SlideShare una empresa de Scribd logo

Medina general presentation

Descargar como PPTX, PDF
MEDINA
MEDINA

General description of the MEDINA project (GA 952633), funded by the European Commission under H2020 programme

Tecnología
1 de 12
This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 952633 MEDINA: Security framework to achieve a continuous audit-based certification in compliance with the EU-wide cloud security certification scheme Leire Orue-Echevarria, PhD, PMP (TECNALIA)
MEDINA At a Glance 1st November 2020 – 30th October 2023 EU Budget 4,480,308.75€ 24/03/2021 MEDINA General Presentation
Context Low adoption of cloud services in Europe Why? According to Eurostat (2018) 24/03/2021 MEDINA General Presentation Risk of a security breach Legal jurisdiction Data storage localization Insufficient skills Lack of interoperability
Context Can certification be a solution? There are many certification schemes… 24/03/2021 MEDINA General Presentation Compliance with Member States’ initiatives by the Top 50 CSPs (XaaS) – Source: SMART 2016/0029. Data from 2018 Accredited certifications by the Top 50 CSPs (XaaS) – Source: SMART 2016/0029. Data from 2018
Context And with different coverage in the controls, as well as Different assessment methods 24/03/2021 MEDINA General Presentation % in each scheme (source: SMART 2016/0029)
Context Several regulations and initiatives have been launched by the European Commission to promote the adoption of cloud computing and avoid fragmentation in certification approaches 24/03/2021 MEDINA General Presentation 2012 European Cloud Strategy Sept. 2017 Data economy package (09.2017) FFD & Cybersecurity package (09.2017) Dec. 2017 Creation of two WGs (SWIPO and CSPCERT) June 2018 22.06.2018 Political agreement on FFD between Council and Parliament Oct. 2018 Trialogues on the Cybersecurity Act March 2019 12.03.2019 Cybersecurity Act is adopted June 2019 Cybersecurity Act is published CSPCERT delivers the recommendations to ENISA and EC Nov. 2019 European Commission sends letter to ENISA to start working on the scheme for cloud services March 2020 ENISA AHWG for cloud services is launched Beginning 2021 EU CSCS will be published and enter into force ECCG and SCCG dialogues Feb. 2019 EU Data strategy is published
MEDINA Project Objective 24/03/2021 MEDINA General Presentation Provide a holistic framework that enhances cloud customers’ control and trust in consumed cloud services, by supporting CSPs (IaaS, PaaS and SaaS providers) towards the successful achievement of a continuous certification aligned to the EU Cybersecurity Act (EU CSA). […] The proposed framework will be comprised of tools, techniques, and processes supporting the continuous auditing and certification of cloud services where security and accountability are measurable by design. As the MEDINA framework is leveraged into a cloud supply chain, it will support continuously assessing the efficiency and efficacy of security measures to ultimately achieve and maintain a certification.
Overview 24/03/2021 MEDINA General Presentation
MEDINA Approach 24/03/2021 MEDINA General Presentation
Benefits Guidance on the implementation of the controls, measures to be applied and evidences to be collected, reducing the time Support for an automatic compliance of the controls of existing certification schemes, reducing the effort, cost and risk of achieving and maintaining a certification Ease the effort in the collection and evaluation of evidences Ensure the Audit Trail of the evidences, and that no one has tampered with them 24/03/2021 MEDINA General Presentation
Target users CSPs: IaaS, SaaS, PaaS, XaaS Auditors CABs 24/03/2021 MEDINA General Presentation
Thank you! www.medina-project.eu // Leire.orue-echevarria@tecnalia.com

Recomendados

Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCS
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCSDay2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCS
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCSMaitena Ilardia
 
First Impressions on Experimenting with Automated Monitoring Requirements of ...
First Impressions on Experimenting with Automated Monitoring Requirements of ...First Impressions on Experimenting with Automated Monitoring Requirements of ...
First Impressions on Experimenting with Automated Monitoring Requirements of ...MEDINA
 
SerIot Hypothesis Testing Module
SerIot Hypothesis Testing ModuleSerIot Hypothesis Testing Module
SerIot Hypothesis Testing ModuleSerIoT project
 
