MUSA · Project

Secure Your Multi-Cloud Apps With Built-In Protection and Continuous Monitoring

digitalTestedTRL 6

Imagine you run your business software across Amazon, Google, and Microsoft clouds at the same time. Each cloud has its own security rules, and keeping everything safe across all of them is like trying to lock three houses with different key systems. MUSA built a toolkit that bakes security into your app from the design stage, automatically picks the safest cloud setup for each piece, and watches everything in real time — like a single alarm system that works across all three houses at once.

By the numbers

EUR 3,574,190

Total EU funding for development

36 months

Development period

Consortium partners

Countries represented in consortium

Total project deliverables

Demonstrated tool deliverables with user manuals

The business problem

What needed solving

Companies running applications across multiple cloud providers face a security nightmare: each provider has different security controls, compliance requirements, and monitoring tools. There is no easy way to design an app that stays secure across all of them, deploy it safely, or monitor its security posture from one place. A breach in any one cloud component can compromise the entire distributed application.

The solution

What was built

MUSA delivered a complete software toolkit: a security-aware development environment (IDE with plugins), self-protection mechanisms embedded directly in application components, an automated deployment system with intelligent decision support for distributing components by security needs, and a SaaS-based Security Assurance Platform for runtime monitoring. All 7 core tools reached final versions with user manuals across 34 total deliverables.

Audience

Who needs this

Banks and financial institutions running regulated workloads across multiple cloudsHealthcare IT companies managing patient data with cross-border residency requirementsEnterprise SaaS providers whose clients demand multi-cloud deploymentGovernment IT departments migrating services to hybrid cloud setupsManaged security service providers (MSSPs) supporting multi-cloud clients

Business applications

Who can put this to work

Financial Services

enterprise

Target: Banks and fintech companies running trading, payments, or customer platforms across multiple cloud providers

If you are a bank running critical payment systems across AWS and Azure to avoid vendor lock-in — this project developed a security design environment and runtime monitoring platform that lets you bake compliance and data protection into every component from day one. The SaaS-based assurance platform gives your security team a single dashboard across all 7 countries worth of cloud deployments, instead of juggling separate tools per provider.

Healthcare IT

mid-size

Target: Health data platforms and e-health providers handling patient records across cloud environments

If you are a health IT provider storing sensitive patient data across multiple clouds to meet regional data residency requirements — this project developed automated deployment tools with an intelligent decision support system that distributes your application components according to security needs. The self-protection mechanisms mean your app can react to threats at runtime without waiting for manual intervention.

SaaS and Cloud-Native Software

SME

Target: Software companies building multi-cloud products for European enterprise clients

If you are a SaaS company whose enterprise clients demand multi-cloud deployment for resilience and GDPR compliance — this project developed an IDE with plugins for security-aware application design that embeds protection directly into your code using a non-intrusive approach. The 34 deliverables include discovery and composition tools that automatically find and match cloud resources to your security requirements.

Frequently asked

Quick answers

What would it cost to implement this multi-cloud security toolkit?

The MUSA project was developed with EUR 3,574,190 in EU funding over 36 months by a 10-partner consortium. Licensing or implementation costs for the resulting tools are not specified in the project data. Contact the coordinator at Tecnalia for commercial terms.

Can this scale to large enterprise cloud deployments?

The tools were designed for heterogeneous cloud ecosystems and demonstrated in what the project describes as highly relevant industrial applications. The automated deployment environment uses an intelligent decision support system for dynamic component distribution, suggesting it was built to handle complex, large-scale setups.

Who owns the IP and how is it licensed?

The project was coordinated by Tecnalia Research & Innovation in Spain, with 10 partners across 7 countries contributing to 34 deliverables. IP ownership and licensing terms are not publicly specified. Interested companies should contact Tecnalia directly for licensing discussions.

Does this meet current EU data protection regulations?

The project was completed in 2017, before some current regulations were fully enforced. However, the security-by-design approach and SLA composition tools for defining security constraints were built with compliance in mind. Any deployment today would need validation against current GDPR and NIS2 requirements.

How long would integration take for an existing cloud setup?

The project delivered a complete IDE with plugins, deployment tools, and a SaaS monitoring platform, all with user manuals. Based on available project data, the non-intrusive approach to embedding security suggests it was designed to work alongside existing application code rather than requiring a full rewrite.

Is this still maintained and supported?

The project ended in December 2017. Based on available project data, there is no information about ongoing maintenance or commercial support. The coordinator Tecnalia is a major research organization that may have continued development independently.

What concrete tools were actually delivered?

The project delivered 34 total deliverables including 7 demonstrated tools: a security-aware IDE, security-by-design methods, cloud resource discovery and composition tools, secure deployment mechanisms, and a Security Assurance Platform delivered as SaaS with user manuals for each.

Consortium

Who built it

The MUSA consortium brings together 10 partners from 7 European countries (Germany, Spain, Finland, France, Italy, Poland, UK), coordinated by Tecnalia — one of Spain's largest applied research organizations. With 3 industry partners and 2 SMEs (30% industry ratio), the consortium has a healthy mix of research capability and commercial perspective. The presence of partners across major European markets suggests the tools were designed for cross-border cloud scenarios, which is exactly the reality most European businesses face. The 4 "other" category partners likely include public bodies or associations that provided real-world use cases for testing.

FUNDACION TECNALIA RESEARCH & INNOVATIONCoordinator · ES
LUFTHANSA SYSTEMS GMBH & CO KGparticipant · DE
CENTRO REGIONALE INFORMATION E COMMUNICATION TECHNOLOGY SCARLparticipant · IT
AIMES GRID SERVICES COMMUNITY INTEREST COMPANYparticipant · UK
MONTIMAGE EURLparticipant · FR
CA TECHNOLOGY R&D LIMITEDthirdparty · UK
TAMPEREEN KORKEAKOULUSAATIO SRparticipant · FI
CA TECHNOLOGIES DEVELOPMENT SPAIN SAparticipant · ES

How to reach the team

Tecnalia Research & Innovation (Spain) — use SciTransfer's coordinator lookup to find the project lead's direct contact

Order a report on this consortium See FUNDACION TECNALIA RESEARCH & INNOVATION profile →

Next steps

Talk to the team behind this work.

Want to know if MUSA's multi-cloud security tools fit your infrastructure? SciTransfer can arrange a direct conversation with the Tecnalia team and provide a tailored briefing for your technical requirements.

Order a report on this topic More in Digital & ICT