Success of the European Security Certification Workshop

The Workshop on European Security Certification was held in Brussels on September 10th, 2018. Experts from different backgrounds attended the event – among others were scheme owners, authorities and cloud service providers and auditors. Some representatives of highly renowned companies, such as Microsoft, SAP and Huawei, were also part of the audience.

The aim of the workshop was to increase awareness of the HORIZON 2020 European Security Certification (EU-SEC) Project – especially focussing on the game changing development of the Multiparty Recognition Framework. The EU-SEC Consortium provided first results for a multiparty recognition framework for cloud services, which are based on the innovative idea to achieve mutual recognition between existing cloud compliance schemes. The matter of mutual recognition between cloud compliance schemes had been well received and was intensively discussed with key stakeholders. To facilitate understanding, the workshop was split into three parts:

The importance of Cyber security

To start the event, the project coordinator introduced EU-SEC as a consortium, which strives to address the security, privacy and transparency challenges. This was followed by the policy work in DIGITALEUROPE and the European Cyber Security Strategy. The Cyber Security Act raised a number of questions from the audience regarding the standards needed to support a cybersecurity certification framework and the role of the different cybersecurity stakeholders, which fits perfectly with the objectives of the EU-SEC Project.

The busy agenda saw numerous speakers, such as Domenico Ferrara from the European Commission, Adele Naudy Chambaud representing DIGITALEUROPE and Jürgen Großmann from Fraunhofer, the EU-SEC Project Coordinator.

Bringing clarity to cloud compliance

Due to the fast pace of the ever-evolving Cloud market, the EU-SEC Project, especially the development of a Multiparty Recognition Framework, received immense attention. The EU-SEC Project demonstrated the first results of the Multiparty Recognition Framework, as well as the development strategy of the first test pilots to validate the implementation. Furthermore, the Multiparty Recognition Framework processes and activities were highlighted and explained in detail, such as:

  • to build a baseline for inclusion, based on existing certification schemes,
  • to test the inclusion of a new certification scheme (achieve mutual recognition),
  • to scale and adapt new schemes, and
  • to create a governance structure based on 3 components: assets, stakeholders, processes
Fruitful discussions included the state of Cloud Compliance in Europe, Cyber Security Threats and especially the need for a framework in supporting the idea to assess which existing Cloud compliance scheme has equivalent requirements to be certified (such as BSI C5, CSA STAR, ISO27001, SOC 2). The consortium drew attention to the challenge of having all schemes in scope and at the same time embraced the objective of minimising the burden of service providers.

Panel discussion

The workshop concluded with a Q&A session involving several speakers of the EU-SEC Project, who answered questions with regard to Cloud Compliance and the project. Stakeholders confirmed that the EU-SEC Project is meeting their high standards. In terms of further development, the stakeholders requested that the consortium fulfil some specific needs (such as industrial or financial services) and create a streamlined approach, which supports the mutual recognition of certifications.

The main outcome of the workshop was the clear validation of EU-SEC Project’s goal to develop a multiparty recognition between existing cloud security schemes. The audiences fully supported the EU-SEC Project’s objective in streamlining compliance efforts and implementing an overall governance. Global Cloud Service Providers contributed with excellent ideas and valuable perspectives for further enhancing the framework.

We look forward to keeping you up to date with the most recent developments of the EU-SEC Project and invite you to join us at our upcoming events. More dates will be announced soon!