In recent years, the use of cloud services and applications has increased significantly in companies of all sizes. The associated increase in data protection and security regulations poses major challenges for cloud service providers, users and auditing authorities alike when developing, integrating and auditing new services. As a result, and due to the advance of AI-supported systems, there is a need to make the certification process more flexible with regard to cybersecurity, e.g. through continuous monitoring and evaluation. However, with the proofs of concept provided so far, especially from the already completed EU project MEDINA, there is a need for action in connection with the interoperability of the various technologies used.
More security and efficiency for all parties involved thanks to agile certification process
The European Union's Horizon Europe research project EMERALD (Evidence Management for Continuous Certification as a Service in the Cloud) focuses on the development of concepts and technologies to improve the security and efficiency of cloud-based services in the form of a digitally supported certification process. The main goal of EMERALD is to pave the way to “Certification as a Service” (CaaS) for continuous cloud certification according to different catalogs of requirements.
EMERALD intends to support all parties involved in the audit – cloud service providers, large companies and SMEs as well as auditing bodies – in setting up, managing and monitoring security certification and to enable effective, resource-saving recertification. This helps to sustainably increase acceptance of and trust in cloud services.
Continuous “Certification as a Service” in cloud environments
EMERALD will focus on user interaction to enable a standardized approach to conducting audits and thus allow reusability of created audit processes. In addition, EMERALD will provide cybersecurity and standardization authorities with novel strategies and methods for the creation of cybersecurity requirements and interoperable metrics for a largely uniform “Certification as a Service” of cloud services.
Fabasoft goes „EMERALD“
As one of the leading software product companies and cloud service providers in Europe, Fabasoft is part of the EMERALD consortium led by Tecnalia (Spain), which consists of eleven academic and industrial partners[1]. With its extensive expertise in secure, AI-supported process management and optimization as well as its many years of experience in implementing research results in innovative products and services, Fabasoft has established itself as an important project partner.
The diverse expertise of the consortium members in the areas of cybersecurity certification, cloud computing, AI, UX/UI design and audit procedures provides optimal conditions for achieving the EMERALD objectives, with a focus on practical applicability and early adoption of the results.
[1] Tecnalia, Fraunhofer, Fabasoft, Consiglio Nazionale delle Ricerche, Software Competence Center Hagenberg, Know Center, CaixaBank, IONOS, CloudFerro, OpenNebula und Nixu.