Blog Archives - CyberNEMO

Zero Trust, Edge AI, and Confidential Computing — The Technologies Redefining Edge Security

June 10, 2026

The security architecture being built for the edge is fundamentally different from what came before. Perimeter defence — the logic of a hard external wall and a trusted interior — does not work when the “perimeter” is a sensor on a wind turbine, a camera on a factory floor, or a controller on a substation. These devices sit in physically uncontrolled environments, often connected via public networks, and there are too many of them to manage individually. The industry is converging on a new model built around three core technology trends.

Zero Trust is the foundational shift. In a Zero Trust architecture, no interaction between an edge device and its gateway is assumed safe: every request must be authenticated and authorised, regardless of where it originates or what it claims to be. For edge environments with hundreds or thousands of endpoints, this is architecturally demanding — but it is increasingly the baseline expectation set by both regulators and enterprise customers. NIS2 and the CRA effectively mandate Zero Trust principles without using the term.

Edge AI is making Zero Trust operationally viable at scale. The ENISA Threat Landscape 2024 documents that edge devices such as routers and IoT hardware are prime targets precisely because of outdated firmware and limited local monitoring capabilities. Running AI-native threat detection models directly on the edge node — rather than routing raw telemetry to a central Security Operations Centre — addresses this structural weakness head-on: a smart meter or industrial gateway can apply lightweight anomaly detection locally, flagging suspicious behaviour in milliseconds without transmitting sensitive operational data to the cloud.

In many industrial and healthcare contexts, local inference is the only architecture that simultaneously meets latency, bandwidth, and data sovereignty requirements.

Confidential Computing addresses a different but equally critical problem: what happens when sensitive workloads must run on third-party infrastructure? Hardware-based Trusted Execution Environments (TEEs) — such as Intel SGX — process data inside an encrypted enclave, meaning the infrastructure provider physically cannot access the raw data being computed. This allows organisations to use shared or commercial edge infrastructure without surrendering data confidentiality — a capability that is increasingly essential as edge deployments scale beyond what any single organisation can own outright.

Two further developments are reshaping the threat landscape itself. Private 5G Networks combined with Multi-access Edge Computing (MEC) enable compute to be placed at mobile base stations, offering high security through physical isolation of industrial traffic from public networks. ModelOps Security (AI TRiSM) is emerging as a response to adversarial attacks that target not the network infrastructure, but the integrity of the AI model itself. Recent incident analysis of cloud-edge deployments documents cases where attackers manipulated communication links between edge and cloud nodes to modify sensor data — underscoring that in environments where AI drives automated decisions, securing the model pipeline is as critical as securing the network.

These technologies are not on the horizon. They are being deployed now, in real industrial environments, by the same organisations that CyberNEMO works with.

MoniKube: Security-Aware Infrastructure Discovery for Cloud-Native Environments

June 8, 2026

As organizations continue to adopt Kubernetes and cloud-native technologies, their infrastructures become increasingly complex and difficult to manage. Distributed clusters, virtual machines, containers, and interconnected services provide scalability and flexibility, but they also create significant challenges in maintaining visibility, understanding asset relationships, and identifying security risks.

MoniKube is a distributed security-aware monitoring and intelligence platform designed to address these challenges. By continuously monitoring Kubernetes and cloud-native environments, collecting telemetry data, and performing vulnerability assessments, it automatically discovers infrastructure components and builds a comprehensive representation of the operational environment. The platform correlates infrastructure, monitoring, and security information to provide organizations with a deeper understanding of their assets, dependencies, and overall security posture.

At the core of MoniKube is a security-aware knowledge graph that transforms distributed infrastructure data into a centralized and interactive model. By mapping assets and their relationships, the platform enables operators and security teams to explore infrastructure topology, understand dependencies between systems, identify exposed components, and gain valuable insights into potential risk and exposure pathways.

