Meeting a New Era of Digital Risk

European financial institutions stand at a crossroads: cyberattacks are escalating, cloud adoption is accelerating, and regulatory expectations have never been more demanding. For CaixaBank, one of Europe’s largest and technologically advanced financial institutions, ensuring security, sovereignty, and resilience across hybrid cloud edge environments is both a priority and a challenge.

The complexity of modern financial infrastructure; spanning SaaS, IaaS, PaaS and on premise systems, makes continuous compliance a moving target. Traditional, manual audit processes struggle to keep pace with evolving threats and regulatory frameworks such as the Digital Operational Resilience Act (DORA) and the upcoming EU Cybersecurity Certification Scheme (EUCS). As environments grow more distributed, so do the difficulties in gathering, validating, and standardizing evidence across multiple cloud and edge providers.

Being able to face these challenges head-on is precisely why CaixaBank joined EMERALD.

Preparing Financial Institutions for Tomorrow’s Threats and Regulations

EMERALD’s contribution for CaixaBank goes beyond improved efficiency: it directly strengthens resilience and regulatory readiness.

With automated and traceable assessment workflows, financial institutions can:

• Detect non-compliance in real time, rather than months after an audit.
• Respond faster to regulatory changes, especially under frameworks like DORA.
• Establish clear evidence trails for internal and external auditors.
• Build trust with customers and regulators through transparent, verifiable processes.

For a sector where security and trust are non-negotiable, EMERALD represents a paradigm shift—from periodic snapshots to continuous assurance, from siloed evidence collection to unified certification ecosystems.

A Pilot Aimed at Real World Impact

Pilot 4 brings together CaixaBank, one of Spain’s largest financial groups, and OpenNebula Systems, the European leader in open-source cloud and edge computing platforms. Together, we’re building a real pilot that addresses real-world compliance challenges in multi-cloud banking environments.

The pilot focuses on:

• Validating the EMERALD framework in a highly regulated, high assurance environment.
• Demonstrating secure cloud edge integration for services spanning multiple technologies.
• Mapping real CaixaBank services to EUCS aligned controls, proving the feasibility of continuous certification.
• Testing automated compliance workflows that reflect real operational demands.

This hands-on validation ensures that EMERALD is not just a research effort—it becomes a practical, deployable solution for critical industries.

The diagram below illustrates how the different EMERALD components work together in our pilot:

The architecture shows:

• Left side: CaixaBank’s pilot environment with IONOS (bare-metal) and CloudFerro (IaaS) integration.
• Center: OpenNebula as the Evidence Collection Gateway, connected to CIS Metrics.
• Right side: The EMERALD assessment pipeline—from Evidence Store through Clouditor assessment to the EMERALD UI where Compliance Managers and Auditors can evaluate results.

The OpenNebula Evidence Collection Gateway orchestrates resources from IONOS and CloudFerro while collecting compliance evidence that flows through Clouditor to the EMERALD UI.

Multi-Cloud, One Control Plane

Our pilot integrates resources from three distinct environments under a single management layer:

This multi-cloud setup demonstrates EMERALD’s ability to maintain consistent compliance monitoring regardless of where workloads run, a critical capability as financial institutions adopt hybrid strategies to balance performance, cost, and data sovereignty requirements.

Scalable Hybrid Cloud Design

The pilot architecture is designed for scalability, supporting multiple OpenNebula frontends and KVM (Kernel-based Virtual Machine) hypervisors across different clusters:

Key Achievements So Far

Our collaboration has already delivered significant results:

• Full deployment of OpenNebula across hybrid infrastructure, integrating nodes from IONOS and CloudFerro.
• Custom evidence integration developed to enable Clouditor compatibility with OpenNebula’s API.
• Automated compliance checks demonstrated using OpenNebula API data for VM, networking, and IAM controls.
• Audit scope defined with CIS-based controls for networking (SSH/RDP access), virtual machines (disk encryption, public IP exposure), and identity management (key rotation).
• EMERALD software stack deployed within CaixaBank’s infrastructure, including Clouditor, AMOE, AI-SEC, and the EMERALD UI.

A Future Proof Model for Resilience

By participating in EMERALD, CaixaBank helps shape the next generation of cybersecurity governance. The project’s combination of automated audits, unified metrics, and user centric workflows supports a future in which financial institutions can innovate confidently, knowing they remain compliant, secure, and resilient.

In an environment where digital trust is both a requirement and a strategic asset, EMERALD equips CaixaBank—and the broader European financial ecosystem—with the tools needed to navigate increasing complexity while staying firmly aligned with European values of security, transparency, and sovereignty. Demonstrating that the collaboration between financial institutions (CaixaBank) and technology providers (OpenNebula Systems) must work together to solve the cloud certification challenge, building trust, enhancing security, and enabling innovation.