Skip to main content

Fabasoft "goes MEDINA“: On track to real-time certification for cloud services

Fabasoft

Created on 20. January 2021

Medina

November 2020 marked the launch of MEDINA, an EU Horizon 2020 research and innovation project. "Cloud computing is an essential element of innovative economies. […] Despite trust-building efforts, the adoption of cloud computing is limited. A perceived lack of security and transparency is the reason for the slow uptake. The EU-funded MEDINA project will work to counter this trend. […].“ Those words are taken from the description of the project, which will run through the end of October 2023.

 

Fabasoft is part of the MEDINA consortium

Accepting this mandate and renewing its commitment to improving European data and information security is something Fabasoft regards as part of its corporate responsibility. And as one of Europe’s leading software manufacturers and cloud service providers, Fabasoft has the expertise required to achieve these objectives. As part of the European Security Certification Framework (EU-SEC) project, Fabasoft has already been instrumental in creating a European framework for certifying cloud services. The proof of concept for Continuous Audit Based Certification (CABC) – which provides the basis for a real-time certification process for cloud services – represents a particularly significant development and lays the foundation for the MEDINA project.

 

In this current EU project, Fabasoft collaborates with high-profile partners from research and industry[1] to develop a framework that will enhance the efficiency and the effectiveness of existing certification systems for cloud security. The focus of the project lies primarily on automation, control, and the interplay of methods of measurement and reusable components with a view to achieving continuous auditing and monitoring.

 

Maximum cloud security with MEDINA

The overall environment surrounding data protection and IT security is undergoing constant change. That poses major challenges for cloud providers and users alike. Evaluating the security and transparency of available services has become progressively more difficult, a fact that frequently results in a loss of confidence on the part of users. Consequently, continuous certification of cloud services is the order of the day and the objective of the MEDINA project. Having complete and continuous confirmation of data and information security significantly improves both the trustworthiness and the transparency of cloud services. Björn Fanta outlines the specifics regarding how to approach real-time certification and what it means for cloud computing in his blog post.

 

In the context of the MEDINA project, Fabasoft is contributing its experience in the field of cybersecurity certification and is involved in developing AI components that will automate the analysis of evidence for certification. Based on two specially defined use cases, Fabasoft is also working together with Bosch to assess the resulting framework in terms of its suitability in the business world.

 

MEDINA and the future of cloud computing

MEDINA is generating a great deal of interest in Europe, particularly from the EU’s cybersecurity agency ENISA (European Union Agency for Cybersecurity) and the GAIA-X project partners. The project findings are also relevant for future EU projects such as the Cloud Security Certification Scheme included in the Cloud Security Act (CSA), and are intended to be incorporated into these projects.

 

“We are committed to leveraging the expertise we have acquired over decades of experience and putting it to good use in key EU projects like MEDINA. Together with our project partners, we will sustainably boost user confidence in cloud computing and reach another milestone in improving cybersecurity,” states Björn Fanta, Head of Research Alliances at Fabasoft.

 

 

[1] Tecnalia Research & Innovation/Spain (coordinator); Robert Bosch GmbH/Germany; Consiglio Nazionale delle Ricerche (CNR)/Italy; Fabasoft R&D GmbH/Austria; Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e. V./Germany; Hewlett-Packard Italiana S.r.L./Italy; Nixu Cybersecurity/Finland, and Xlab Razvoj Programske Opreme in Svetovanje D.O.O./Slovenia.