SerIoT: Penetration testing
SerIoT: Penetration testing SerIoT: Penetration testing
SerIoT: Penetration testing SerIoT project
 
Multi Agent Anomaly detection Module
Multi Agent Anomaly detection Module Multi Agent Anomaly detection Module
Multi Agent Anomaly detection Module SerIoT project
 
Tech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharingTech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharingJisc
 
SerIoT: Formal Verification
SerIoT: Formal VerificationSerIoT: Formal Verification
SerIoT: Formal VerificationSerIoT project
 
Cognitive Packet Network with Software Defined Networks using the Random Neur...
Cognitive Packet Network with Software Defined Networks using the Random Neur...Cognitive Packet Network with Software Defined Networks using the Random Neur...
Cognitive Packet Network with Software Defined Networks using the Random Neur...SerIoT project
 

Recomendados

Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCS
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCSDay2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCS
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCSMaitena Ilardia
 
First Impressions on Experimenting with Automated Monitoring Requirements of ...
First Impressions on Experimenting with Automated Monitoring Requirements of ...First Impressions on Experimenting with Automated Monitoring Requirements of ...
First Impressions on Experimenting with Automated Monitoring Requirements of ...MEDINA
 
SerIot Hypothesis Testing Module
SerIot Hypothesis Testing ModuleSerIot Hypothesis Testing Module
SerIot Hypothesis Testing ModuleSerIoT project
 
SerIoT: Penetration testing
SerIoT: Penetration testing SerIoT: Penetration testing
SerIoT: Penetration testing SerIoT project
 
Multi Agent Anomaly detection Module
Multi Agent Anomaly detection Module Multi Agent Anomaly detection Module
Multi Agent Anomaly detection Module SerIoT project
 
Tech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharingTech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharingJisc
 
SerIoT: Formal Verification
SerIoT: Formal VerificationSerIoT: Formal Verification
SerIoT: Formal VerificationSerIoT project
 
Cognitive Packet Network with Software Defined Networks using the Random Neur...
Cognitive Packet Network with Software Defined Networks using the Random Neur...Cognitive Packet Network with Software Defined Networks using the Random Neur...
Cognitive Packet Network with Software Defined Networks using the Random Neur...SerIoT project
 
CTO-CybersecurityForum-2010-Des Ward
CTO-CybersecurityForum-2010-Des WardCTO-CybersecurityForum-2010-Des Ward
CTO-CybersecurityForum-2010-Des Wardsegughana
 
CTO-CyberSecurityForum-2010-Anthony dyhouse
CTO-CyberSecurityForum-2010-Anthony dyhouseCTO-CyberSecurityForum-2010-Anthony dyhouse
CTO-CyberSecurityForum-2010-Anthony dyhousesegughana
 
ARIES Project Presentation
ARIES Project PresentationARIES Project Presentation
ARIES Project PresentationNicolás Notario
 
5G Info Day
5G Info Day5G Info Day
5G Info DayThe Knowledge Transfer Network Creative, Digital & Design
 
2019 04-08 hopu-aj
2019 04-08 hopu-aj2019 04-08 hopu-aj
2019 04-08 hopu-ajOpen & Agile Smart Cities
 
13th International Conference on Network Security & Applications (CNSA 2020)
13th International Conference on Network Security & Applications (CNSA 2020)13th International Conference on Network Security & Applications (CNSA 2020)
13th International Conference on Network Security & Applications (CNSA 2020)IJNSA Journal
 
SerIoT Traffic Generator and Detector of malicious traffic patterns
SerIoT Traffic Generator and Detector of malicious traffic patternsSerIoT Traffic Generator and Detector of malicious traffic patterns
SerIoT Traffic Generator and Detector of malicious traffic patternsHITSerIoTProject
 
13th International Conference on Network Security & Applications (CNSA 2020)
13th International Conference on Network Security & Applications (CNSA 2020)13th International Conference on Network Security & Applications (CNSA 2020)
13th International Conference on Network Security & Applications (CNSA 2020)pijans
 