MoniKube discovers Kubernetes resources through the Kubernetes API and can optionally enrich the model with host-level Docker workloads. The platform integrates Trivy-based vulnerability and misconfiguration scanning, allowing assets to be continuously assessed for security weaknesses. Vulnerability information, exposure indicators, runtime metrics, and security scores are incorporated directly into the graph, enabling users to filter, compare, and prioritize risks from a single dashboard.

Beyond infrastructure discovery, MoniKube can ingest information from external security and monitoring solutions, including IDS, SIEM, and IDMEF-compatible sources. This allows the knowledge graph to remain synchronized with operational reality while providing a unified view across cloud-native and traditional systems.

MoniKube combines vulnerability information, runtime monitoring metrics, and exposure indicators into a unified security-scoring framework. It can integrate information from both cloud-native and traditional systems, creating a unified view of infrastructure regardless of underlying technology. Beyond infrastructure monitoring and security assessment, MoniKube introduces the ability to generate exportable infrastructure models that can serve as the foundation for digital twins, automating much of this process by capturing the security characteristics of operational environments and transforming them into reusable digital representations. The result is a comprehensive solution that helps organizations gain visibility into complex environments, strengthen their security posture, and transform operational infrastructure data into actionable security intelligence.

Who Secures Europe’s Edge? A Map of the Key Players

June 8, 2026

The European edge security market is not dominated by a single category of player. It is a fragmented, competitive landscape where global hyperscalers, European industrial giants, telecom operators, and specialist security firms are all competing — and sometimes partnering — to own different layers of the stack. Understanding who does what, and where the tensions lie, is essential for anyone operating in or procuring from this market.

Hyperscalers — Microsoft (Azure IoT Edge), AWS (Greengrass), and Google Cloud (Distributed Cloud) — dominate the software stack and developer ecosystems. Their “cloud-to-edge” integration is technically seamless and benefits from enormous R&D investment. But they carry a structural liability in the European context: exposure to the US Cloud Act creates trust and sovereignty friction that no product feature can fully resolve, particularly for government, defence, and critical infrastructure customers.

The counterweight is a group of European Industrial and Security Sovereigns. Siemens Industrial Edge offers measured boot and digital signatures to ensure only authorised software runs on edge devices. Bosch IoT Suite provides secure Over-the-Air (OTA) updates. Thales leverages its defence background for high-grade encryption and identity management. Eviden (Atos) focuses on cybersecurity, encryption technologies, and trusted digital infrastructures aligned with European security requirements. These companies hold a structural “home court advantage”: deep OT expertise, long-standing relationships with EU institutions, and a trusted status that no marketing spend can replicate.

Telecommunications providers — Deutsche Telekom, Orange Business, and Telefónica — occupy a distinct strategic position: they own the network (5G/fibre) and the physical edge locations. They are moving up the value chain toward “Managed Edge Services,” bundling connectivity with security. Orange Business combines its network with Orange Cyberdefense to offer SASE (Secure Access Service Edge) and Virtual Network Edge solutions. Deutsche Telekom promotes Campus Networks for Industry 4.0, packaging connectivity and security together for industrial customers.

Providers like OVHcloud, T-Systems, and CloudFerro are carving out a distinct niche, capitalising on enterprise distrust of hyperscalers by offering sovereign cloud and edge infrastructure with contractual guarantees of data residency. This segment is growing directly in proportion to regulatory pressure — every new NIS2 enforcement action is, indirectly, a sales event for sovereign infrastructure providers.

Finally, as the talent shortage bites across the board, Managed Security Service Providers (MSSPs) are becoming increasingly critical. The European managed security services market is valued at over $11 billion in 2025 and is projected to grow at a CAGR of approximately 10% through 2033, reflecting the reality that most organisations — and virtually all SMEs — cannot build in-house edge security expertise. MSSPs are, in practice, becoming the primary delivery mechanism for edge security for a large portion of the market.

Why Micro-Segmentation Matters in Kubernetes

June 5, 2026

Kubernetes revolutionised the deployment of cloud-native applications by making workloads portable, scalable, and easy to orchestrate. However, while Kubernetes excels at managing applications, its networking model introduces an important challenge for network services: a lack of flexibility in its networking model.

