OpenNebula is a powerful European open source platform to build and manage Enterprise Clouds, which provides unified management of IT infrastructure and applications, avoiding vendor lock-in and reducing complexity, resource consumption and operational costs. It combines virtualization and container technologies with multi-tenancy, automatic provision, and elasticity to offer on-demand applications and services. OpenNebula supports the deployment of hybrid and edge environments with infrastructure resources from different providers (e.g., AWS and Equinix Metal).
How OpenNebula Systems Is Impacting the European Cybersecurity Ecosystem
In today’s cloud infrastructure landscape, understanding the necessity and location of security certification for cloud systems or environments, especially in a multi-cloud setup, is really needed to maintain high security and trust levels across diverse and distributed technological environments.
Within the European Union (the EU), there are numerous initiatives focused on new cloud certifications and their impact on the industry. OpenNebula Systems, due to the importance of the Cloud Security domain and its role in the Edge/Cloud Computing technology arena, is actively contributing to enhancing the security and effectiveness of cloud service usage and adoption.
Contributions to Continuous Cybersecurity Certification Tools
OpenNebula Systems is an active participant in the EMERALD project, which is pioneering Certification-as-a-Service for continuous certification of harmonized cybersecurity schemes. Thanks to this involvement, OpenNebula is set to receive automatic certifications for its installations.
Leading the category and pilot for certifying hybrid cloud-edge environments for the financial sector, OpenNebula Systems’ efforts are aimed at ensuring real-time assessment of various cloud services in a multi-cloud setup, validating compliance with specific security frameworks, and enabling the production of certifications. This development is particularly beneficial for banking applications.
The pilot of Category II will target compliance to the level ‘high’ for continuous certification with the EUCS and will also make use of the EMERALD UI. The specific for Category II is that the EMERALD approach can provide a platform to exchange real-time information of certification states for services within the datacenter-cloud-edge continuum used in the financial sector. More specifically, it will offer a secure-by-design application that monitors compliance of services with the same technology on-prem, on the cloud, or at the edge (public or private). This will ensure the secure integration of third-party services, guaranteeing their validation of fit-for-purposes.
Figure1. EMERALD pilots by category
Pilot Participants
The main driver of this category definition is Caixabank, which currently holds a large number of applications on-premises, with the goal of building a multicloud infrastructure deploying and maintaining workload in three CSPs: IONOS and CloudFerro for IaaS and Fabasoft for SaaS.
Open Challenges
- Security of cloud customer data, in the context of PSD2: highly regulated industries need to be extra careful in selecting, integrating or on-boarding new cloud and edge services and in assessing them.
- Lack of standardization for interoperability of cybersecurity certification in multi-provider cloud-edge environments: European SaaS providers as Fabasoft are interested in providing specialized services, but face high entry barriers.
Summarizing, the application of EMERALD would ensure the real-time assessment of several cloud services, validating that they are compliant with the controls defined in a specific security framework addressing the main challenges of Caixabank as a customer of cloud and edge service providers.
Main Roles: Leader of the Pilot Category 2 (T5.3). OpenNebula/ONEedge Edge Computing platform. Connection to IPCEI-CIS.
Infrastructure: Cluster for a Testbed (WP5).
Exploitation: Incorporate new features into the OpenNebula platform to provide users and customers with innovative features for cybersecurity certification of multi-provider / hybrid cloud-edge environments.