Le Gouvernement du Grand-Duché du Luxembourg

Top-level security standards for Luxembourg supercomputer

As LuxProvide, the company in charge of Luxembourg’s supercomputer MeluXina, expands its cooperation with companies, it is implementing an advanced security system to ensure that customers can process their data in a climate of complete trust.

Ismail Guennouni, Chief Information Security Officer at LuxProvideThrough the MeluXina supercomputer, LuxProvide offers companies a range of opportunities to generate business value from their data. However, making sensitive or confidential data available for processing by an external organisation often raises a number of questions. Who will be able to access my data? Will any competitors working with MeluXina be able to find out what type of operations we are running? What will happen to my data when the project is over? How likely is it that the data processed by the high performance computer (HPC) will be hacked?

Security has been on top of our agenda since the very start of the company.

For LuxProvide, it is a top priority to ensure that prospective and actual customers can feel reassured regarding all security matters. “Security has been on top of our agenda since the very start of the company,” says Chief Information Security Officer Ismail Guennouni. “We are integrating a security dimension into all the aspects of our activity: services, customer integration, the separation of different customer environments, and so on.”

Adopting a supercomputer security standard

In December 2022, LuxProvide reached an important milestone by becoming compliant with the internationally recognised ISO 27001 security standard. “The ISO certification provides a framework for continuous improvement which we are using to ensure that our security level is constantly increasing,” Mr Guennouni explains. With the certification as a basis, the high-level security rules are continuously improved and adapted to the current usage, for example by defining who has access to the server room, how the identity management of employees, customers and providers is handled, and so on.

The communication channels used to transmit data are encrypted by default.

Strong identification measures are crucial. “We address multiple target groups: private companies just as well as engineers and scientists who are used to working in an HPC environment. Processing company data will, in many cases, mean that the supercomputer holds their trade secrets, and we need to make sure that our level of protection is top-notch. Our user identification and multi-factor authentication processes will ensure that any transfer of data or access to MeluXina is done by the right person. The communication channels used to transmit data are encrypted by default.”

Each customer will have the option to process its data in a restricted environment, without any possibility to spot other users or their operations. LuxProvide fences user environments and applies a high level of monitoring, to ensure an elevated degree of availability, integrity and confidentiality of user data on the MeluXina platform. A particularly high level of control is also implemented for external service providers who support the system’s operation.

Protection against attacks

Protecting MeluXina against cyberattacks by monitoring risks and protecting the HPC environment is obviously crucial. “We are putting a maximum of measures in place to reduce our exposure to attacks, but a zero-risk level does not exist,” Mr Guennouni points out. “We also need to find the right balance between security measures and usability. If you make your systems extremely secure it is hard for attackers to get in, but using them also becomes very complicated for customers and staff. If we go too far, the risk is that customers turn to other, less secure HPC centres that are easier to use.”

In the event of an attack, the first step to take is to rapidly become aware of the attempt and have processes in place to find out whether the breach was successful or not and how far the attacker was able to go. “If a breach happens, our customers will be notified directly. We also constantly keep ourselves updated about software vulnerabilities and make sure that we implement the security patches as soon as they are released.”

Limited data retention

All data processed by MeluXina is stored at LuxConnect’s tier IV datacenter. However, hosting confidential company data with an external organisation is a sensitive issue, something Mr Guennouni is well aware of after having worked with security for over 15 years mainly in the banking sector. “The availability of data will follow the lifecycle of the contracts we have with our customers,” he explains. “We have a default data retention rule, for example until one month after the end of the contract. After that, all data will be deleted from MeluXina.”

Our customers can feel completely at ease.

However, would it be possible to recover deleted data, as can be done on a laptop? Mr Guennouni answers this question with a resounding no. “In the very unlikely case that someone would manage to steal one of our hard drives by bypassing the security controls of a tier IV data centre, they would never be able to retrieve its contents due to encryption mechanisms and the fact that the data is divided on multiple disks. Our customers can feel completely at ease.”

Photos: © LuxProvide

Need more information?

Luxinnovation, the University of Luxembourg and LuxProvide are jointly managing the Luxembourg National Competence Centre in High-Performance Computing (HPC). For more information about how you can cooperate with MeluXina, please contact us.
Contact us

Newsletter sign up

Read our privacy policy

Bleiben Sie über unsere neuesten Innovationsaktivitäten informiert.

Erhalten Sie regelmäßige Updates über unsere monatlichen Newsletter und gelegentliche E-Mails, die auf Ihre Präferenzen abgestimmt sind.

Sie können Ihre Newsletter- und E-Mail-Abonnements jederzeit kündigen. Weitere Informationen zur Abmeldung sowie zu unseren Datenschutzrichtlinien und unserem Engagement für den Schutz Ihrer Privatsphäre finden Sie in unserer Datenschutzerklärung.