To validate the EMERALD framework, two main categories of pilots have been identified. The goal of these pilots is to illustrate how EMERALD will enable regulated industries to move to cloud-first/native environments while deriving individual compliance level as per industry or customer requirement and provide services fulfilling business needs.
Category I: Certification of public Cloud Services
The first category includes three pilots, which aim at demonstrating Certification as a Service with EMERALD, on the level of cloud services for IaaS (Pilot 1, IONOS), IaaS / PaaS (Pilot 2, CloudFerro) and SaaS (Pilot 3, Fabasoft). All three will describe the path for integrating EMERALD tools from for European cloud service providers, considering any technical and organizational restrictions that apply in the execution of a pilot within the scope of the current status of the EUCS and a framework like MEDINA. Pilots of Category I set their focus to public cloud environments and will built upon the findings and success that Fabasoft already achieved in the projects EU-SEC and MEDINA in the respective use cases of those projects.
Category II: Certification of hybrid cloud-edge environments for the financial sector
The second category aims at the certification of hybrid cloud-edge environments for the financial sector. Main driver of this category definition is CaixaBank, which currently holds a large number of on-premise services and is trying to expand this into the field of public clouds, i.e. using SaaS or IaaS providers. However, due to regulation, there is a need for continuous certification in the sector. The application of EMERALD would ensure the real-time assessment of several cloud services, validating that they are compliant with the controls defined in a specific security framework. OpenNebulaSystems, as a European specialist in managing hybrid cloud-edge environments, will lead this category and pilot.
