CloudFerro (CF) provides cloud computing services dedicated to specific industries. Company specializes in the storage and processing of large data sets, including Earth observation satellite data repositories. It is the largest company in the Polish space sector, a leader in the European Earth Observation sector and a prime contractor for such institutions as ESA, EUMETSAT, ECMWF and DLR.
CloudFerro as a Cloud Service Provider (CSP) is one of main EMERALD’s stakeholders and will validate project outcomes in Pilot 2.
About Pilots
One of EMERALD’s key results is Industrial pilots – realistic use cases by potential applicants of EMERALD. This is key to derive and validate the proposed contents of the project objectives.
Pilots are divided into two categories:
Category I Pilots – focus on using EMERALD tools on public cloud by Cloud Service Providers (CSPs).
Category II Pilot – aims at the certification of hybrid cloud-edge environments for the financial sector.
Pilot 2
Pilot 2, as a part of Category I, is aimed at testing tools in IaaS/PaaS environment on public cloud.
General goals for pilot are:
To demonstrate certification of public cloud services with EMERALD tools
To demonstrate Certification as a Service (CaaS)
To validate projects outcomes in real life use case
CloudFerro’s expectations from EMERALD
CF’s Compliance Manager describes the current situation as follows
“CloudFerro has three security audits each year – ISO 27001, BSI 200-1, BSI C5. They are all time-consuming, because they are comprehensive. Audit usually takes 2-4 days, but a lot of time is also needed for preparation. Main data for audits are existing audit checklist, policies, procedures (not all must be documented), specifications, descriptions etc. Currently we do not use any audit tools, we do everything manually.”
CloudFerro’s audits right now are based on documentation and demand manual work of many people for days. Because of that EMERALD can help by:
Automation of documents verification process.
Reduction of audit cost – decrease of time or/and people needed for audit because of EMERALD tools.
Reusability of tools – faster and easier recertification (and audits)
Pilot 2 high level overview
Pilot 2 can be shown in five main steps:
Compliance Manager chooses certification scheme.
Control Owner implements controls in CF’s IaaS and PaaS environments.
EMERALD collects evidences.
Result of evidence collection is monitored and verified by Compliance Manager (self-assessment).
Auditor audits company.
According to these steps three main roles have been identified in Pilot 2:
Role | Responsible for |
Control Owner | Implementation of controls in CF’s public cloud |
Compliance Manager | Compliance verification and self-assessment |
Auditor | Auditing company |
EMERALD should automate work for all these roles, which will allow achieving one of the most important goals – reduction of audit cost.