Security framework to achieve a continuous audit-based certification in compliance with the EU-wide cloud security certification scheme


Horizon 2020


1. 11. 2020 - 31. 10. 2023


Hrvoje Ratkajec
EU flag
This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 952633.

Cloud computing has evolved significantly during the last years and represents an essential element of innovative economies. The shift to cloud enables businesses to lower their costs, increase productivity and performance, efficiently cope with complexity of infrastructure, and deliver products faster. But despite numerous benefits cloud computing brings, the adoption rate among organizations is still limited due to transparency and security doubts they have.

To assure trustworthiness and security of their services, cloud providers rely on security certification. But they face multiple challenges due to market fragmentation, diverse focus, lack of cloud-specific security certifications, and incompatibility of existing certification schemes.

That’s why to offer businesses more secure, sustainable, and interoperable cloud services, the European Commission introduced the new EU Cybersecurity Act, which proposes improving customer’s trust through European certification scheme. But to really increase its level of assurance and bring benefits to providers and customers, continuous certification for the whole supply chain is needed.

MEDINA faces this issue by developing a framework for achieving a continuous audit-based certification for cloud service providers, complying with the EU Cybersecurity act. Framework is comprised of tools, techniques, and processes supporting the continuous auditing and certification of cloud services and tackles the challenges of security validating/testing, machine-readable certification language, cloud security performance, and audit evidence management.

XLAB’s role

With expertise in vulnerability detection components, XLAB leads the implementation of MEDINA evidence collection tools to monitor the security performance of cloud applications. These tools provide inputs for the continuous evaluation of cloud service providers’ certification compliance, to which XLAB contributes as well. Additionally, XLAB also supports the definition of requirements as well as the integration and validation of the MEDINA solution.