MEDINA | Security framework to achieve a continuous audit-based certificationn in compliance with the EU-wide cloud security certification scheme

Summary
Despite the evident benefits of cloud computing, its adoption is still limited partially because of EU customers’ perceived lack of security and transparency in this technology. Cloud service providers (CSPs) usually rely on security certifications as a mean to improve transparency and trustworthiness, however European CSPs still face multiple challenges for certifying their services (e.g., fragmentation in the certification market, and lack of mutual recognition). In this context, the new EU Cybersecurity Act (EU CSA) proposes improving customer's trust in the European ICT market through a European certification scheme.
The proposed EU CSA’s cloud security certification scheme conveys new technological challenges due to its notion of “levels of assurance” (e.g., high-assurance through continuous certification for the whole supply chain), which need to be solved in order to bring all of EU CAS’s expected benefits to EU cloud providers and customers.
In this context, MEDINA proposes a framework for achieving a continuous audit-based certification for CSPs based on EU CSA’s scheme for cloud security certification. MEDINA will tackle challenges in areas like security validation/testing, machine-readable certification language, cloud security performance, and audit evidence management. The MEDINA consortium is composed of academic and industrial partners, which play key roles in the EU cloud security certification ecosystem (e.g., research, cloud providers/customers, and auditors). MEDINA will provide and empirically validate sustainable outcomes in order to benefit EU adopters.
Unfold all
/
Fold all
More information & hyperlinks
Web resources: https://cordis.europa.eu/project/id/952633
Start date: 01-11-2020
End date: 31-10-2023
Total budget - Public funding: 4 480 308,00 Euro - 4 480 308,00 Euro
Cordis data

Original description

Despite the evident benefits of cloud computing, its adoption is still limited partially because of EU customers’ perceived lack of security and transparency in this technology. Cloud service providers (CSPs) usually rely on security certifications as a mean to improve transparency and trustworthiness, however European CSPs still face multiple challenges for certifying their services (e.g., fragmentation in the certification market, and lack of mutual recognition). In this context, the new EU Cybersecurity Act (EU CSA) proposes improving customer's trust in the European ICT market through a European certification scheme.
The proposed EU CSA’s cloud security certification scheme conveys new technological challenges due to its notion of “levels of assurance” (e.g., high-assurance through continuous certification for the whole supply chain), which need to be solved in order to bring all of EU CAS’s expected benefits to EU cloud providers and customers.
In this context, MEDINA proposes a framework for achieving a continuous audit-based certification for CSPs based on EU CSA’s scheme for cloud security certification. MEDINA will tackle challenges in areas like security validation/testing, machine-readable certification language, cloud security performance, and audit evidence management. The MEDINA consortium is composed of academic and industrial partners, which play key roles in the EU cloud security certification ecosystem (e.g., research, cloud providers/customers, and auditors). MEDINA will provide and empirically validate sustainable outcomes in order to benefit EU adopters.

Status

CLOSED

Call topic

SU-ICT-02-2020

Update Date

27-10-2022
Images
No images available.
Geographical location(s)
Structured mapping
Unfold all
/
Fold all
Horizon 2020
H2020-EU.2. INDUSTRIAL LEADERSHIP
H2020-EU.2.1. INDUSTRIAL LEADERSHIP - Leadership in enabling and industrial technologies
H2020-EU.2.1.1. INDUSTRIAL LEADERSHIP - Leadership in enabling and industrial technologies - Information and Communication Technologies (ICT)
H2020-EU.2.1.1.0. INDUSTRIAL LEADERSHIP - ICT - Cross-cutting calls
H2020-SU-ICT-2019
SU-ICT-02-2020 Building blocks for resilience in evolving ICT systems