Agency: European Commission | Branch: FP7 | Program: CP | Phase: ICT-2011.1.4 | Award Amount: 4.22M | Year: 2012
Cloud technology offers a powerful approach to the provision of infrastructure, platform and software services without incurring the considerable costs of owning, operating and maintaining the computational infrastructures required for this purpose.\nDespite its appeal from a cost perspective, cloud technology still raises concerns regarding the security, privacy, governance and compliance of the data and software services offered through it. Such concerns arise from the difficulty to guarantee security properties of the different types of services available through clouds. Service providers are reluctant to take full responsibility of the security of their services once the services are uploaded and offered through a cloud. Also, cloud suppliers have historically refrained from accepting liability for security leak.. This reluctance stems from the fact that the provision and security of a cloud service is sensitive to changes due to cloud operation, as well as to potential interference between the features and behavior of all the inter-dependent services in all layers of the cloud stack. Still many cloud users, including institutional ones, would like to rely on cloud-based services they use to exhibit certified security properties.\nCUMULUS will address these limitations by developing an integrated framework of models, processes and tools supporting the certification of security properties of infrastructure (IaaS), platform (PaaS) and software application layer (SaaS) services in cloud. CUMULUS framework will bring service users, service providers and cloud suppliers to work together with certification authorities in order to ensure security certificate validity in the ever-changing cloud environment.\nCUMULUS will rely on multiple types of evidence regarding security, including service testing and monitoring data and trusted computing proofs, and based on models for hybrid, incremental and multi-layer security certification. Whenever possible, evidence gathering will build upon existing standards and practices (e.g., interaction protocols, representation schemes etc.) regarding the provision of information for the assessment of security in clouds.\n\nTo ensure large-scale industrial applicability, the CUMULUS framework will be evaluated in reference to cloud application scenarios in some key industrial domains, namely Smart Cities and eHealth services and applications,.\nCUMULUS is aligned with the recommendations of a recent industrial consultation to the European Commission which identified cloud certification as an enabling technology for building trust for end users through the deployment of standards and certification schemes relevant to cloud solutions, and included it in the ten key recommendations and actions for a cloud strategy in Europe.
Agency: European Commission | Branch: H2020 | Program: CSA | Phase: ICT-07-2014 | Award Amount: 679.94K | Year: 2015
Today, whilst many organisations are reliant on cloud resources, contracts for cloud services often contain Service Level Agreements (SLAs) with technical & legal provisions that are inappropriate, difficult to understand &/or illegal. Similarly, the application of established data protection concepts can be problematic, with uncertainties as to what is regulated, who is responsible & which laws apply. Building on the work conducted by EC SIG SLA, Certification & Code of Conduct, ETSI CSC, CSA WGs, ECP Steering Board, NIST, Gartner, SLA-Ready, delivers a reference model for Cloud SLAs & a set of best-practices & services to support cloud customers in the use of cloud SLAs through their life cycle. The latter will improve the uptake of cloud computing by private sector, while procuring services across the cloud market. Other Outputs: support cloud customers via a dedicated, social repository of Cloud SLAs and supporting services to ensure the acquisition, operation and termination of cloud services fulfilling specified requirements; provide an active contribution to relevant SDOs like: ISO/IEC 19086. engage & ensure coordinated, global collaborations with e.g., NIST RATAX and the CSA SLA WG for a collaborative, international approach; Provide 4 engaging practical user friendly tutorials to end-users, Showcase real efforts of the common reference model implementation in Europe. The consortium is lean, complementary & strong: TRUST-IT, a prime mover in cloud computing landscape ensures effective coordination, digital marketing & SDO liaisons; CSA a leading, global player in the arena of cloud security; TUDA, brings direct expertise on techniques & frameworks to operate with cloud SLAs; Arthurs Legal represents IT, ISP, software, CSP, IoT & IT service vendors, end-users in their legal life cycle. Numergy offers cloud services to public & private organizations. SLA-READY has a pragmatic & actionable Advisory Board (AB) made up of key opinion leaders.