Call for papers - 13th International Conference on Network Security & Appli...
Call for papers - 13th International Conference on Network Security & Appli...Call for papers - 13th International Conference on Network Security & Appli...
Call for papers - 13th International Conference on Network Security & Appli...IJNSA Journal
 
20190523 archiver fim
20190523 archiver fim20190523 archiver fim
20190523 archiver fimArchiver
 
Communication and collaboration solutions from Safeguard IT Ltd
Communication and collaboration solutions from Safeguard IT LtdCommunication and collaboration solutions from Safeguard IT Ltd
Communication and collaboration solutions from Safeguard IT LtdRussell Pearson
 
InteGrid SRA & Replication Roadmap (02/06/2020)
InteGrid SRA & Replication Roadmap (02/06/2020)InteGrid SRA & Replication Roadmap (02/06/2020)
InteGrid SRA & Replication Roadmap (02/06/2020)Sergio Potenciano Menci
 
A Proposal to Apply a Risk Assessment Methodology for IoT Systems to a Smart ...
A Proposal to Apply a Risk Assessment Methodology for IoT Systems to a Smart ...A Proposal to Apply a Risk Assessment Methodology for IoT Systems to a Smart ...
A Proposal to Apply a Risk Assessment Methodology for IoT Systems to a Smart ...ATMOSPHERE .
 
Call for Papers - 8th International Conference of Security, Privacy and Trust...
Call for Papers - 8th International Conference of Security, Privacy and Trust...Call for Papers - 8th International Conference of Security, Privacy and Trust...
Call for Papers - 8th International Conference of Security, Privacy and Trust...IJNSA Journal
 
Geant cloud peering-v2
Geant cloud peering-v2Geant cloud peering-v2
Geant cloud peering-v2Archiver
 
EOSC-hub & RCauth.eu presentation
EOSC-hub & RCauth.eu presentationEOSC-hub & RCauth.eu presentation
EOSC-hub & RCauth.eu presentationEOSC-hub project
 
CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through ...
CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through ...CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through ...
CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through ...The Research Council of Norway, IKTPLUSS
 
Key Outputs of the E-CRIME project
Key Outputs of the E-CRIME projectKey Outputs of the E-CRIME project
Key Outputs of the E-CRIME projectTrilateral Research
 
Medina general presentation
Medina general presentationMedina general presentation
Medina general presentationMEDINA
 
Medina general presentation
Medina general presentationMedina general presentation
Medina general presentationMEDINA
 
MEDINA General Presentation
MEDINA General PresentationMEDINA General Presentation
MEDINA General PresentationMEDINA
 
MEDINA Brochure 2022.pdf
MEDINA Brochure 2022.pdfMEDINA Brochure 2022.pdf
MEDINA Brochure 2022.pdfMEDINA
 

Más contenido relacionado

La actualidad más candente

CTO-CybersecurityForum-2010-Des Ward
CTO-CybersecurityForum-2010-Des WardCTO-CybersecurityForum-2010-Des Ward
CTO-CybersecurityForum-2010-Des Wardsegughana
 
CTO-CyberSecurityForum-2010-Anthony dyhouse
CTO-CyberSecurityForum-2010-Anthony dyhouseCTO-CyberSecurityForum-2010-Anthony dyhouse
CTO-CyberSecurityForum-2010-Anthony dyhousesegughana
 
ARIES Project Presentation
ARIES Project PresentationARIES Project Presentation
ARIES Project PresentationNicolás Notario
 
13th International Conference on Network Security & Applications (CNSA 2020)
13th International Conference on Network Security & Applications (CNSA 2020)13th International Conference on Network Security & Applications (CNSA 2020)
13th International Conference on Network Security & Applications (CNSA 2020)IJNSA Journal
 
SerIoT Traffic Generator and Detector of malicious traffic patterns
SerIoT Traffic Generator and Detector of malicious traffic patternsSerIoT Traffic Generator and Detector of malicious traffic patterns
SerIoT Traffic Generator and Detector of malicious traffic patternsHITSerIoTProject
 
13th International Conference on Network Security & Applications (CNSA 2020)
13th International Conference on Network Security & Applications (CNSA 2020)13th International Conference on Network Security & Applications (CNSA 2020)
13th International Conference on Network Security & Applications (CNSA 2020)pijans
 
