ICT-32-2014: Cybersecurity, Trustworthy ICT WITDOM...

ICT-32-2014: Cybersecurity, Trustworthy ICT

WITDOM

"empoWering prIvacy and securiTy in non-trusteD envirOnMents"

D7.10 – Initial Exploitation Plan

Due date of deliverable: 31-03-2016

Actual submission date: 31-03-2016

Grant agreement number: 644371 Lead contractor: Atos Spain sae (Atos)

Start date of project: 1 January 2015 Duration: 36 months

Revision 1.0

Project co-funded by the European Commission within the EU Framework Programme for Research

and Innovation HORIZON 2020, and the Swiss State Secretariat for Education, Research and

Innovation (SERI)

Dissemination Level

PU = Public, fully open, e.g. web

CO = Confidential, restricted under conditions set out in Model Grant Agreement

CI = Classified, information as referred to in Commission Decision 2001/844/EC.

Int = Internal Working Document


The work described in this document has been conducted within the project WITDOM, started in January 2015.

This project has received funding from the European Union’s Horizon 2020 research and innovation programme

under grant agreement No 64437. This work was supported in part by the Swiss State Secretariat for Education,

Research and Innovation (SERI) under contract number 15.0098.

The opinions expressed and arguments employed herein do not necessarily reflect the official views of the

European Commission or the Swiss Government.

Copyright by the WITDOM Consortium.


Editor

Elsa Prieto (Atos)

Contributors

Román Mesa (BBVA), Sauro Vicini (FSCR), Nicolás Notario (Atos), Aleš Černivec

(XLAB), Juan R. Troncoso (UVIGO), Lilian Adkinson (UVIGO), José L. Otero Pena

(UVIGO), Nathan Van de Velde (KU Leuven), Eduarda Freire (IBM).

Reviewers

Mariano Cecowski (XLAB), Francesco Alberti, Lisa Catanzaro (FSCR).

31-03-2016

Revision 1.0


Document History

Version Date Author(s) Description/Comments

0.1 2016-01-26 E.Prieto (Atos) ToC

0.2 2016-02-03 E.Prieto (Atos) All sections in chapter Introduction.

Value proposition. Rearrange exploitable items.

Initial segmentation and market analysis.

Initial SWOT.

Initial outline of commercial and non-commercial

exploitation.

Atos individual exploitation plan.

0.3 2016-02-15 E.Prieto (Atos) Exploitation methodology and relation to other project

work.

Initial segmentation.

Environment P-S-T factors.

0.4 2016-03-01 E.Prieto,

N. Notario (Atos),

A. Černivec

(XLAB)

Update exploitable items: platform + components.

Competitors first draft.

FSCR, XLAB individual exploitation plans

0.5 2016-03-14 E.Prieto (Atos) Components descriptions: data masking, SC, integrity

and consistency verification, KM

Competitors: R&D projects.

IBM, KU Leuven, BBVA individual exploitation

plans

0.6 2016-03-21 E.Prieto (Atos) Version for review

0.7 2016-03-27 E.Prieto (Atos) Addressed comments from reviewers.

Update privacy metrics and primitives.

XLAB, Atos plans updated.

References added.

1.0 2016-03-31 E.Prieto (Atos) Final version for submission


Executive Summary

The objective of this deliverable D7.10 – “Initial Exploitation Plan” is to primarily approach to the

project exploitation by presenting an initial exploitation strategy that will be enforced during the

project lifetime (from March 2016 to December 2017).

Exploitation in the scope of WITDOM refers to the use of project results generally speaking.

Therefore the project acknowledges two lines of action: one line towards the commercial use of

results, and another one towards both the use of knowledge gained within the project and use of

research results that cannot be commercially exploited, but that they can provide instead additional

benefits such as development of competences or strengthen existing capabilities.

Nevertheless, the commercial focus of this document cannot be undermined. To this respect,

WITDOM exploitation strategy proposes several work lines that contribute to pave the way to the

project results adoption in a later stage of the project. These strategies focus on following a sales

lifecycle with strong emphasis on prospecting potential customers (both external to the project and

within the WITDOM partners’ business units), contacting them, and promoting the key features of

WITDOM, which can be summarized as follows:

Framework for end-to-end protection of outsourced data in untrusted environments

Effective data protection of outsourced data in untrusted domains based on a wide range of

protection mechanisms, such as anonymization, desensitization, secure signal processing

techniques, homomorphic encryption, and protection of the integrity and consistency of data.

Easy combination, orchestration and configuration of protection mechanisms to match the

end-user’s protection needs.

Compatibility with a wide range of cloud provider.

Compatibility with various service environments.

Separation of roles and access controls for protected data.

Quantitative privacy metrics and preferences for end-to-end privacy in untrusted

environments that reconciles the end-user’s data protection requirements and the data usage

requirements of the service.

Compliance with the EU data protection regulation.

The WITDOM offering distinguishes between the above mentioned exploitation lines:

Commercial exploitation Non-commercial exploitation

Software/Developments

WITDOM Platform

WITDOM components

Services built around the WITDOM

framework

Brand

Know-How

Methodologies

SPACE methodology for

requirements elicitation.

Methodology for technical

requirements formalization.

WITDOM architecture

Primitives

Privacy metrics

From the segmentation point of view, the WITDOM consortium considers as main targets Vertical

Service Providers and Managed security service providers, who are the ones providing cloud-based


security solutions to the final users: the scenario providers. In some cases, the scenario providers can

be considered as target, especially if they follow a backwards integration and take on some activities

from their security providers. The main benefits that WITDOM offer to these segments is the

availability of new, advanced, and effective protection methodologies to transition operations to the

cloud, while ensuring legal compliance with the EU regulatory framework.

These latter three users can be considered for a commercial strategy. On the border between the

commercial and non-commercial side, we have the service developers, as they will be developing

solutions for the security providers, but they can also help extending WITDOM functionality in the

future. Finally, we consider researchers as target category from a non-commercial exploitation.

The deliverable D7.10 presents a macro environment analysis, summarizing the most important

Polititical, Economical, Societal and Technological aspects that are shaping the current security

landscape. It also presents an overview of the cloud-based security market, which is expected to have

a positive increase in CAGR of 15.7% from 2014 to 2019. This growth is mainly due to two factors:

the increase of moving operations to the cloud, and the reliance on MSSP to cover the security and

privacy requirements.