Most Kubernetes deployments rely on a flat network approach where every pod can potentially communicate with every other pod inside the cluster. Although Network Policies can restrict some traffic flows, workloads still fundamentally share the same networking space. For traditional microservice applications, which are usually application-layer oriented, this behaviour may be acceptable, but for network functions, multi-tenant platforms, or security-sensitive services, this approach quickly becomes limiting. This is where micro-segmentation becomes critical.

Micro-segmentation is the practice of dividing an infrastructure into isolated virtual network segments, where workloads only communicate with the components explicitly allowed to them. Instead of treating the cluster as a single trusted environment, micro-segmentation applies the principles of least privilege directly to network connectivity.

The benefit of applying micro-segmentation over K8s platforms can be substantial. First, micro-segmentation improves security by reducing lateral movement. If one workload becomes compromised, attackers cannot freely traverse the infrastructure to reach other services. Each segment behaves as an isolated environment with controlled entry and exit points.

Second, it enables the deployment of advanced network services inside Kubernetes. Functions such as firewalls, routers, proxies, or content delivery components often require separated Layer 2 or Layer 3 domains to operate correctly. In a flat network, these services lose much of their networking context because every workload remains directly reachable.

Third, micro-segmentation simplifies multi-tenant deployments. Different applications, customers, or services can coexist within the same Kubernetes infrastructure while remaining logically isolated from one another. This becomes increasingly important in edge computing, telecom platforms, and distributed cloud environments.

At the infrastructure level, achieving true micro-segmentation requires more than simple traffic filtering. It requires programmable virtual networking capable of creating isolated communication domains between workloads, independently of where they are physically deployed. This becomes even more relevant in distributed cloud-edge environments, where services may span multiple Kubernetes clusters and heterogeneous infrastructures.

To address these challenges, the CyberNEMO Zero Trust Network Access (ZTNA) framework extends the capabilities of the NEMO meta Network Cluster Controller (mNCC) to provide secure micro-segmentation mechanisms for both intra-cluster and inter-cluster communications. By enabling isolated virtual networking domains across cloud-native infrastructures, CyberNEMO introduces a flexible networking foundation for advanced network services, secure workload isolation, and distributed edge deployments. In next posts, we will explore in more detail the technology behind this functionality:

L2S-M.Why Micro-Segmentation Matters in Kubernetes

CyberNEMO’s Alignment with ENISA NIS360 Objectives

June 5, 2026

NIS360 evaluates the cybersecurity maturity and criticality of sectors covered by the NIS2 Directive, focusing on areas such as risk management, operational preparedness, information sharing, institutional capacity, and the resilience of sectoral ecosystems. CyberNEMO demonstrates a strong alignment with the objectives of ENISA’s NIS360 framework in several sectors that are explicitly covered by both the project’s pilot activities and the NIS360 assessment. In particular, the project addresses cybersecurity challenges in healthcare, water services, public-sector digital services, and ICT-enabled critical infrastructures through a comprehensive Zero Trust architecture spanning the IoT–Edge–Cloud–Data continuum. By integrating AI-driven threat detection, continuous monitoring, policy enforcement, risk assessment, and incident mitigation capabilities, CyberNEMO contributes directly to the enhancement of cybersecurity preparedness, operational resilience, and risk management maturity that NIS360 identifies as priorities for these critical sectors.

The alignment is particularly evident in the healthcare and water domains, which NIS360 highlights as sectors requiring sustained efforts to improve cybersecurity maturity and resilience. CyberNEMO’s solutions support secure access management, protection of sensitive operational and personal data, continuous threat monitoring, and coordinated incident response across distributed infrastructures. Through its SAAM platform, the project also strengthens collaboration, information sharing, and cyber situational awareness among stakeholders, addressing key NIS360 objectives related to ecosystem cooperation and collective resilience across critical services.

