In recent years the ICT market has evolved toward a cloud-based approach. This shift together with the rapidly changing legal and regulatory landscape has heavily impacted security assurance, governance and compliance. The growth of cloud services poses challenges to both cloud users and cloud service providers (CSPs). Potential customers are prevented from adopting cloud services due to concerns about transparency, security and privacy, as well as confusion over the plethora of certification schemes. The innovative European Security Certification Framework (EU-SEC) tackles this by providing a set of tools based on a tailored architecture, currently unavailable on the market, to improve the efficiency and effectiveness of current assurance schemes targeting security, governance, risk management and compliance in the Cloud. It provides and evaluates:
a multiparty recognition approach between existing cloud security certification schemes,
a continuous auditing-based certification scheme, and
a privacy code of conduct to address obligations of GDPR.
EU-SEC will help cloud customers to make informed decisions about their choice of CSP. Continuous auditing delivers an enhancement to traditional certification by using technology to monitor and flag noncompliant activity on an ongoing basis. It therefore provides a higher level of transparency, assurance and security for end users than traditional certification. Knowing that a CSP adheres to the EU-SEC Privacy Code of Conduct is a sure way for the end user to know that a CSP is correctly processing personal data. Finally, the multiparty recognition approach leverages new auditing services allowing more efficient cloud security certifications, especially for SMEs and public administrations.
Cybersecurity and privacy in particular form the basis for social security and economic success. With its clear mission and groundbreaking results, EU-SEC, has shown that ambitious targeted research can be translated into innovations that drive industrial application as well as European-wide policy making. As such, EU-SEC stands as a blueprint for further certification solutions that comply with the European Cyber Security Act and target Horizon Europe relevant application areas like IoT, mobility, etc. In addition, facilitating the uptake of cloud computing underpins the European Commission’s cloud-first strategy and paves the way for further investment in that field.
Join the EU-SEC events and be informed with the latest breakthrough in certification and continuous auditing needed to improve the level of assurance, transparency & trust in cloud services.