Cloud-based encryption services is the segment of this market with higher growth prospects. Some

vendors to watch in this area include CipherCloud, CloudLock, Elsatica, HP Voltage, Perspecsys,

Protegrity, or Vaultive. Nonetheless, for the sake of comprehensiveness, the deliverable also includes

an overview of PETs and some R&D projects that are closely related to WITDOM’s objectives and

functionalities.

Finally it is important mentioning that this initial exploitation plan reflects the current status of the

technological developments. At the time of release, the platform and most WITDOM components are

still under development, and technical decisions must be taken in the following months, which will

have a significant impact in the current exploitation plan. This explains why this deliverable focuses

mainly on the value proposition, segmentation and market analysis, while other business factors, such

as the distribution strategy, are tentative ideas to be considered in the future, and other, such as the

business models, are not totally defined. These questions will be solved in the future version of this

document, the deliverable D7.11, which is expected to contain the final description of a WITDOM

business model.


Contents

Executive Summary ............................................................................................................................... 4

1 Introduction .................................................................................................................................. 9

1.1 Purpose of the document .......................................................................................................... 9

1.2 Relation to other project work ................................................................................................. 9

1.3 Structure of the document ...................................................................................................... 10

1.4 Glossary adopted in this document ........................................................................................ 11

1.5 Acronyms used in this document ........................................................................................... 12

2 WITDOM value proposition ...................................................................................................... 14

2.1 What is WITDOM? ............................................................................................................... 14

2.1.1 Problem statement ........................................................................................................ 14

2.1.2 The problem statement scenario ................................................................................... 14

2.1.3 The WITDOM framework ........................................................................................... 15

2.2 WITDOM exploitable items .................................................................................................. 15

2.2.1 Software/Developments ............................................................................................... 17

2.2.2 Services ........................................................................................................................ 23

2.2.3 Knowledge .................................................................................................................... 23

2.2.4 Brand ............................................................................................................................ 27

3 Market Analysis .......................................................................................................................... 28

3.1 Initial segmentation ................................................................................................................ 28

3.2 Environment analysis ............................................................................................................. 29

3.2.1 Political-Legal .............................................................................................................. 29

3.2.2 Economic ...................................................................................................................... 32

3.2.3 Societal ......................................................................................................................... 33

3.2.4 Technological ............................................................................................................... 35

3.3 Competitors ............................................................................................................................ 37

3.3.1 Overview of the cloud-based security services market ................................................ 37

3.3.2 Commercial competitors .............................................................................................. 38

3.3.3 PETs ............................................................................................................................. 41

3.3.4 R&D projects ................................................................................................................ 42

3.4 SWOT .................................................................................................................................... 44

3.4.1 Strengths ....................................................................................................................... 44

3.4.2 Weaknesses .................................................................................................................. 44

3.4.3 Opportunities ................................................................................................................ 45

3.4.4 Threats .......................................................................................................................... 45

4 Exploitation strategy ................................................................................................................... 46

4.1 Overall exploitation strategy .................................................................................................. 46

4.1.1 Commercial exploitation .............................................................................................. 46

4.1.2 Knowledge Exploitation (non-commercial) ................................................................. 46

4.1.3 Roles and responsibilities ............................................................................................. 47

4.1.4 Marketing ..................................................................................................................... 47

4.1.5 Distribution Strategy .................................................................................................... 48

4.1.6 Business impact drivers ................................................................................................ 49

4.2 Individual exploitation plans ................................................................................................. 49


4.2.1 ATOS ............................................................................................................................ 50

4.2.2 UVIGO ......................................................................................................................... 52

4.2.3 KU Leuven ................................................................................................................... 53

4.2.4 FSCR ............................................................................................................................ 54

4.2.5 IBM .............................................................................................................................. 55

4.2.6 XLAB ........................................................................................................................... 56

4.2.7 BBVA ........................................................................................................................... 56

5 Conclusions and next steps ......................................................................................................... 58

6 References .................................................................................................................................. 59

List of Figures

Figure 1. WITDOM roadmap ................................................................................................................ 9

Figure 2. Exploitation strategy ............................................................................................................. 10

Figure 3. The problem statement scenario ........................................................................................... 15

Figure 4. Outline of WITDOM outcomes ............................................................................................ 16

Figure 5. WITDOM initial architecture ............................................................................................... 25

Figure 6. Share of Total Global R&D spending .................................................................................. 32

Figure 7. Top challenges holding back Cloud projects ........................................................................ 35

Figure 8. Verticals top 3 priorities ....................................................................................................... 36

Figure 9. Forecast for Cloud-based Security Services Market ............................................................ 38

Figure 10. WITDOM supply chain ...................................................................................................... 48

Figure 11:Atos commercial exploitation models ................................................................................. 51

Figure 12. FSCR exploitation lines ...................................................................................................... 54

List of Tables

Table 1. WITDOM offering per exploitation line ................................................................................ 16

Table 2. List of WITDOM components ............................................................................................... 18

Table 3. Template for components description .................................................................................... 18

Table 4. Component: Anonymization .................................................................................................. 18

Table 5. Component: Data masking ..................................................................................................... 19

Table 6. Component: SSP .................................................................................................................... 20

Table 7. Component: SC ...................................................................................................................... 20

Table 8. Component: Integrity and Consistency Verification ............................................................. 21

Table 9. Component: KM .................................................................................................................... 21

Table 10. Component: E2EE ............................................................................................................... 21

Table 11. Component: broker .............................................................................................................. 22

Table 12. Component: PO .................................................................................................................... 22

Table 13. Component: IAM ................................................................................................................. 23

Table 14. List of methodologies developed in WITDOM ................................................................... 24

Table 15. WITDOM architecture fiche ................................................................................................ 25

Table 16. Initial segmentation .............................................................................................................. 28

Table 17. PEST analysis ...................................................................................................................... 29

Table 18. Commercial competitors ...................................................................................................... 38

Table 19. Competitors: PETs ............................................................................................................... 41


Table 20. Delivery channels ................................................................................................................. 48

Table 21. Individual exploitation plans................................................................................................ 49


1 Introduction

1.1 Purpose of the document

This deliverable D7.10 – “Initial Exploitation Plan” aims at presenting the initial exploitation

strategy and plans for the main results coming from the project WITDOM. All consortium partners

contributed to this deliverable, expressing their exploitation interests according to their own

organizations’ strategical interest.

