Objectives, Challenges and Activities

The European Security Certification Framework (EU-SEC) strives to address the security, privacy and transparency challenges associated with the greater externalisation of IT to Cloud services.

EU-SEC will create a certification framework under which existing certification and assurance schemes can co-exist. Furthermore, it will feature a tailored architecture and provide a set of tools to improve the efficiency and effectiveness of current assurance schemes targeting security, governance, risks management and compliance in the Cloud. It will be tested and validated in pilots involving industrial partners.

Objectives:

  • Increase user trust in Cloud Service Providers by defining principles, rules and processes for mutual recognition between different certification schemes indicating security and privacy level.
  • Stream line governance, risk management and compliance of cloud service delivering a reference architecture, mechanisms and tools for continuous auditing and certification reducing human interaction.
  • Initiate the process for the trans-European adoption of the EU-SEC framework and of the format used to express security requirements, controls and audit results to support EU-SEC’s long term sustainability.

Challenges:

  • Ensure broad and international and cross-industry applicability of EU-SEC framework.
  • Demonstrate a high level of security and privacy assurance and control while the CSP enhances the Cloud Service, continuously.
  • Provide a framework which can be adapted to new technical, compliance and market requirements, easily and promptly.
  • Generate a flexible and functional architecture and tools for cloud security governance, risks management and compliance.

Activities:

  • Collect and maintain security and privacy requirements relevant to the public and private sector.
  • Define the continuous auditing and certification framework and enable it for mutual recognition of existing certification and assurance approaches.
  • Develop a governance structure to support trans-European EU-SEC framework adoption.
  • Provide architecture and adapt existing tools to facilitate continuous auditing and control of security and privacy level service.
  • Validate the framework with pilot use cases executed by public and private sector partners to ensure its effectiveness, efficiency and market readiness in large scale demonstrators.
  • Strengthen the value proposition, market uptake and long-term sustainability of EU-SEC framework through commercial exploitation, influencing other standardization initiatives and performing strategic awareness and training activities.

Funded by Horizon 2020; a funding programme created by the European Union to support and foster research in the European Research Area, the EU-SEC Consortium believes that providing a trustworthy and certified cloud services is a necessary condition to be able to provide trustworthy other added value services. This will be supported by integrating relevant requirements from public and private sector, governance schemes and the partner’s state of the art tools/architectures ranging in maturity from TRL 4 to TRL 9. It will furtherly enhance trustworthiness and transparency in the ICT supply chain through business cases developed and piloted by industrial partners.