There is at the moment a race to develop security mechanisms that allow different organisations to access each other's data, and the biggest IT moguls worldwide are in the starting blocks. The estimated global market value of this new field of business has been recently estimated as up to US$1 billion. Thanks to a EUREKA project, recent winner of the ITEA2 Award, European researchers and companies are now at the forefront of this emerging new field. Though regulation on protection of citizen’s privacy is, for understandable reasons, quite tough, in some cases however, a swifter system of data exchange would be profitable: the team behind the project decided to first test the new technology in a hospital.
Access to information through modern ICT technology basically depends on two factors called authentication and authorizations. “Authentication is proving who you are, using identification such as a password, while authorization is what you can when you are logged in, based on who you are” says project leader Thierry Winter, from the French IT service provider Evidian. But while authentication is well described and understood, authorization is lagging behind. "This is going to become critical in coming years. Organisations will need more than anti-viruses and firewalls, which protect from external threats, but to target the management of employees and partners with legitimate access," ads Winter, "everything is based on the fact that companies work now outside their own boundaries, for example with subcontractors.“
"This is where the companies are now putting the focus when they talk about security.This is going to be critical in the coming years."
Thierry Winter, Evidian
Experts at Evidian were reinforced in their convictions when they realised that in the United States many large companies started to buy up start-ups working on authorization. They realised they needed to speed up development of their own ideas in this emerging market. "This was the reason why we needed the support of public funding for this project. What was important was the speed – time to market was key." The 10 million Euro project initiated and coordinated by Evidian lasted two years and brought together researchers from Spain and France. "International collaboration was important because of the complementary skills of the partners," says Winter.
The problem the researchers looked at was authorisation: how to empower two separate organisations, each with its own security rules and procedures, to access each other's data and work together securely. The primary finding of their research was that merging two separate security policies into a single new one did not work. "What we quickly realised was that no organisation would allow its security policy to go outside its walls, the policy itself is a sensitive element of data protection." The solution MULTIPOL designed was a global consortium policy where individual security policies are left intact, while the involved organisations can use a minimal set of extra rules allowing them to work together. These instruments were first tested in a hospital environment.
Potential users: hospitals, banks and telecoms
Anyone could benefit from this technology. If a patient goes to a hospital to be examined, a doctor would not able to access files form a different hospital where this person has had a previous examination. One would have to go to the first hospital and take a physical copy of the file, while MULTIPOL allows doctors to access it automatically from his or her office. These solutions could apply to a diverse set of users, from industry, such as telecommunications operators, though local and national governments to hospitals – anywhere where two different entities may need to share data. Evidian has already received an impressive demand from potential customers and is in talks with several of them.
"If you build good security, it's efficient but you don't see it."
Thierry Winter, Evidian
As European Union countries come closer together, doing business with different organisations in different countries will become more common and such security systems more in demand. In turn MULTIPOL technology could also help European companies extend their businesses. "More and more companies are doing business outside their country. If I am a car maker in Germany and I need to access my partner's organisation, producing wheels in the Czech Republic to see how many they have in stock, for example, the information system cannot be limited to my own organisation I must access my partners information too" says the project leader.
The project has helped building capacity in Europe and it could also play an important role in making the European market more integrated and competitive. "The innovation came from Europe, we weren't just using standards that are defined in the US," Winter tells us. In fact the project could help European countries to have a say in the setting of the standards that are now emerging in this new field and work together with US companies on improving them. But the project partners might actually never receive the well-deserved praise for their efforts as one may never actually ‘see’ MULTIPOL. "Security is something you should not see – it's not like, say, building a plane. If you build good security, it's efficient but you don't see it. It is good because it protects you unobtrusively" concludes Winter.