CyberNEMO validates these capabilities through dedicated pilots operating in sectors that fall within the scope of NIS360. The healthcare pilot focuses on securing access to electronic health records and healthcare information systems using Zero Trust principles and advanced cyber-defence mechanisms. The energy pilot addresses the protection of operational technologies and critical service infrastructures against cyber threats, while cross-organizational federation scenarios demonstrate secure collaboration, threat intelligence exchange, and coordinated incident management among critical-sector stakeholders. These pilots provide practical evidence of how CyberNEMO technologies can support the improvement of cybersecurity maturity in sectors that NIS360 identifies as strategically important for the resilience of the European Union.

Regulation as a Market Force: How NIS2 and the Cyber Resilience Act Are Reshaping Edge Security in Europe

June 4, 2026

In order to understand why Europe’s approach to edge security looks different from the rest of the world, it is necessary to start with the regulation. Unlike the US market, where security investment is primarily driven by competitive pressure and incident response, Europe follows a “regulation-first” adoption curve — and two pieces of legislation are currently redefining what that means in practice.

The NIS2 Directive and the Cyber Resilience Act (CRA) are not simply compliance checkboxes. They are market forces. NIS2 converts cybersecurity from a technical option into a boardroom imperative with personal liability for executives. It also mandates supply chain security, meaning operators must ensure the integrity of every connected device in their network — not just their own perimeter. This is a significant expansion of scope: in an edge environment, where a single factory floor can host hundreds of connected sensors and controllers from dozens of vendors, tracing and verifying the security posture of every component is an enormous operational challenge. It is also, notably, the exact kind of challenge that creates demand for standardised, certifiable security solutions.

The CRA goes further. It requires “security by design” and mandates that vendors provide security updates for the entire expected product lifetime of a device. For manufacturers of low-cost IoT hardware — the category of devices most commonly deployed at the edge — this creates a near-prohibitive barrier. The economics of a €15 sensor do not readily support a 10-year software maintenance cycle, which means the CRA will likely consolidate the IoT vendor market toward larger players capable of absorbing that obligation.

The second structural shift reshaping the market is the convergence of IT and OT. Historically, industrial networks were “air-gapped,” physically isolated from the internet. Industry 4.0 has ended that era. Connecting factory machinery to the cloud for predictive maintenance and real-time analytics means that legacy OT systems — often running outdated, unpatchable operating systems — are now reachable from the public internet. The attack surface has expanded from corporate email servers to robotic arms on assembly lines, and the consequences of a breach have shifted from data loss to potential physical disruption of production.

The market response is moving toward micro-segmentation and Virtual Network Functions (VNFs) to recreate “virtual air gaps” in software — maintaining operational connectivity where needed while isolating critical systems from broader network exposure.

Taken together, these regulatory and technical pressures are fostering a uniquely European ecosystem of “Sovereign Edge” providers — companies aligned with initiatives like Gaia-X that prioritise data residency and immunity from extraterritorial laws (such as the US Cloud Act) over pure scalability. Regulation, in other words, is not slowing the market. It is shaping who wins it.

Privacy Protection Enforcement (PPE)

May 29, 2026

The Privacy Protection Enforcement (PPE) component has been designed and developed by CyberSocial Lab within the CyberNEMO project and publicly accessible on the Eclipse Research Labs repository,
Our tool acts as a privacy-aware authorization and enforcement mechanism supporting secure data sharing across the computing continuum. Operating in conjunction with the Computing Continuum Access Security Broker (CASB), the PPE is responsible for ensuring that access to personal and sensitive data is granted only when the applicable processing policies and user consents are satisfied.

The architecture of the PPE has been designed to support secure and trustworthy data exchanges across cloud, edge, and IoT environments, while promoting data sovereignty, privacy preservation, and regulatory compliance. By combining policy-based access control mechanisms with consent management capabilities, the component enables organizations to maintain control over how sensitive data is accessed and processed across distributed infrastructures.

PPE provides a structured framework for defining and enforcing privacy and data access requirements. Indicative controls and verification mechanisms supported by the component include:

Validation of consent records before access to protected data is granted.
Enforcement of data processing policies applicable to data consumers.
Verification of consent validity and policy applicability during access requests.
Auditing and traceability of authorization and access control decisions.
Verification of cryptographic proofs associated with policies and consents.