To understand the exploitation approach of WITDOM, it is necessary to read the definition below in

the glossary about what it is understood by exploitation. According to this definition, exploitation

refers to the use of results of the project generally speaking. This definition does not mention a pure

commercial meaning, thus opening the scope of application of results at different levels and in

different domains. This leads to both commercial and non-commercial exploitation, as described in

the strategy in Chapter 4. While exploitation is more related to taking results to the market, non-

commercial exploitation (also noted as knowledge exploitation) is more related to the effective use of

knowledge, know-how, methodologies or standards.

Nevertheless, the commercial aspect of exploitation cannot be undervalued. Therefore, the approach

adopted for this document is taken more from the commercial perspective than for the commercial

one, in order to pave the way for adoption of WITDOM project results.

1.2 Relation to other project work

This deliverable D7.10 is produced as part of the activities of Work package 7 – “Dissemination,

Communication, Exploitation and Standardisation”. It is a public document which will be made

available on the project website for those stakeholders interested in the dissemination plan of the

WITDOM project. This document will be revised and updated at the end of the project (December

2017 – M36), in the deliverable D7.11 – “Final Exploitation Plan and Reporting”.

The exploitation methodology chosen for WITDOM acknowledges the roadmap of the project, which

drives the technological build of the WITDOM framework, the main objective of the project. The

deliverable D7.10 is released in M15 (March 2016), when only the first milestone of the project,

called “Requirements and Methodology”, has been reached (this happened in December 2015, M12).

The second project milestone, “Common architecture”, will be achieved in M20 (August 2016),

which denotes that the technological solution will be still under design at the time of submission of

the D7.10. This explains why at the submission time of this deliverable, part of the offering cannot be

fully completed, and why it should be later refined in D7.11 (due in M36). Moreover, the technical

discussions will result into decisions that will dramatically affect the final value proposition of

WITDOM, which makes this deliverable preliminary.

Figure 1. WITDOM roadmap

Requirements & Methodology

Common architecture

Preliminary toolset & platform

Use-case architectures

Preliminary prototypes

Prototypes evaluation

Final prototypes & platform

Year 1(M01-M12)

Year 2(M13-M24)

Year 3(M25-M36)

M15D7.10

M36D7.11


Figure 2 depicts the exploitation methodology proposed in WITDOM until the end of the project.

This consists of five steps:

1. Identification of those project items (tangible and intangible outcomes) that can be subject for

exploitation.

2. A market analysis.

3. Definition of an exploitation strategy, considering the commercial and non-commercial

aspects of the project. D7.10 considers a holistic view of WITDOM, comprising all

exploitable items, but recognizes that each single item could be exploited in a stand-alone

way.

4. Proposal of an action/marketing plan.

5. Development of (a) business case(s).

This deliverable D7.10 only covers steps from 1 to 3, considering the project roadmap and

acknowledging the status of technical developments. Each step is collected in the main chapters of

the document, as indicated in the following subsection. The exploitation strategy proposed in D7.10

will be enforced during the project span, which is expected to produce some project impact on both

the commercial and non-commercial lines. The enforcement of this strategy will also serve to sense

the target segments and collect feedback that can be used as inputs for the follow-up deliverable

D7.11. This new deliverable D7.11 will be based on more mature and validated results, which will

help us to develop a more advanced exploitation plan. D7.11 will cover the last steps of the

methodology, steps 4 and 5, which will end-up with a final business case.

Figure 2. Exploitation strategy

1.3 Structure of the document

This document is structured in three major chapters, corresponding to each phase of the exploitation

methodology steps 1-3:

Chapter 2 presents WITDOM value proposition, as well as information about the different outcomes

from the project that can be exploited by the consortium from both a commercial and non-

commercial.

Chapter 3 presents a market analysis, identifying which are the driving forces in the environment by

means of a Political – Economic – Societal –Technological (PEST) analysis (the macro environment


where WITDOM is placed), identifying the main competitors in the market (the microenvironment),

and producing an initial segmentation (WITDOM target users).

Finally Chapter 4 presents the overall exploitation strategy for the project, as well as the exploitation

plans to be executed by the WITDOM partners during the project.

1.4 Glossary adopted in this document

Business Model. The concept of the business model in the literature on information systems

and business refers to ways of creating value for customers, and to the way in which a

business turns market opportunities into profit through sets of actors, activities and

collaboration.

Cold calling. It is defined as the solicitation of business from potential customer who has no

prior contact with the salesperson conducting the call.

Exploitation. The utilisation of results in further research activities other than those covered

by the action concerned, or in developing, creating and marketing a product or process, or in

creating and providing a service, or in standardisation activities.

Framework (privacy and security framework). System abstraction in which tools and

algorithms can be instantiated in order to provide privacy and security guarantees.

Freedom to Operate. It is the ability to proceed with the research, development and/or

commercial production of a new product or process with a minimal risk of infringing the

unlicensed intellectual property rights (IPRs) or tangible property rights of third parties.

Horizontal market. A horizontal market is a market in which a product or service meets a

specific need of a wide range of buyers across different sectors of an economy.

OpenSource. A copyright licence that allows for the access and use of certain source code,

with varying grades of freedom of usage for commercial purposes and requirements of

sharing the resulting solution’s code.

Privacy-preserving and security toolset. A set of libraries comprising privacy-preserving

building blocks, privacy and anonymity tools and cryptographic primitives designed for

protecting data in distributed or outsourced environments.

Privacy-preserving building block/primitive. Algorithms, protocols and techniques that can

be applied to enhancing the privacy of the to-be-protected signals and data, by concealing

them from adversaries.

Pull strategy. A pull strategy involves motivating customers to seek out your brand in an

active process.

Push strategy. A push strategy involves taking the product directly to the customer via

whatever means, ensuring the customer is aware of your brand at the point of purchase.