Call for papers - 13th International Conference on Network Security & Appli...
Call for papers - 13th International Conference on Network Security & Appli...Call for papers - 13th International Conference on Network Security & Appli...
Call for papers - 13th International Conference on Network Security & Appli...IJNSA Journal
 
20190523 archiver fim
20190523 archiver fim20190523 archiver fim
20190523 archiver fimArchiver
 
Communication and collaboration solutions from Safeguard IT Ltd
Communication and collaboration solutions from Safeguard IT LtdCommunication and collaboration solutions from Safeguard IT Ltd
Communication and collaboration solutions from Safeguard IT LtdRussell Pearson
 
InteGrid SRA & Replication Roadmap (02/06/2020)
InteGrid SRA & Replication Roadmap (02/06/2020)InteGrid SRA & Replication Roadmap (02/06/2020)
InteGrid SRA & Replication Roadmap (02/06/2020)Sergio Potenciano Menci
 
A Proposal to Apply a Risk Assessment Methodology for IoT Systems to a Smart ...
A Proposal to Apply a Risk Assessment Methodology for IoT Systems to a Smart ...A Proposal to Apply a Risk Assessment Methodology for IoT Systems to a Smart ...
A Proposal to Apply a Risk Assessment Methodology for IoT Systems to a Smart ...ATMOSPHERE .
 
Call for Papers - 8th International Conference of Security, Privacy and Trust...
Call for Papers - 8th International Conference of Security, Privacy and Trust...Call for Papers - 8th International Conference of Security, Privacy and Trust...
Call for Papers - 8th International Conference of Security, Privacy and Trust...IJNSA Journal
 
Geant cloud peering-v2
Geant cloud peering-v2Geant cloud peering-v2
Geant cloud peering-v2Archiver
 
EOSC-hub & RCauth.eu presentation
EOSC-hub & RCauth.eu presentationEOSC-hub & RCauth.eu presentation
EOSC-hub & RCauth.eu presentationEOSC-hub project
 
CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through ...
CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through ...CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through ...
CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through ...The Research Council of Norway, IKTPLUSS
 
Key Outputs of the E-CRIME project
Key Outputs of the E-CRIME projectKey Outputs of the E-CRIME project
Key Outputs of the E-CRIME projectTrilateral Research
 

La actualidad más candente (18)

CTO-CybersecurityForum-2010-Des Ward
CTO-CybersecurityForum-2010-Des WardCTO-CybersecurityForum-2010-Des Ward
CTO-CybersecurityForum-2010-Des Ward
 
CTO-CyberSecurityForum-2010-Anthony dyhouse
CTO-CyberSecurityForum-2010-Anthony dyhouseCTO-CyberSecurityForum-2010-Anthony dyhouse
CTO-CyberSecurityForum-2010-Anthony dyhouse
 
ARIES Project Presentation
ARIES Project PresentationARIES Project Presentation
ARIES Project Presentation
 
5G Info Day
5G Info Day5G Info Day
5G Info Day
 
2019 04-08 hopu-aj
2019 04-08 hopu-aj2019 04-08 hopu-aj
2019 04-08 hopu-aj
 
13th International Conference on Network Security & Applications (CNSA 2020)
13th International Conference on Network Security & Applications (CNSA 2020)13th International Conference on Network Security & Applications (CNSA 2020)
13th International Conference on Network Security & Applications (CNSA 2020)
 
SerIoT Traffic Generator and Detector of malicious traffic patterns
SerIoT Traffic Generator and Detector of malicious traffic patternsSerIoT Traffic Generator and Detector of malicious traffic patterns
SerIoT Traffic Generator and Detector of malicious traffic patterns
 
13th International Conference on Network Security & Applications (CNSA 2020)
13th International Conference on Network Security & Applications (CNSA 2020)13th International Conference on Network Security & Applications (CNSA 2020)
13th International Conference on Network Security & Applications (CNSA 2020)
 
Call for papers - 13th International Conference on Network Security & Appli...
Call for papers - 13th International Conference on Network Security & Appli...Call for papers - 13th International Conference on Network Security & Appli...
Call for papers - 13th International Conference on Network Security & Appli...
 