Agency: European Commission | Branch: H2020 | Program: IA | Phase: DS-01-2016 | Award Amount: 4.16M | Year: 2017
In recent years the ICT market has evolved toward a cloud-based approach. This shift together with the rapidly changing legal and regulatory landscape has heavily impacted security assurance, governance and compliance. The information security market players have tried to provide suitable solutions to cope with issues such as i) lack of means to provide higher level of assurance (e.g continuous monitoring and auditing), ii) privacy not adequately taken into account, iii) limited transparency and iv) lack of means to streamline risk management and compliance. In the certification space this has resulted in the creation of several schemas creating an additional problem, i.e. the proliferation of certification scheme. The project EU-SEC will improve the effectiveness and efficiency of existing approaches for assurance and compliance. The EU-SEC aims to create a framework under which existing, certification and assurance approaches can co-exist. The three core ideas behind the EU-SEC project are that an effective and efficient approach to trust, assurance and compliance has to: (1) balance the need of nations and business sectors to develop their specific certification schemas with the need of CSPs to reduce compliance costs (2) avoid that humans (auditors) do activities that can be performed by machines (e.g. collecting data) (3) make sure that accurate and reliable evidences/information are provided to relevant people, in a timely fashion, leveraging as much as possible automatic means. The EU-SEC framework will equip stakeholders in the ICT security ecosystem with a validated governance structure, a reference architecture, and the corresponding set of tools to improve the efficiency and effectiveness of their current approach to security governance, risks management, assurance and compliance. The EU-SEC aims to enhancing trustworthiness and transparency in the ICT supply chain through business cases developed and piloted by industrial partners.
Agency: European Commission | Branch: FP7 | Program: CSA | Phase: INFRA-2012-3.3. | Award Amount: 2.73M | Year: 2012
Data capture, processing, analysis and archiving is central to scientific endeavour, challenging the sustainability of an approach to ICT deployment that has predominated for 25 years but is rapidly being overtaken by events. Cloud-based services offer greater efficiency, agility and innovation in delivery of services through economies of scale, multiple tenancy of irregularly-used resources and more sophisticated approaches to resource management.\n\nWe estimate that cloud-based services to the ERA communities could become a bn business in the near future. Efficiency savings of just 10% would equate to something like 40% of the annual (2002-2013) INFRASTRUCTURES budget. This is of great significance to suppliers of cloud-based services and national and European funding agencies as well as infrastructure operators.\n\nThe HELIX NEBULA Project is a preliminary step towards a European cloud-based scientific e-infrastructure: HELIX NEBULA the Science Cloud. The Science Cloud Strategic Plan was adopted by representatives of all three stakeholder groups, including a representative from the Cabinet of the EU Vice Presidency responsible for the Digital Agenda, at a workshop hosted by ESA/ESRIN in June 2011.\n\nThe supporters of the HELIX NEBULA initiative include: ATOS, BT Global Services, CAP Gemini, CERN, CloudSigma, CNES, CNR, DLR, the EC, EGI.eu, EMBL, ENEA, ESA, Logica, OpenNebula, Orange Business Services, SAP, SIENA, StratusLab, Server Labs, Six2, T-Systems International, Terradue srl, Thales and TrustIT.\n\nThe HELIX NEBULA Project will lead and co-ordinate these communities of interest through a two year pilot-phase during which procurement processes and governance issues for a framework of public/private partnership will be appraised. Three flagship use cases from HEP, molecular biology and earth-observation will be used to enable a cost-benefit analysis to be undertaken and the next stage of the Science Cloud Strategic Plan developed and approved.
Agency: European Commission | Branch: FP7 | Program: CP | Phase: ICT-2011.1.4 | Award Amount: 14.11M | Year: 2012
Cloud and IT service providers should act as responsible stewards for the data of their customers and users. However the current absence of accountability frameworks for distributed IT services makes it difficult for users to understand, influence and determine how their service providers honour their obligations.\nA4Cloud will create solutions to support users in deciding and tracking how their data is used by cloud service providers. By combining methods of risk analysis, policy enforcement, monitoring and compliance auditing with tailored IT mechanisms for security, assurance and redress, A4Cloud aims to extend accountability across entire cloud service value chains, covering personal and business sensitive information in the cloud.\nA4Cloud solutions will support service providers in preventing breaches of trust by using audited policy enforcement techniques, assessing the potential impact of policy violations, detecting violations, managing incidents and obtaining redress.\nA4Cloud aims to improve the acceptability of cloud-based infrastructures where critical data is perceived to be at risk. It will develop techniques for improved trustworthiness of cloud ecosystems as prerequisite for accountability. Therefore it will create policies and tools that enforce responsibilities while striking a balance between transparency and privacy, and determine issues and constraints for regulators, corporate and institutional service providers, users, and their end-users.\nA4Cloud will have a lasting impact on the competitiveness of the European ICT sector by addressing major perceived barriers to trustworthy cloud-based services. These include concerns about complexity and enforceability of legal, regulatory and contractual provisions, socio-economic and corporate constraints, issues of trust for service-users such as risk-mitigation, privacy, confidentiality and transparency, and operational challenges such as interoperability and enforcing and monitoring compliance.