Sales Cycle. A sales cycle is the series of predictable phases required to sell a product or a

service. Sales cycles can vary greatly among organizations, products and services, and no one

sale will be exactly the same. However, identifying the key steps and stages improves

efficiency and can speed up the process of on-boarding new sales hires. For simplicity we will

consider five phases: prospect - contact - offer - negotiation – closing.

System Readiness level (SRL). It is an index of maturity applied at the system-level concept.

It is a function of individual Technology Readiness Levels (TRLs) and the maturities of the

links between them, based on a scale of integration readiness levels (IRLs).

Technology Scouting. Identification of technology developments and the facilitation of the

sourcing of technology.

Technology Readiness Level (TRL). The TRL scale is a metric for describing the maturity

of a technology. The scale consists of 9 levels. Each level characterises the progress in the


development of a technology, from the idea (level 1) to the full deployment of the product in

the marketplace (level 9).

Time to market. It is the length of time it takes from a product being conceived until its

being available for sale.

Toolkit. In the context of software development, a toolkit is a set of software common

development tools, including, sample code, technical notes and other documentation that

allows the creation of applications for a certain platform.

Untrusted environment. Environments where a stakeholder cannot directly control or fully

verify the underlying hardware, software or people accessing it, being vulnerable to malicious

attacks. Examples of such environments are the Internet or public clouds.

Valorisation. Use, for socio-economic purposes, of the results of research financed by public

authorities. It represents society's direct and indirect return on the public sector's investment

in research and development.

Vertical market. A vertical market is a market in which vendors offer goods and/or services

specific to an industry, trade, profession, or other group of customers with specialized needs.

Examples of vertical markets are Financial Services (Banking), Healthcare or Energy.

1.5 Acronyms used in this document

AGPL Affero General Public License

API Application Programming Interface

ATOS Atos Spain sae

BBVA Banco Bilbao Vizcaya Argentaria

BSD Berkeley Software Distribution

CAGR Compound Annual Growth Rate

CESL Common European Sales Law

DoA Description of Action

DSM Digital Single Market

DX Digital Transformation

Dx.y Deliverable number y corresponding to WP number x

E2E End to end

E2EE End to end encryption

EIM Exploitation & Innovation Manager

EU European Union

EUIPO European Union Intellectual Property Office

FBI Federal Bureau of Investigation

FCSR Fondazione Centro San Raffaele

FPE Format-Preserving Encryption

FS Financial Services

GBU Global Business Unit

GDP Gross Domestic Product

GDPR General Data Protection Regulation

HE Homomorphic Encryption

HSM Hardware Security Module

IAM Identity and Access Management


IaaS Infrastructure-as-a-Service

IBE Identity based encryption

IBM IBM Research Gmbh

ICT Information and Communication Technologies

IdP Identity Provider

IoT Internet of Things

IT Information Technology

JVM Java virtual machine

KM Key Management

KPI Key Performance Indicator

KU Leuven Katholieke Universiteit Leuven

MSSP Managed security service provider

PaaS Platform-as-a-Service

PEST Political, Economic, Socieal and Technological

PET Privacy Enhancing Technique

PhD Philosophiae Doctor

PINQ PrivacyIntegrated Queries

PO Protection Orchestrator

PVT Protegrity Vaultless Tokenization

R&D Research & Development

SaaS Software-as-a-Service

SC Secure Computation

SME Small and Medium Enterprise

SP Service Provider

SPACE Security and PrivAcy CodEsign

SRL System Readiness Level

SSP Secure Signal Processing

SWOT Strengths, Weakness, Opportunities and Threats

TRL Technology Readiness Level

US United States

UVIGO Universidad de Vigo

VSP Vertical Service Providers

WaaS WITDOM as-a-Service

XLAB XLAB razvoj programske opreme in svetovanje d.o.o


2 WITDOM value proposition

2.1 What is WITDOM?

2.1.1 Problem statement

Although the cloud environment is not the only untrusted computing environment to be considered, it

is in fact the one with major uptake in the last years thanks to its low entry-cost and its scalability

features, making available unbelievable computation power at a price never before imagined. These

days it seems like everything is happening “in the cloud”.

Services and infrastructures for the Cloud are being developed with maximum openness in mind,

commonly providing a service without locality, pre-defined legal policies or risk context. Businesses

and public institutions alike are realizing that security properties may be business critical when their

information is maintained and managed in the Cloud, whereas for individual end-users there is a

slower consciousness building process that these properties may be of individual benefit.

There is a huge variety of scenarios in which it is mandatory to ensure that operations are executed

according to some security specifications, so that no adversary can manipulate their execution, their

inputs or outputs (verifiability). Further, these security requirements can be expanded so that they

also include privacy aspects: no adversary, including the devices executing the computations, should

be able to extract any information from the inputs, outputs or from the processing itself. In an even

more advanced case, the algorithm itself could be required to be secret and not accessible except by

their owners (e.g., a complex financial forecasting algorithm). These three requirements, ). These

three requirements, i.e., lack of data tampering, privacy of the data, and privacy of the algorithms and

procedures used to manipulate the data, can be considered three levels of trusted or secure computing

requirements.

From the very moment that data is being processed by external third parties, new security challenges

arise; data must be protected not only from access by unauthorized agents, but also from the parties

that perform processing and storage, which are not necessarily trusted.

Therefore the main goal is to allow the externalization of heavy-computation tasks, minimizing its

costs1 while aiming to achieve at least the same level of privacy attained when the computation takes

place in a fully trusted environment.

2.1.2 The problem statement scenario

The problem statement scenario is considered in Figure 3, showing two trust domains. The trusted

domain is shown on the left. On the right, the untrusted domain, where services and data may be

exposed to attacks, data leaks, and so on. The distinction between “trusted” and “untrusted” domains

occurs according to the views, assumptions, and policies determined by a so-called end user of

certain applications. This scenario is well represented by hybrid cloud environments, with a mix of

on-premises, private cloud, and third-party, public cloud services, and orchestration between the two

platforms.

All applications that run on behalf of end users (the IT department particularly) are hosted by the

trusted domain. Applications can be deployed in the trusted domain with light and standard

protection mechanisms, and they may benefit from application-specific services in the trusted

domain.

1 We will not analyze costs in this document since we are still in a preliminary phase of the project. More insights about

cost analysis and related KPIs will be discussed in future documents, e.g., D2.3.


