European Commission logo
English English
CORDIS - EU research results
CORDIS

Security framework to achieve a continuous audit-based certificationn in compliance with the EU-wide cloud security certification scheme

Project description

Making cloud services more attractive

Cloud computing is an essential element of innovative economies. The European Commission’s recent Data Strategy aims to make it possible for European businesses to access more secure, sustainable, interoperable, environmentally friendly and scalable cloud infrastructures and services. Despite trust-building efforts, the adoption of cloud computing is limited. A perceived lack of security and transparency is the reason for the slow uptake. The EU-funded MEDINA project will work to counter this trend. It will propose a framework for achieving a continuous audit-based certification for cloud service providers, complying with the EU Cybersecurity Act. The project will also address the definition and assessment of technical and organisational measures, security testing, machine-readable certification language and audit evidence management.

Objective

Despite the evident benefits of cloud computing, its adoption is still limited partially because of EU customers’ perceived lack of security and transparency in this technology. Cloud service providers (CSPs) usually rely on security certifications as a mean to improve transparency and trustworthiness, however European CSPs still face multiple challenges for certifying their services (e.g. fragmentation in the certification market, and lack of mutual recognition). In this context, the new EU Cybersecurity Act (EU CSA) proposes improving customer's trust in the European ICT market through a European certification scheme.
The proposed EU CSA’s cloud security certification scheme conveys new technological challenges due to its notion of “levels of assurance” (e.g. high-assurance through continuous certification for the whole supply chain), which need to be solved in order to bring all of EU CAS’s expected benefits to EU cloud providers and customers.
In this context, MEDINA proposes a framework for achieving a continuous audit-based certification for CSPs based on EU CSA’s scheme for cloud security certification. MEDINA will tackle challenges in areas like security validation/testing, machine-readable certification language, cloud security performance, and audit evidence management. The MEDINA consortium is composed of academic and industrial partners, which play key roles in the EU cloud security certification ecosystem (e.g. research, cloud providers/customers, and auditors). MEDINA will provide and empirically validate sustainable outcomes in order to benefit EU adopters.

Call for proposal

H2020-SU-ICT-2018-2020

See other projects for this call

Sub call

H2020-SU-ICT-2019

Coordinator

FUNDACION TECNALIA RESEARCH & INNOVATION
Net EU contribution
€ 814 875,00
Address
PARQUE CIENTIFICO Y TECNOLOGICO DE GIPUZKOA, PASEO MIKELETEGI 2
20009 DONOSTIA-SAN SEBASTIAN (GIPUZKOA)
Spain

See on map

Region
Noreste País Vasco Gipuzkoa
Activity type
Research Organisations
Links
Total cost
€ 814 875,00

Participants (12)