Agency: European Commission | Branch: FP7 | Program: CP | Phase: ICT-2013.1.5 | Award Amount: 3.32M | Year: 2013
The Cloud offers attractive options to migrate corporate applications without the corporate security manager needing to manage or secure any physical resources. While this ease is appealing, several security issue arise:\n* Can the validity of corporate legal compliance regulations still be ensured over remote data storage?\n* With security sensitive data residing remotely with the Cloud Service Provider (CSP), can access of unauthorized CSP personnel to your data be restricted?\n* How does one assess a CSPs ability to meet the corporate security requirements and the security trades-offs offered by different CSPs?\n* Can one monitor and enforce the agreed Cloud security levels with the CSP?\nNo comprehensive and easily usable solutions exist for these issues.\nSPECS solves this problem, offering:\n* Mechanisms to specify Cloud security requirements and assess the standalone and comparative security features offered by CSPs.\n* Ability to integrate desired corporate security services (eg. credential and access management) into Cloud services.\n* Systematic approaches to negotiate, monitor and enforce the security parameters specified in Service Level Agreements (SLA).\n* Approaches to develop and deploy security services that are Cloud SLA-aware, implemented as an open-source Platform-as-a-Service (PaaS).\n\nProviding such comprehensible and enforceable security assurance by CSPs is a critical factor to deploy trustworthy Cloud ecosystems. Targeting ICT-2013.1.5 Trustworthy ICT, SPECS will develop and implement an open source framework to offer Security-as-a-Service, by relying on the notion of security parameters specified in Service Level Agreements (SLA) and providing the techniques to systematically manage their life-cycle.\n\nThe SPECS framework addresses both CSPs and users to provide techniques and tools for:\na) Enabling user-centric negotiation of security parameters in Cloud SLA, along with a trade-off evaluation process among users and CSPs, in order to compose Cloud services fulfilling a minimum required security level.\nb) Monitoring in real-time the fulfillment of SLAs agreed with CSPs, notifying both users and CSPs, when a SLAs not being fulfilled.\nc) Enforcing agreed SLA in order to keep a sustained Quality of Security (QoSec) that fulfills the specified security parameters. SPECS enforcement framework will also react and adapt in real-time to fluctuations in the QoSec by advising/applying the requisite countermeasures.\nThe proposed framework will be based on an open-source core, and offer simple interfaces to motivate its adoption. It will offer a set of reusable PaaS components for service developers to enable them to integrate SPECS SLA-oriented security mechanisms into existing Cloud services.\nUsing real case studies SPECS will demonstrate that the contributed framework and architecture can be integrated as-a-Service into real life Cloud environments, with a particular emphasis on small/medium/federated CSP and end users.
Agency: European Commission | Branch: H2020 | Program: RIA | Phase: FCT-16-2015 | Award Amount: 3.42M | Year: 2016
Organized Crime and Terrorist Networks (OC/TN) are a major challenge for the European Union and many different stakeholder groups are involved in creating awareness, preventing, identifying and intervene in case of risk or threat. But in order to develop better strategies and instruments, we still need a deeper understanding of these phenomena. TAKEDOWN therefore aims at generating such novel insights on OC/TN. In order to meet this challenge and to investigate this complex field of research a multidimensional modelling approach is used. The resulting, proprietary TAKEDOWN Model describes social, psychological, economic aspects as well as further dimensions, activities and response approaches. A comprehensive empirical research combined with European and international expert knowledge ensures a valid and intuitive model. The TAKEDOWN Open Information Hub targets first-line-practitioners and provides modular solutions and inductive materials. The public web platform helps individuals to navigate to the right third party reporting and help lines including an innovative crowd reporting application to report digital OC/TN cases. The TAKEDOWN OC/TN Professional Solution Platform consists of various modules for law enforcement and homeland security departments. Designed with a flexible Platform as a Service (PaaS) architecture it combines knowledge materials and digital security solutions. Via the TAKEDOWN Security Dashboard information streams of native and third party applications are combined in an identification and issue management cockpit. The TAKEDOWN Professional Advisor supports experts on the selection of relevant approaches and security solutions to tackle OC/TN. With this multi-level approach, TAKEDOWN will force a better understanding of OC/TN, develop modern approaches and solutions, and will finally lead to a more efficient and effective response on OC/TN and strengthen social cohesion at pan-European level.