Figure 3. The problem statement scenario

2.1.3 The WITDOM framework

WITDOM is a framework for end-to-end (E2E) protection of outsourced data in untrusted

environments, for example the (public) cloud.

WITDOM provides:

Effective data protection of outsourced data in untrusted domains based on a wide range of

protection mechanisms:

Anonymization of data before its outsourcing to an untrusted domain that guarantees

the privacy of the datasets.

Desensitization of data that needs to be outsourced to an untrusted domain.

Processing operations on protected data and signals in an untrusted domain based on

secure signal processing techniques, which prevents the disclosure of the sensitive

information while it is being processed in the untrusted domain.

Processing operations on protected data in an untrusted domain based on

Homomorphic Encryption (HE), which protects the confidentiality while it is being

processed in the untrusted domain.

Protection of the integrity and consistency of data outsourced to an untrusted remote

storage, and detection and proof of unauthorized modification and loss of data stored

in the untrusted domain.

Easy combination, orchestration and configuration of protection mechanisms to match the

end-user’s protection needs.

Compatibility with a wide range of cloud provider.

Compatibility with various service environments.

Separation of roles and access controls for protected data.

Quantitative privacy metrics and preferences for end-to-end privacy in untrusted

environments that reconciles the end-user’s data protection requirements and the data usage

requirements of the service.

Compliance with the EU data protection regulation.

2.2 WITDOM exploitable items

WITDOM will deliver the following outcomes according to three different levels aligned with the

project objectives (defined in the deliverable D1.4): general outcomes, practical level, and


implementation level, as indicated in Figure 4. These levels represent the degree of abstraction or

tangibility of results: from the end-to-end security framework to the generic results that instantiate

the general outcomes towards the application in the project scenarios (eHealth and Financial

Services).

Figure 4. Outline of WITDOM outcomes

The project results can also be categorised by nature into:

Knowledge. This category comprises the project know-how (mainly contained in deliverables

and papers), methodologies, architecture, and primitives.

Software/developments. This category refers to tangible outcomes, namely the WITDOM

platform, toolkits, prototypes.

Services. The word “Service” refers to the traditional meaning of IT services. These are future

services offered around WITDOM, which aim at improving customers' effective use of

WITDOM solutions and to provide in-depth customized assistance.

Brand.

The following sections describe broadly the different exploitation items. Table 3 categorizes these

project results according to the commercial and non-commercial exploitation introduced in section

1.1, which will be later expanded in section 4.1.

Table 1. WITDOM offering per exploitation line

Commercial exploitation Non-commercial exploitation

Software/Developments

WITDOM platform

WITDOM components

Services built around the WITDOM

framework

Brand

Know-How

Methodologies

SPACE methodology for

requirements elicitation.

Methodology for technical

requirements formalization.

WITDOM architecture

Primitives

Privacy metrics


2.2.1 Software/Developments

This category comprises all tangible outcomes, listed in the following sections, that make up the

WITDOM framework.

2.2.1.1 Platform

The Generic platform is a core component offered by WITDOM. It provides a modular framework

capable of adding new services as modular blocks. It consists of an administrative dashboard and

cloud orchestration service. The administrative dashboard talks with cloud orchestration service via

RESTful API, and provides means to deploy the core services within the trusted or untrusted domain.

The cloud orchestration service is built on top of Cloudify [7] and it is used to manage core

WITDOM components: Broker, Protection orchestrator, Identity and access management component,

and Key management service. Each request originating from the user application will be handled by

the broker service that will redirect the request towards specific WITDOM protection component.

This can be seen as a pipeline of requests originating from the application and routed by the broker

towards the suitable components able to handle the request.

WITDOM toolkit consists of prototypes of protection components (the component are listed below).

Each component features an obfuscation technique in order to protect data and algorithms in terms of

data privacy and security outsourced to the untrusted domain. The protection component applies an

obfuscation technique to a request originating from the user application via the generic platform’s

core components. Prototypes will be packaged into self-contained easily exploitable micro-service

that could easily be deployed using agile approaches (such as using vagrant and/or docker

technologies).

The WITDOM platform and the prototypes will be developed, integrated and demonstrated, making

it to the SRL level 3. Moreover, in the validation phase of the pilots the integrated solution will

achieve operational capabilities, aiming at providing tangible results based in practice.

Service model that WITDOM is targeting is combination of Infrastructure and Platform as a Service

(IaaS/PaaS): the platform has capabilities to provision core and protection components via API

offered by the WITDOM generic platform. Using Cloudify the platform will offer automation of the

deployment and management of the services of higher degree of control over usual application stack

(e.g. not restricting of a specific version of web servers, rather to modified, WITDOM-specific

services). Moreover, since the cloud orchestration component will be capable of addressing trusted

and untrusted domain, WITDOM will address hybrid cloud deployment model.

2.2.1.2 Components

This section provides a description of those components that are part of the WITDOM solution. The

list of components refers to the initial architecture provided in the deliverable D4.1- “Preliminary

specification of an end-to-end secure architecture” [5] , which will be refined in the deliverable D4.2

– “Final specification of an end-to-end secure architecture” (due in August 2016). This means that

new components can appear in the following version, which will modify the current list.

Table 2 provides the initial list of components2.The first column indicates the type of component

considered, whether this is a specific protection component, or it has a supporting role (core

components). The second column provides the name of the component, as mentioned in D4.1. The

third column provides the expected level of maturity for each component, measured by the

Technology Readiness Level (TRL) scale. Finally the fourth column provides the expected license

for each component, as it is necessary to identify the Intellectual Property Rights (IPRs) per partner

2 In D4.1 there are other elements called “Application-specific elements”, which are not described as they are clients for

the mentioned components of the list.


in order to manage the potential constraints to the exploitation model, including the freedom to

operate. The symbol “*” in the table means that the component has initially a license envisaged, but it

can be reconsidered in a later stage (e.g: change the license to open source).