The PPE has been designed in alignment with the principles of the General Data Protection Regulation (GDPR), supporting key requirements such as lawful processing, explicit consent management, accountability, transparency. It contributes to ensuring that sensitive data is accessed only when valid consent and an applicable processing policy exist.

Furthermore, the use of cryptographic proofs and immutable audit trails strengthens accountability by providing verifiable evidence of consent and authorization decisions throughout the data lifecycle. The adoption of blockchain-based evidence storage, rather than storing personal data directly on-chain, supports privacy-preserving processing practices while facilitating regulatory compliance across distributed cloud, edge, and IoT environments.

PPE integrates with the broader CyberNEMO security ecosystem through the CASB. When a data consumer requests access to protected data, the component evaluates the corresponding policies and consents before authorizing the request. Authorization outcomes can be propagated to other platform components, enabling coordinated security, governance, and compliance operations across the CyberNEMO architecture.

The component is currently under development and will contribute to the implementation of secure, privacy-preserving data sharing services compliant with applicable regulatory requirements across the CyberNEMO computing continuum. In line with the CyberNEMO open-source strategy, the PPE is released under the Apache License 2.0.

Europe’s Edge Computing Boom and the Security Gap

May 28, 2026

Europe’s digital infrastructure is being rewired. Data processing is migrating away from centralised hyperscale data centres toward the logical and physical periphery of networks — the “Edge.” This shift, often described as the evolution toward a Cloud-Edge Continuum, is no longer a future scenario: it is the present reality of Industry 4.0, the Internet of Things, and autonomous systems that simply cannot tolerate the latency of a round-trip to the cloud.

The numbers confirm the scale of what is happening. The European edge computing market is projected to grow from approximately €4.5 billion in 2024 to over €56.6 billion by 2033, driven by a Compound Annual Growth Rate exceeding 31%.To put that in perspective, this is one of the fastest-growing technology segments on the continent, outpacing most of the broader digital economy.

Yet behind these extraordinary growth figures, a structural problem is forming — one that CyberNEMO was built to address. While infrastructure investment accelerates, cybersecurity spending is not keeping pace. Security budgets are actually forecast to drop to 10.9% of overall IT spend in 2025 (Figure 1), even as the threat landscape intensifies.

*Figure 1. The average security budget as a percentage of IT spending had been growing steadily until this year.* *Chart: CFO.com Source: IANS Research and Artico Search*

ENISA’s own reporting confirms the picture: EU organisations spent an average of €1.5 million on cybersecurity in 2024, representing roughly 9% of their total IT allocations — and even that figure is under pressure from ongoing budget cuts across the continent.The result is a widening “vulnerability deficit”: European enterprises are deploying more distributed, more exposed infrastructure with proportionally fewer resources dedicated to defending it.

This is not a marginal risk. The broader European cybersecurity market — covering cloud, endpoint, and network security — is valued at approximately €53 billion in 2024 and is expected to reach €100 billion by 2030 at a CAGR of roughly 11.2%.The gap between edge deployment speed and security investment speed is, in other words, a gap between two very large numbers — and it is growing in the wrong direction.

There is also a currency dimension that often goes unnoticed. A significant share of edge hardware and software licences is priced in US dollars, sourced from American hyperscalers (AWS, Microsoft, Google). Euro-denominated European firms are therefore exposed to exchange rate volatility on top of their infrastructure costs. This is one of the quiet drivers behind the “Sovereign Cloud” movement, pushing enterprises toward local providers like Deutsche Telekom or Orange Business whose cost bases sit in euros — and whose legal obligations sit within EU jurisdiction.

The edge is where Europe’s industrial future will be computed. CyberNEMO’s mission is to ensure it is also where it will be secured.

Partner Spotlight: SPACE Hellas

May 22, 2026

1. Company Profile and Evolution

Founded in 1985, SPACE Hellas has evolved from a pioneering network service provider into a leading international Digital Integrator and Value-Added Solutions Provider. With nearly 40 years of sustainable growth, the company holds a dominant position in the high-technology arena, designing and supporting complex ICT, Hybrid Cloud, and Security solutions for the enterprise, government, and defense sectors.

