as in handled in a way to circumvent the U.S. Cloud-Act. But at the same time, we would be at a significant disadvantage if we are unable to use services of leading American cloud vendors like Google, due to a lack of comparable alternatives in the European tech space. Fortanix enables us to continue to use Google while meeting compliance requirements such as GDPR and Schrems II.
