The MEDINA project has assembled an Expert Stakeholder Group (ESG) to provide feedback on planned research and innovation on cloud certification. Our ESG is composed of recognized experts from academia, industry, and the standardization community. At the time of writing, the members of the ESG are the ones shown in the table below.
|Name||Affiliation||Country||Value for MEDINA|
|Andreas Weiss / Thomas Niessen||Gaia-X||Germany||Gaia-X is in the core of MEDINA’s exploitation plan (WP7).|
|Patrick Grete||BSI||Germany||The German Ministry of Information Security (BSI) maintains a security controls framework which was the first to introduce the notion of continuous (automated) monitoring (WP2-WP6).|
|Eric Vetillard||ENISA||Greece||ENISA is the lead developer of EUCS, which is one of the main focus for MEDINA’s activities (WP2-WP7).|
|Jim de Haas||ABN Amro||Netherlands||Provides the cloud customer perspective and expertise to the outcomes from MEDINA, which support the project’s exploitation activities (WP7).|
|Meghan Herster||Expert||US||Represents global Cloud Service Providers with strong interest on compliance and certification automation. Mrs. Herster is also ISO/IEC representative for cloud security (WP7).|
|Michaela Iorga||NIST||US||NIST develops one of the most prominent standardsfor machine-readable exchange of cybersecurity assessments (WP2-WP7).|
|Roberto Cascella||ECSO||Italy||Brings to the consortium the perspective of the cloud customers along with their interest in developing a single market for certification (WP7).|
|Ronit Reger||Microsoft||US||One of the major global Cloud Service Providers, and pioneer in continuous compliance mechanisms for the cloud (WP2-WP7).|
|Volkmar Lotz||SAP Research||France||Provides the EU research perspective to the outcomes and activities from MEDINA (WP2-WP4).|
The ESG composition shows diversity from different perspectives (e.g., expertise, geography, industrial sector, gender) which results on a high value for MEDINA. In order to maximize the synergies and interaction with the ESG, it was decided to engage the experts earlier during the project’s execution. For this reason, and following up on the virtual kick-off meetings from July-16th 2021 and July-23rd 2021 , the consortium organized a second ESG discussion on May-3rd 2022.
The presentation for the second ESG meeting covered the background and objectives of MEDINA, the reached achievements after 18 months, and provided a demonstration of a couple of tools developed by the project namely SATRA (WP2, static risk assessment) and AMOE (WP3, assessment of organizational measures). The full slide deck with the presentation to the ESG can be found here.
The second ESG meeting resulted on rich feedback from the experts, in particular related to the real-world challenges of continuous monitoring (as defined in EUCS), and the presented risk assessment tool, and the need for machine-readable languages. Provided feedback will be followed up by the corresponding WP leads, integrated into the corresponding activities of the project, and discussed in upcoming blogposts.
During the second half of MEDINA’s duration, the ESG is expected to be met again at least once per-quarter (and in some cases with one-to-one adhoc meetings). This decision has been taken based on the involvement and interest of most of the ESG members in the activities of MEDINA.