Together with eight international institutions and companies, CaixaBank has developed the EU-SEC (European Security Certification Framework) cybersecurity project, which is funded by the European Union within the framework of the 2020 Horizon programme.
The research team, consisting of 25 professionals of 11 different nationalities from multiple disciplines (finance, public administration, audit, cybersecurity and technology, among others), will officially present its findings in the coming weeks. Three years of work and a total investment of €3m have been invested in the completion of the project.
Working towards a European certification standard for cloud cybersecurity
The conducted research is aimed at creating a European framework for the ongoing certification of security in cloud environments. Currently, there is no international certification validating the security of data stored in the cloud on an ongoing basis. However, a European certification standard within this scope would standardise the security requirements across different countries and thus provide access to new markets with innovative technology providers while fully ensuring data protection.
This certification standard would be especially useful in two sectors that handle a high volume of sensitive data: banking and public administration. With this in mind, the EU-SEC project has been developed following a two-pronged approach: one focusing on finance and led by CaixaBank, and another aimed at public administrations, in which the Slovenian and Slovakian governments have collaborated.
In addition, Cloud Security Alliance (an international organisation specialising in cloud technology), along with cloud infrastructure provider Fabasoft, university research centre Fraunhofer, auditors Nixu Cibersecurity and PriceWaterhouseCoopers, and technology company SixSq, have participated in EU-SEC with the aim of covering the various different aspects required for this type of certification.
CaixaBank itself has rolled out a cybersecurity ecosystem with specialist teams and infrastructure to provide protection against security incidents. In addition, the bank has a group that specialises in responding to IT security incidents and a centre that coordinates end-to-end security for the group, known as CiberSOC.
Like this item? Get our Weekly Update newsletter. Subscribe today