Table 2. List of WITDOM components

Type of

component

(as indicated

in D4.1)

List of components Current

TRL

Expected Licence Ownership

Core

components

Broker 3 Copyright* UVIGO

Protection orchestrator (PO) 2 Copyright* UVIGO,

ATOS

Identity and Access Management

(IAM)

5 Open source, BSD

licence

XLAB

Key Management (KM) 7 Open source* XLAB,

ATOS

Protection

components

Anonymization component 2 Copyright* UVIGO

Data masking component 3 Patent IBM

Secure signal processing component

(SSP)

3 Copyright* UVIGO

Secure computation component (SC) 4 Open source KU Leuven

Integrity and consistency verification 3 TBD IBM

End-to-End Encryption (E2EE) 5 Open source XLAB

Each component is described by means of the following table, which indicates the meaning of each

field:

Table 3. Template for components description

Functionality Short description of component functionality.

Market Target Target user of the component. The initial segmentation is provided in

section 3.1

Independency Dependencies with other WITDOM components to provide its

functionality. Level of independency to operate.

Availability Point of access to the component release, URL if available.

Licencing Open source, patent, type of licence.

Ownership Partners involved in the component development.

Component manager Leading owner. Contact person.

TRL Current Technology Readiness Level

2.2.1.2.1 Anonymization

Table 4. Component: Anonymization

Functionality It allows protecting data in order to preserve the identity of users and the

value of their sensitive attributes while maintaining the utility of data. The

component offers different anonymization algorithms, allowing to select in


a flexible way the most appropriate scheme for each application and

scenario.

Market Target End-users of multiple sectors (e.g., banks and hospitals in the case of

WITDOM scenarios), security providers, service developers, and

researchers.

Independency The anonymization component requires communication with the protection

orchestrator and the storage service. From the component perspective it is

assumed that these components will be deployed also within the trusted

domain and will offer high availability guarantees. However, as the

anonymization component offers a RESTful API it can also be used as a

standalone component in other scenarios.

As the component is developed in Java, there are no further dependencies

regarding the execution environment (only a JVM is required). This

guarantees the service independence from the operating system (Linux or

Windows) and distribution.

Availability The component is still not available, it is under development.

Licencing Copyright (subject to revision).

Ownership Gradiant/UVIGO

Component manager Lilian Adkinson Orellana ([email protected])

TRL 2

2.2.1.2.2 Data Masking

Table 5. Component: Data masking

Functionality The data masking component is used to desensitize data that needs to be

outsourced to an untrusted domain, in a way that data can still be used for

the original purposes. The component offers dynamic updates so that

whenever a masking key is updated, only new data sets have to be

outsourced, and previously masked data are updated in the untrusted

domain without privacy compromise, i.e., without re-identification of the

user. Security features such as irreversibility of masked data, referential

integrity and unlinkability between data that have been masked with

different keys are enforced.

Market Target End-users from multiple sectors.

Independency The component makes use of the Key Management component in order to

get access to masking keys and updating values. The E2EE component is

also required in order to send updating values over to the untrusted

domain.

Availability Not available yet.

Licencing Patent

Ownership IBM

Component manager Eduarda Freire ([email protected])

mailto:[email protected]


TRL 3

2.2.1.2.3 Secure Signal Processing (SSP)

Table 6. Component: SSP

Functionality This component is in charge of efficiently performing secure signal

processing operations on protected data and signals (encrypted, obfuscated,

split or a combination thereof) in an untrusted environment, by preventing

the disclosure of the sensitive information while it is being processed in the

untrusted domain. Therefore, the main element of this component is

located in the untrusted domain, while the trusted-domain part manages the

pre-processing operations (secret share, encrypt or garble circuit) of the

inputs and the post-process of the results (join or decrypt).

Market Target End-users of multiple sectors, security providers, service/application

developers.

Independency The SSP module can autonomously work on data to perform low-level

tasks related to protection/protected processing/disclosure as a Service

through a RESTful API. Within WITDOM architecture, it relies on the

Protection Orchestrator and a common storage. The core of the component

is developed under C/C++, and will be cross-compiled for several

architectures.

Availability Still under development

Licencing Copyright (subject to revision)

Ownership UVIGO

Component manager Juan Troncoso ([email protected])

TRL 3

2.2.1.2.4 Secure Computation (SC)

Table 7. Component: SC

Functionality Performs a subset of the required operations in the WITDOM domain on

the encrypted domain, homomorphically.

Market Target Cloud Computing Providers

Independency For those functionalities that can be fully performed in the encrypted

domain, i.e., homomorphically, it is independent from other WITDOM

components.

Availability Not available yet. Software library will be publicly available (url will be

provided), hardware will be provided as a blackbox.

Licencing Software will be open source. Hardware will be offered as a blackbox

component.

Ownership KU Leuven COSIC

Component manager Sujoy Sinharoy ([email protected])

TRL 4

2.2.1.2.5 Integrity and Consistency Verification


Table 8. Component: Integrity and Consistency Verification

Functionality Protects the integrity and consistency of data outsourced to an untrusted

remote storage (e.g. commodity remote storage services). In particular,

this component targets applications where multiple users collaborate on

outsourced data.

Market Target Cloud storage user with strong security requirements in terms of integrity

and consistency.

Independency Depends on a remote storage system such as OpenStack Swift.

Availability TBD

Licencing TBD

Ownership IBM

Component manager Marcus Brandenburger ([email protected])

TRL 3

2.2.1.2.6 Key Management (KM)

Table 9. Component: KM

Functionality Secure provisioning, management and storage of secrets (e.g. private keys,

certificates, passwords). The component can connect with security

appliances (i.e. Hardware Security Modules - HSMs) in order to provide a

higher level of security and with cryptographic back ends using KMIP

standard.

It has a plugin mechanism that allows extending the component so support

standard and non-standard secret generation.

Market Target Security providers, service/application developers, end-users of multiple

sectors.

Independency It depends on the IAM to control access to the secrets

Availability Under development.

Licencing Open source*

Ownership XLAB, Atos

Component manager Aleš Černivec ([email protected]), Nicolás Notario

([email protected])

TRL 7

2.2.1.2.7 End-to-End Encryption (E2EE)

Table 10. Component: E2EE

Functionality The data sent to the cloud provider is beforehand locally encrypted on the

client’s machine. By that confidentiality and integrity is enforced to the

data provided by the client. With complementary components (Auditor

and Remediation system) write-serializability and read-freshness can be

enforced.




Market Target Cloud storage providers.

Independency Depends on the cloud storage system used within the platform. Swift cloud

store is planned to be used with the prototype.