20190523 archiver fim
20190523 archiver fim20190523 archiver fim
20190523 archiver fim
 
Communication and collaboration solutions from Safeguard IT Ltd
Communication and collaboration solutions from Safeguard IT LtdCommunication and collaboration solutions from Safeguard IT Ltd
Communication and collaboration solutions from Safeguard IT Ltd
 
InteGrid SRA & Replication Roadmap (02/06/2020)
InteGrid SRA & Replication Roadmap (02/06/2020)InteGrid SRA & Replication Roadmap (02/06/2020)
InteGrid SRA & Replication Roadmap (02/06/2020)
 
A Proposal to Apply a Risk Assessment Methodology for IoT Systems to a Smart ...
A Proposal to Apply a Risk Assessment Methodology for IoT Systems to a Smart ...A Proposal to Apply a Risk Assessment Methodology for IoT Systems to a Smart ...
A Proposal to Apply a Risk Assessment Methodology for IoT Systems to a Smart ...
 
Call for Papers - 8th International Conference of Security, Privacy and Trust...
Call for Papers - 8th International Conference of Security, Privacy and Trust...Call for Papers - 8th International Conference of Security, Privacy and Trust...
Call for Papers - 8th International Conference of Security, Privacy and Trust...
 
Geant cloud peering-v2
Geant cloud peering-v2Geant cloud peering-v2
Geant cloud peering-v2
 
EOSC-hub & RCauth.eu presentation
EOSC-hub & RCauth.eu presentationEOSC-hub & RCauth.eu presentation
EOSC-hub & RCauth.eu presentation
 
CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through ...
CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through ...CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through ...
CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through ...
 
Key Outputs of the E-CRIME project
Key Outputs of the E-CRIME projectKey Outputs of the E-CRIME project
Key Outputs of the E-CRIME project
 

Similar a Medina general presentation

Medina general presentation
Medina general presentationMedina general presentation
Medina general presentationMEDINA
 
Medina general presentation
Medina general presentationMedina general presentation
Medina general presentationMEDINA
 
MEDINA General Presentation
MEDINA General PresentationMEDINA General Presentation
MEDINA General PresentationMEDINA
 
MEDINA Brochure 2022.pdf
MEDINA Brochure 2022.pdfMEDINA Brochure 2022.pdf
MEDINA Brochure 2022.pdfMEDINA
 
Towards Continuous Security Compliance in the Cloud Continuum -MEDINA Project...
Towards Continuous Security Compliance in the Cloud Continuum -MEDINA Project...Towards Continuous Security Compliance in the Cloud Continuum -MEDINA Project...
Towards Continuous Security Compliance in the Cloud Continuum -MEDINA Project...MEDINA
 
Automation-based Certification for Cloud Services in Euro
Automation-based Certification for Cloud Services in EuroAutomation-based Certification for Cloud Services in Euro
Automation-based Certification for Cloud Services in EuroMEDINA
 
Paving the road towards continuous auditbased certification for cloud service...
Paving the road towards continuous auditbased certification for cloud service...Paving the road towards continuous auditbased certification for cloud service...
Paving the road towards continuous auditbased certification for cloud service...MEDINA
 
MEDINA brochure 2023
MEDINA brochure 2023MEDINA brochure 2023
MEDINA brochure 2023MEDINA
 
MEDINA: Standardization to enable continuous cloud cybersecurity certification
MEDINA: Standardization to enable continuous cloud cybersecurity certificationMEDINA: Standardization to enable continuous cloud cybersecurity certification
MEDINA: Standardization to enable continuous cloud cybersecurity certificationMEDINA
 
MEDINA project brochure 2021
MEDINA project brochure 2021MEDINA project brochure 2021
MEDINA project brochure 2021MEDINA
 
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCS
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCSDay2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCS
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCSMEDINA
 