Headquartered in Athens and listed on the Athens Stock Exchange, SPACE Hellas has expanded its footprint across the EMEA region with subsidiaries in five countries. The company is distinguished by its 24/7 state-of-the-art Network and Security Operations Center (NOC/SOC) and an extensive technical support network that handles over 45,000 calls annually. This evolution is underpinned by a commitment to quality and security, evidenced by a robust portfolio of ISO certifications and over 700 vendor-leading accreditations.

2. Focus on Research and Development

Innovation is a core pillar of SPACE Hellas’ strategy. The company’s dedicated R&D Department focuses on bridging the gap between niche scientific research and commercial exploitation. With a track record of participating in and coordinating over 45 European and National projects (including Horizon Europe, H2020, and EDF), the organization actively shapes the future of the computing continuum.

Space Hellas’ R&D expertise spans several critical domains:

Cybersecurity & Cyber Defense: Leading initiatives in threat hunting, incident response, and zero-trust architectures (e.g., PANDORA, PALANTIR).
Future Networks: Expertise in 5G/6G ecosystems, satellite communications, and software-defined infrastructures.
Smart & Secure Cities: Developing AI-driven solutions for IoT, situational awareness, and critical infrastructure protection.
Space Technologies: Advancing Earth Observation and satellite payload data management.

3. SPACE Hellas Role in CyberNEMO

In the CyberNEMO project, SPACE Hellas leverages its extensive experience in security orchestration to lead the development of the Computing Continuum Access Security Broker (CASB) component. Acting as a strategic technical partner, SPACE Hellas is responsible for the architectural design and implementation of this critical security layer, which ensures protected data flows across the project’s meta-Operating System.

Beyond its technical leadership in Task 3.3, the organization plays a horizontal role in ensuring system-wide interoperability. By defining the interaction between the CASB, the Event Bus, and the Intelligent Policy Decision Making (IPDM-DSS) framework, SPACE Hellas ensures that security policies are consistently enforced across diverse pilot environments. Furthermore, the company contributes its operational expertise to the project’s validation trials, ensuring that the developed security innovations are robust, scalable, and ready for deployment in real-world critical infrastructures like energy, water, and healthcare.

CyberNEMO Releases the Network Policy Manager (CNPM)

May 20, 2026

The alpha version of the CyberNEMO Network Policy Manager (CNPM), a policy enforcement component of the CyberNEMO cybersecurity platform, developed by Synelixis SA and publicly accessible on the Eclipse Research Labs repository, undergone under initial testing and validation in the Smart Agriculture / Supply Chain pilot.

CNPM is designed for the cloud–edge–IoT continuum as it operates natively within Kubernetes, the de facto orchestration standard for containerised applications. It is based on Cilium networking layer that enables fine-grained, identity-aware security controls across distributed clusters. Each cluster in a CyberNEMO deployment runs its own CNPM instance, ensuring that policy management remains local, responsive, and aligned with the specific security posture of that environment.

CNPM provides the operators a structured, template-driven workflow for defining and enforcing network security policies. Indicative policies that CNPM can create and enforce include:

Deny-all ingress rules that block all inbound traffic to a namespace by default, enforcing an explicit allowlist model.
Least-privilege access controls that permit only the minimum necessary communication between services.
Source-based filtering, restricting traffic to specific IP ranges or trusted origins.
Port-level controls, limiting exposure to only the protocols and ports a service legitimately requires.

Policies can be generated from reusable templates, validated before deployment, and pushed directly to the cluster, reducing the risk of misconfiguration and ensuring consistency across environments.

CNPM integrates with the CyberNEMO event bus, receiving mitigation instructions from upstream platform components such as the Cloud Access Security Broker (CASB) and the Intrusion Prevention Detection and Mitigation Decision Support System (IPDM-DSS), closing the loop between threat detection and network-level response.

The module is released under the Apache License 2.0.