Agency: European Commission | Branch: FP7 | Program: CSA | Phase: ICT-2013.1.2 | Award Amount: 907.12K | Year: 2013
CloudWatch will ensure high visibility of European R&D cloud initiatives driving interoperable solutions & services. CloudWatch, in 24 months, will accelerate and increase the use of cloud computing across the public and private sectors in Europe and strengthen collaborative, international dialogue on interoperability and portability. Three Concertation Meetings will support organisations, fostering multi-stakeholder dialogue and cross-fertilisation on best practices. CloudWatchHUB.eu will raise awareness of the benefits to major stakeholder groups: enterprises, especially SMEs; governments and public authorities; research and education institutions. Drawing on key issues, disseminating best practices on model contract terms, fostering a multi-stakeholder dialogue and facilitating the emergence and use of standard contracts. CloudWatch will make an active contribution to standards and certification, driving interoperability as critical to broadening choice and boosting innovation. It will provide a portfolio of EU and international use cases that demonstrate interoperability, portability and reversibility. The use cases will cover technical requirements, policy and legal requirements, such as SLA management. The use cases will lead to the development of common standards profiles and testing around the federation of cloud services. CloudWatch will also support efforts around certification and compliance testing.Support and guide to SMEs is key on the relevance, maturity and timely implementation of standards, and drive industry consensus. It will therefore contribute to increasing trust and addressing some of the biggest obstacles to uptake. CloudWatch is guided by Business Innovation & Global Interoperability Experts, supporting its strategic goals and helping to ensure the long-term sustainability of CloudWatchHUB.eu.
Agency: European Commission | Branch: H2020 | Program: CSA | Phase: ICT-35-2014 | Award Amount: 499.88K | Year: 2014
The PICSE Procurers Platform will give access to a unique repository of information supporting the move from outright purchase to pay-per-usage made possible by the arrival of cloud computing. It builds on the Helix Nebula collaboration between supply and demand of which the three PICSE partners are key members, including the H-N coordinator, CERN. It addresses the fragmented landscape of inconsistent technical approaches and disjointed managerial structures that prevent delivery of a production-quality cloud computing e-infrastructure. PICSE will engage with cloud service providers, their customers and procurement professionals over a crucial period as Europes Cloud Strategy comes to fruition and several large multinational procurements (including PPIs and PCPs) take place. The project will provide a focal point avoiding duplication of efforts to identify, analyse, publicise and harmonise opportunities for shared procurement, including a direct response to the ECP Trusted Cloud Europe science use case, addressing cross-border procurement. PICSE will resolve key financial and legal constraints impacting business development and procurement and provide a range of best practices that address those barriers from both private and public sectors, including the research domain, in and beyond Europe. It will set out a realistic roadmap of future procurement based on the levels of ambition for adoption of cloud services over the next five years. This reflects the European Cloud Computing Strategy which calls for a framework of standards to give procurers confidence that they have met their compliance obligations and that they are getting an appropriate solution to meet their needs.
Agency: European Commission | Branch: H2020 | Program: CSA | Phase: ICT-07-2014 | Award Amount: 585.00K | Year: 2015
CloudWATCH2 supports EU R&D on cloud computing, software, services across the full innovation lifecycle & the move to market, promoting technology advancements, supporting OS software re-usability through clustering, championing standards for interoperability & security, providing a roadmap on the cloud market structure to encourage transparent pricing & offering educational services on risk management & legal issues to lower adoption barriers for SMEs & public administration. CloudWATCH2 focuses on the cloud ecosystem emerging from EU research & innovation projects, where technology & pricing are an equally important part of market equation. It takes a pragmatic approach to market uptake & sustainable competitiveness by clustering projects around common themes & challenges, with deep dive training for wider uptake & commercial exploitation. It analyses the fast evolving standards landscape, new implementations, extensions & protocols focusing on the value creation of interoperable and secure services, identifying gaps & making recommendations to address them. It brings interoperability testing to the forefront supporting Cloud Interoperability Plugfests. It supports market-oriented approaches to new products, services & solutions, including OS developments, where free & profitability are not mutually exclusive. It introduces a novel activity around cloud pricing analysis, strengthens support of sustainability, to encourage faster time-to-value & commercialisation of innovative products & services. On the demand side, it supports key stakeholders in the EU digital market by providing training on legal aspects addressing increasingly common consumer concerns. Consortium: TRUST-IT, coordination, outreach, a renowned international network & SDO liaisons; CSA a leading, global player in cloud security; UOXF OeRC part of UK eScience programme; StrategicBlue cloud billing & price risk management experts. ICT Legal, represents IT, ISP, SW, CSP, IoT & IT service vendors