TAS-S Seminar “From Continuous Monitoring to Continuous Cloud Cybersecurity C...
TAS-S Seminar “From Continuous Monitoring to Continuous Cloud Cybersecurity C...TAS-S Seminar “From Continuous Monitoring to Continuous Cloud Cybersecurity C...
TAS-S Seminar “From Continuous Monitoring to Continuous Cloud Cybersecurity C...MEDINA
 
Whitepaper MEDINA Metric Recommender NLP
Whitepaper MEDINA Metric Recommender NLPWhitepaper MEDINA Metric Recommender NLP
Whitepaper MEDINA Metric Recommender NLPMEDINA
 
MEDINA ESG (Expert Stakeholder Group) presentation
MEDINA ESG (Expert Stakeholder Group) presentationMEDINA ESG (Expert Stakeholder Group) presentation
MEDINA ESG (Expert Stakeholder Group) presentationMEDINA
 
ECIL: EU Cybersecurity Package and EU Certification Framework
ECIL: EU Cybersecurity Package and EU Certification FrameworkECIL: EU Cybersecurity Package and EU Certification Framework
ECIL: EU Cybersecurity Package and EU Certification FrameworkDeutsche Telekom AG
 
SerIoT Fog Substrate and SDN Security
SerIoT Fog Substrate and SDN SecuritySerIoT Fog Substrate and SDN Security
SerIoT Fog Substrate and SDN SecuritySerIoT project
 
ATMOSPHERE - Concertation Meeting EUBrasilCloudFORUM
ATMOSPHERE - Concertation Meeting EUBrasilCloudFORUMATMOSPHERE - Concertation Meeting EUBrasilCloudFORUM
ATMOSPHERE - Concertation Meeting EUBrasilCloudFORUMEUBrasilCloudFORUM .
 
ATMOSPHERE - Concertation Meeting EUBrasilCloudFORUM
ATMOSPHERE - Concertation Meeting EUBrasilCloudFORUMATMOSPHERE - Concertation Meeting EUBrasilCloudFORUM
ATMOSPHERE - Concertation Meeting EUBrasilCloudFORUMATMOSPHERE .
 

Similar a Medina general presentation (20)

Medina general presentation
Medina general presentationMedina general presentation
Medina general presentation
 
Medina general presentation
Medina general presentationMedina general presentation
Medina general presentation
 
MEDINA General Presentation
MEDINA General PresentationMEDINA General Presentation
MEDINA General Presentation
 
MEDINA Brochure 2022.pdf
MEDINA Brochure 2022.pdfMEDINA Brochure 2022.pdf
MEDINA Brochure 2022.pdf
 
Towards Continuous Security Compliance in the Cloud Continuum -MEDINA Project...
Towards Continuous Security Compliance in the Cloud Continuum -MEDINA Project...Towards Continuous Security Compliance in the Cloud Continuum -MEDINA Project...
Towards Continuous Security Compliance in the Cloud Continuum -MEDINA Project...
 
Automation-based Certification for Cloud Services in Euro
Automation-based Certification for Cloud Services in EuroAutomation-based Certification for Cloud Services in Euro
Automation-based Certification for Cloud Services in Euro
 
Paving the road towards continuous auditbased certification for cloud service...
Paving the road towards continuous auditbased certification for cloud service...Paving the road towards continuous auditbased certification for cloud service...
Paving the road towards continuous auditbased certification for cloud service...
 
MEDINA brochure 2023
MEDINA brochure 2023MEDINA brochure 2023
MEDINA brochure 2023
 
MEDINA: Standardization to enable continuous cloud cybersecurity certification
MEDINA: Standardization to enable continuous cloud cybersecurity certificationMEDINA: Standardization to enable continuous cloud cybersecurity certification
MEDINA: Standardization to enable continuous cloud cybersecurity certification
 
MEDINA project brochure 2021
MEDINA project brochure 2021MEDINA project brochure 2021
MEDINA project brochure 2021
 
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCS
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCSDay2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCS
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCS
 
TAS-S Seminar “From Continuous Monitoring to Continuous Cloud Cybersecurity C...
TAS-S Seminar “From Continuous Monitoring to Continuous Cloud Cybersecurity C...TAS-S Seminar “From Continuous Monitoring to Continuous Cloud Cybersecurity C...
TAS-S Seminar “From Continuous Monitoring to Continuous Cloud Cybersecurity C...
 
