[ELASTIC Demo Series] Demonstrator #2 MVP – Migration of a Sensitive IT Service to the Public Cloud

This new episode of the ELASTIC Demo Series presents the first milestone of ELASTIC’s work on privacy preserving cloud migration for sensitive IT services. The demo focuses on how regulated or high sensitivity workloads can be moved towards cloud infrastructures without compromising security, compliance requirements, or operational continuity.

In this MVP of Demonstrator 2, the project uses the Badge Request Tool (BRT) as a concrete example of a security critical service. The video shows how the service can be deployed in a Trusted Execution Environment (TEE), supporting confidentiality for data and processing even when running on shared or public cloud infrastructure. This provides a practical foundation for organisations that want to modernise legacy services while maintaining strong security controls.

Key messages and latest results

The carousel below summarises the main challenges, the approach implemented in the MVP, and the results achieved so far. The text in this article provides additional context and explains what the demonstrator enables in practice, without repeating the slide content.

What this demo aims to address

Many organisations would benefit from cloud migration, but sensitive services often remain on premises due to security and compliance concerns. In real deployments, this is not only a technical issue. It is also about trust. Operators need a reliable way to verify where code will run, which protections are active, and whether the execution environment can be considered trustworthy before a service is started.

At the same time, migration projects must preserve operational continuity. Services cannot be moved to the cloud if the result is increased risk, reduced oversight, or unclear responsibility boundaries. Demonstrator 2 addresses these constraints by combining confidential computing with trusted orchestration concepts, aiming for a migration path that is verifiable, controlled, and practical to operate.

What the video shows

The demo introduces the MVP capabilities through the Badge Request Tool use case. It shows how a sensitive service can be deployed so that execution happens inside a TEE, helping protect both the workload and the data it processes. The walkthrough also highlights how ELASTIC supports verified trust checks before execution and how monitoring can be integrated as part of the operational view of the service.

The demo presents the foundation for continuous security monitoring through integrated AI driven threat detection. This is shown as part of the overall direction of the demonstrator, supporting visibility and response capabilities that are important for sensitive workloads.

Finally, the video positions the MVP as a first step towards flexible and portable deployment across evolving environments. This includes scenarios where infrastructures change over time, or where services need to be moved between different operational contexts while maintaining consistent security guarantees.

Key characteristics highlighted in the demo

Confidential execution for sensitive services

A central element in the MVP is the ability to run a workload in a Trusted Execution Environment. This supports confidentiality for data and processing, even when the underlying infrastructure is shared. For many organisations, this is an important prerequisite for moving sensitive services towards cloud platforms while keeping security and sovereignty requirements in place.

Verified trust before execution

The demo highlights the need to verify trust before a service is executed. Rather than assuming the infrastructure is trustworthy, the goal is to check key conditions before deployment or execution proceeds. This supports a more controlled operational model for regulated environments, where auditability and assurance are essential.

Monitoring as part of operational continuity

The MVP also lays the groundwork for continuous security monitoring. The demo references integrated AI driven threat detection as a way to support detection and response while services are running. This aligns with a practical view of security, where deployment is not the end of the process, but part of a lifecycle that also includes monitoring, validation, and operational oversight.

Portable deployment across changing environments

The demo points toward flexible service deployment across evolving IT and OT environments. This matters because migration is rarely a one time move. Organisations often need to adapt deployments as infrastructure, policies, or operational constraints change. Building portability into the model helps support longer term adoption and reduces future migration effort.

Why it matters for ELASTIC

ELASTIC focuses on technologies that enable distributed service execution with strong security and trust properties, while remaining practical to deploy and operate. Demonstrator 2 contributes to this by addressing a concrete barrier to adoption: the challenge of migrating sensitive services to the cloud without losing control over confidentiality, compliance, and operational assurance.

This MVP also highlights the practical business value of the project. It supports confident cloud adoption for regulated use cases, with the aim of reducing infrastructure costs and accelerating cloud strategies while maintaining security and sovereignty requirements.

What comes next

This demo presents an early showcase of Demonstrator 2. The final version will extend these capabilities toward a full end to end migration flow. Building on the MVP, future work will focus on completing the end to end process and strengthening the supporting mechanisms needed for real world deployment, including broader integration and operational refinement.