Availability http://www.specs-project.eu/solutions-portofolio/e2ee/

Licencing Open source, AGPL

Ownership XLAB

Component manager Aleš Černivec ([email protected])

TRL 5

2.2.1.2.8 Broker

Table 11. Component: broker

Functionality The purpose of the Broker is to isolate the applications and other

components of the infrastructure from the network topology and

location.

Market Target The market target for this module is the hybrid cloud community. The

movement of peak load charges or data between different environments,

trusted and untrusted needs to address some issues like location, external

access management, and data security.

Independency The broker depends on other three modules: Deployment manager, IAM

module and PO. Deployment manager provides the services’ information

needed by the broker to relay the received requests properly. The IAM

module provides the authentication for the application requests in order

to authorize their access. The PO is the module in charge of the

operations oriented to the data protection if it needs to be transferred to

an untrusted domain.

Availability The component is still not available, it is under development.

Licencing Copyright (subject to revision).

Ownership Gradiant

Component manager José L. Otero Pena ([email protected])

TRL 3

2.2.1.2.9 Protection Orchestrator (PO)

Table 12. Component: PO

Functionality This component parses the protection configuration of an application and

applies it by building the requests to the protection components deployed

in the trusted domain of WITDOM and calling them for protecting the

input data before being sent to the untrusted domain, and disclosing the

results after a service finished.

Market Target Service/Application developers, researchers, WITDOM end-users.

Independency The PO receives requests from the broker and interacts with the protection

components of WITDOM through a RESTful API. It depends on the

protection components and an adequate configuration to fulfil the final

protection functionalities.


Availability Still under development

Licencing Copyright (subject to revision)

Ownership UVIGO/Atos

Component manager Juan Troncoso ([email protected])

TRL 2

2.2.1.2.10 Identity and Access Management (IAM)

Table 13. Component: IAM

Functionality ConSec is an implementation of a federated identity management solution

enabling access to protected web resources via untrusted network (public

internet). The framework is capable of bridging different identity domains,

“federation” means that potentially multiple identity providers (IdPs) and

multiple service providers (SPs) are separate entities.

Market Target Cloud service providers (CSPs).

Independency The framework consists of several components that are dependent of each

other, e.g. OAuth2 Authorization Server, IdP, Auditing service.

Availability https://github.com/consec/ConSec

Licencing Open source, BSD licence

Ownership XLAB

Component manager Aleš Černivec ([email protected])

TRL 5

2.2.2 Services

Services are intangible assets of the project, as they are capabilities that could create new revenue

streams for individuals and/or organisations. WITDOM does not offer services at the time of release

of this deliverable, but these can be included in the final offering, as value that can contribute to

differentiate the offering. The following services are considered:

Training services: IT analysts belonging to service providers (see also section 3.1) could be

provided with training to be able to deploy WITDOM framework into their operational

environments of influence. This would eliminate the frustrating trial and error that often

accompanies deployment, as well as maximize the utilization of WITDOM key features. Any

insight into encryption, PETs, and protection orchestration, could be of great, generic value

and benefit to the security community at large. Such training could help provide target users

with better insight and understanding of the application of data protection via WITDOM

framework.

Configuration/customization services: The adaptation of WITDOM to a specific context, such

as a new customer environment could be offered as service. Partners of WITDOM are in

principle able to offer customisation services for a client or a security vendor depending on

the requirements.

Both categories could be offered in remote or on-site versions.

2.2.3 Knowledge

Apart from developments there are other kinds of results in WITDOM that can be exploited (used),

mostly in a non-commercial way. What follows is a list of such results.


2.2.3.1 Know-How

Under this category the following outputs can be mentioned:

Project deliverables. Public deliverables are available for the target audience at the project

website. http://www.witdom.eu/deliverables

Project publications. WITDOM publications, mainly research papers, follow a Green Open

Access, this is they are freely available through either the project website or an open access

repository, which is linked from the project website. http://www.witdom.eu/publications

Video- and audio-recordings from workshops and discussions. They are accessible from the

project website.

2.2.3.2 Methodologies

During the first project stages, WITDOM has applied two methodologies related to the requirements

elicitation from scenarios and the formalization of technological requirements. They are shortly

described in the Table 14.

Table 14. List of methodologies developed in WITDOM

Methodology Description Creator Target user Level of

dissemination

SPACE

(Security and

PrivAcy

CodEsign)

SPACE is a new methodology for

requirements elicitation that combines

the PRIPARE project [41]

methodology for Privacy and Security

by Design with the Co-Creation

Methodology, which targets the

innovation and the deployment of

tomorrow’s eServices by involving the

users directly in their creation process.

The SPACE methodology provides a

way for involving and engaging the

end-users in the elicitation of privacy

and security requirements supported

by concrete tools.

ATOS,

FSCR

Researchers Public (D2.1)

Available on

the project

website.

Requirements

formalization

process.

This methodology helps to formalize

user requirements into technological

requirements. User requirements are

expressed in a fashion that cannot be

directly used as input for any technical

design. Hence, it is necessary to map

these high-level requirements into

concrete technological requirements

that can actually be fulfilled by the

developed technologies, and that can

be validated within the project.

UVIGO Researchers and

secure

systems/services

designers and

developers

Public (D3.1)

Available on

the project

website.

2.2.3.3 Architecture

The WITDOM architecture represents the design of the WITDOM end-to-end security framework.

The architecture aims at conceptualizing a flexible end-to-end framework, which not only forms the

basis for securing the use-case applications provided by the scenarios, but also serves as a foundation


for protecting many further applications that use remote untrusted services. Figure 5 presents an

overview of the initial architecture, provided in the deliverable D4.1. Table 15 provides some

characteristics of this preliminary architecture.

Figure 5. WITDOM initial architecture

Table 15. WITDOM architecture fiche

Functionality WITDOM architecture

Market Target Research

Level of dissemination The initial WITDOM architecture is explained in the confidential

deliverable D4.1 (delivered in December 2016), but will be refined and

upgraded in the public deliverable D4.2 - Final specification of an end-to-

end secure architecture (due in August 2016). The deliverable D4.5 will

also include a preliminary specification of the adaptation layer for cloud

computing.