Whitepaper MEDINA Metric Recommender NLP
Whitepaper MEDINA Metric Recommender NLPWhitepaper MEDINA Metric Recommender NLP
Whitepaper MEDINA Metric Recommender NLP
 
MEDINA ESG (Expert Stakeholder Group) presentation
MEDINA ESG (Expert Stakeholder Group) presentationMEDINA ESG (Expert Stakeholder Group) presentation
MEDINA ESG (Expert Stakeholder Group) presentation
 
ECIL: EU Cybersecurity Package and EU Certification Framework
ECIL: EU Cybersecurity Package and EU Certification FrameworkECIL: EU Cybersecurity Package and EU Certification Framework
ECIL: EU Cybersecurity Package and EU Certification Framework
 
SerIoT Fog Substrate and SDN Security
SerIoT Fog Substrate and SDN SecuritySerIoT Fog Substrate and SDN Security
SerIoT Fog Substrate and SDN Security
 
3rd ARCADIA bronchure
3rd ARCADIA bronchure 3rd ARCADIA bronchure
3rd ARCADIA bronchure
 
1rst ARCADIA bronchure
1rst ARCADIA bronchure1rst ARCADIA bronchure
1rst ARCADIA bronchure
 
ATMOSPHERE - Concertation Meeting EUBrasilCloudFORUM
ATMOSPHERE - Concertation Meeting EUBrasilCloudFORUMATMOSPHERE - Concertation Meeting EUBrasilCloudFORUM
ATMOSPHERE - Concertation Meeting EUBrasilCloudFORUM
 
ATMOSPHERE - Concertation Meeting EUBrasilCloudFORUM
ATMOSPHERE - Concertation Meeting EUBrasilCloudFORUMATMOSPHERE - Concertation Meeting EUBrasilCloudFORUM
ATMOSPHERE - Concertation Meeting EUBrasilCloudFORUM
 

Más de MEDINA

Whitepaper MEDINA Continuous Life Cycle Management of Cloud Security Certific...
Whitepaper MEDINA Continuous Life Cycle Management of Cloud Security Certific...Whitepaper MEDINA Continuous Life Cycle Management of Cloud Security Certific...
Whitepaper MEDINA Continuous Life Cycle Management of Cloud Security Certific...MEDINA
 
Whitepaper MEDINA CNL
Whitepaper MEDINA CNLWhitepaper MEDINA CNL
Whitepaper MEDINA CNLMEDINA
 
Whitepaper EUROSCAL MEDINA
Whitepaper EUROSCAL MEDINAWhitepaper EUROSCAL MEDINA
Whitepaper EUROSCAL MEDINAMEDINA
 
Assessing the Trustworthiness of AI Systems
Assessing the Trustworthiness of AI SystemsAssessing the Trustworthiness of AI Systems
Assessing the Trustworthiness of AI SystemsMEDINA
 
MEDINA - towards continuous (automated) certification of cloud services in Eu...
MEDINA - towards continuous (automated) certification of cloud services in Eu...MEDINA - towards continuous (automated) certification of cloud services in Eu...
MEDINA - towards continuous (automated) certification of cloud services in Eu...MEDINA
 
Whitepaper MEDINA Architecture
Whitepaper MEDINA ArchitectureWhitepaper MEDINA Architecture
Whitepaper MEDINA ArchitectureMEDINA
 

Más de MEDINA (6)

Whitepaper MEDINA Continuous Life Cycle Management of Cloud Security Certific...
Whitepaper MEDINA Continuous Life Cycle Management of Cloud Security Certific...Whitepaper MEDINA Continuous Life Cycle Management of Cloud Security Certific...
Whitepaper MEDINA Continuous Life Cycle Management of Cloud Security Certific...
 
Whitepaper MEDINA CNL
Whitepaper MEDINA CNLWhitepaper MEDINA CNL
Whitepaper MEDINA CNL
 
Whitepaper EUROSCAL MEDINA
Whitepaper EUROSCAL MEDINAWhitepaper EUROSCAL MEDINA
Whitepaper EUROSCAL MEDINA
 
Assessing the Trustworthiness of AI Systems
Assessing the Trustworthiness of AI SystemsAssessing the Trustworthiness of AI Systems
Assessing the Trustworthiness of AI Systems
 
MEDINA - towards continuous (automated) certification of cloud services in Eu...
MEDINA - towards continuous (automated) certification of cloud services in Eu...MEDINA - towards continuous (automated) certification of cloud services in Eu...
MEDINA - towards continuous (automated) certification of cloud services in Eu...
 
Whitepaper MEDINA Architecture
Whitepaper MEDINA ArchitectureWhitepaper MEDINA Architecture
Whitepaper MEDINA Architecture
 

Último

My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 

Último (20)

My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 

Medina general presentation

  • 1. This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 952633 MEDINA: Security framework to achieve a continuous audit-based certification in compliance with the EU-wide cloud security certification scheme Leire Orue-Echevarria, PhD, PMP (TECNALIA)
  • 2. MEDINA At a Glance 1st November 2020 – 30th October 2023 EU Budget 4,480,308.75€ 24/03/2021 MEDINA General Presentation
  • 3. Context Low adoption of cloud services in Europe Why? According to Eurostat (2018) 24/03/2021 MEDINA General Presentation Risk of a security breach Legal jurisdiction Data storage localization Insufficient skills Lack of interoperability
  • 4. Context Can certification be a solution? There are many certification schemes… 24/03/2021 MEDINA General Presentation Compliance with Member States’ initiatives by the Top 50 CSPs (XaaS) – Source: SMART 2016/0029. Data from 2018 Accredited certifications by the Top 50 CSPs (XaaS) – Source: SMART 2016/0029. Data from 2018
  • 5. Context And with different coverage in the controls, as well as Different assessment methods 24/03/2021 MEDINA General Presentation % in each scheme (source: SMART 2016/0029)
  • 6. Context Several regulations and initiatives have been launched by the European Commission to promote the adoption of cloud computing and avoid fragmentation in certification approaches 24/03/2021 MEDINA General Presentation 2012 European Cloud Strategy Sept. 2017 Data economy package (09.2017) FFD & Cybersecurity package (09.2017) Dec. 2017 Creation of two WGs (SWIPO and CSPCERT) June 2018 22.06.2018 Political agreement on FFD between Council and Parliament Oct. 2018 Trialogues on the Cybersecurity Act March 2019 12.03.2019 Cybersecurity Act is adopted June 2019 Cybersecurity Act is published CSPCERT delivers the recommendations to ENISA and EC Nov. 2019 European Commission sends letter to ENISA to start working on the scheme for cloud services March 2020 ENISA AHWG for cloud services is launched Beginning 2021 EU CSCS will be published and enter into force ECCG and SCCG dialogues Feb. 2019 EU Data strategy is published
  • 7. MEDINA Project Objective 24/03/2021 MEDINA General Presentation Provide a holistic framework that enhances cloud customers’ control and trust in consumed cloud services, by supporting CSPs (IaaS, PaaS and SaaS providers) towards the successful achievement of a continuous certification aligned to the EU Cybersecurity Act (EU CSA). […] The proposed framework will be comprised of tools, techniques, and processes supporting the continuous auditing and certification of cloud services where security and accountability are measurable by design. As the MEDINA framework is leveraged into a cloud supply chain, it will support continuously assessing the efficiency and efficacy of security measures to ultimately achieve and maintain a certification.
  • 10. Benefits Guidance on the implementation of the controls, measures to be applied and evidences to be collected, reducing the time Support for an automatic compliance of the controls of existing certification schemes, reducing the effort, cost and risk of achieving and maintaining a certification Ease the effort in the collection and evaluation of evidences Ensure the Audit Trail of the evidences, and that no one has tampered with them 24/03/2021 MEDINA General Presentation
  • 11. Target users CSPs: IaaS, SaaS, PaaS, XaaS Auditors CABs 24/03/2021 MEDINA General Presentation
  • 12. Thank you! www.medina-project.eu // Leire.orue-echevarria@tecnalia.com