Characteristics The WITDOM architecture possess the following characteristics:

Service-oriented architecture

Flexible design

Modular: The architecture assembles several building blocks

Architecture allows end users to develop their own applications

The WITDOM architecture does not rely on a specific deployment

model or service environment.


2.2.3.4 Primitives

UVIGO designs and develops secure signal processing primitives, which will be published in

scientific conferences and can be of independent interest for the development of advanced secure

processing algorithms. The value of these primitives is oriented towards knowledge exploitation;

those commercially valuable primitives will be packaged in the toolkit and the components as part of

WITDOM’s architecture.

The first contribution of KU Leuven – COSIC to the WITDOM primitives will be to design and

implement the Recryption Box, which will be used to speed up the bootstrapping procedure in the

hommorhic domain. The recryption box can be instantiated in three different ways. In the first and

simplest way, the recryption box will work as an HSM service of the cloud. In this setting the HSM

will contain the public/private key pair of the user. To clean an encrypted data, the cloud will send

the masked data to the HSM service and then the HSM will perform a decryption followed by an

encryption. Note that in this type of instantiation there will be one HSM per user. In the second type

of instantiation, the HSM will contain its own public/private key pair. This instantiation uses the key

switching concept of recent homomorphic encryption scheme: encrypted data under users’ public key

will be converted into encrypted data under the recryption box’s encrypted data. The third

instantiation uses Shamir’s secret sharing concept. In this setting the cleaning of encrypted data will

be done by a set of HSMs handled by different parties. This instantiation is the strongest in terms of

security. The second contribution of KU Leuven – COSIC will be the WITDOM C++ crypto library,

which will be used for aiding computations in the untrusted environments. It will support

homomorphic encryption functionalities, including a neural network with backpropagation and other

computations suitable for large encrypted datasets so that data processing can be done in the cloud

without decrypting them. KU Leuven will publish the research results in scientific conferences and

journals. We will aim mainly towards knowledge exploitation, but also both primitives will be

included in the components toolkit of WITDOM’s architecture.

IBM's contributions to WITDOM primitives are twofold: First, the design of provable secure data

masking schemes, which features updates of masking keys. These schemes produce identifier-

specific tags which cannot be linked back to the identifier, and are unlinkable across epochs, i.e., two

tags produced for the same identifier, but with different masking keys, cannot be related to each

other. Second, the design of efficient integrity and consistency verification schemes with particular

focus on collaboration applications. That is, applications where multiple users collaborate on a shared

resource located in an untrusted environment (e.g. online file sharing and online text editor). These

schemes will enable end users (e.g. enterprise customers) with strong security requirements (e.g. in

terms of integrity) to employ collaboration applications in untrusted environments, such as the Cloud.

IBM aims at publishing the results of the research in these topics in relevant scientific conferences

and journals; also to discuss them in workshops in the area of privacy-enhancing technologies and

cloud security. Furthermore, IBM intends to expand expertise in these areas in order to incorporate in

solutions for customer projects.

2.2.3.5 Privacy metrics

WITDOM’s design and assessment methodology comprises the use of novel privacy metrics for

evaluating the fulfilment of the privacy-related requirements for the developed primitives and

systems. WITDOM’s metrics allow for a qualitative assessment of the achieved privacy levels, which

enable more accurate and effective system evaluation and privacy-by-design practices. Additionally,

some of the metrics are specifically related to the two application scenarios, and they can be applied

to systems dealing with genomic and financial data. These metrics will be made available for the sake


of knowledge exploitation through the corresponding WITDOM public deliverables and scientific

publications.

2.2.4 Brand

The project brand could be considered as an intangible asset. It is worthy differentiating the project

brand, used during the project execution, from the final brand to commercialize the solution. The

current brand is built on the project logo and the identity it projects. However in a final commercial

solution it can be advisable to separate its identity from the project identity.

In a first analysis, the WITDOM brand is clearly distinctive and fanciful but not descriptive therefore

it would not be rejected for such registration. The NICE class would be 42 - IT security, protection

and restoration. In a first search in the European Union Intellectual Property Office (EUIPO)[8] there

was no result for any registration under that label.

http://tmclass.tmdn.org/ec2/search/ajaxSearch?language=en&text=virus&size=25&page=1&searchMode=WORDSPREFIX&officeList=EM&showOnlyMasterOrRep=false&sortBy=relevance&niceClass=42&taxoConceptNodeId=1529094&taxoNodeLevel=1

http://tmclass.tmdn.org/ec2/search/ajaxSearch?language=en&text=virus&size=25&page=1&searchMode=WORDSPREFIX&officeList=EM&showOnlyMasterOrRep=false&sortBy=relevance&niceClass=42&taxoConceptNodeId=1529094&taxoNodeLevel=1


3 Market Analysis

3.1 Initial segmentation

For this first exploitation deliverable the initial segmentation considers the type of targets WITDOM

would address. This considers the following categories:

Vertical Service Providers (VSPs). A VSP delivers IT services and solutions that are

purposely designed, built, delivered and addressed for a vertical market, for example

Healthcare and Financial services. In WITDOM two options are identified:

The scenario service provider, this is the IT departments of scenario providers. In the

WITDOM project this role is represented by FSCR for the eHealth scenario and by

BBVA for the Financial Services scenario, who could adopt WITDOM solutions to

improve the security and privacy of their services.

Managed service providers. Scenario owners have the option to out-task some or all of

their operation tasks and retain control of the rest, even if the equipment is physically

located at the provider’s site. In some cases, the operation could be fully managed by

the service provider.

Managed security service provider (MSSPs). A MSSP is a type of service provider that

provisions remote software/hardware-based information or network security services to an

organization. MSSPs can also be VSPs, but in this category we adopt a more general vision,

as they refer to providers that can deliver to different verticals. In the WITDOM project, this

role is represented by Atos, or better said, its internal business units/transfer lines who could

adopt the WITDOM solutions to provide a better offering to its customers, belonging to

different verticals.

Service developers. Application, component and/or integration developers that have access

to WITDOM items.

Researchers. This refers to any organisation, group, initiative or individual conducting

research related to the security field, in particular to the research areas that lie within the

WITDOM scope: Privacy Enhancing Techniques (PETs), Practical Homomorphic

Encryption, Secure Signal Processing (SSP), Verifiability and Integrity, as well as Legal

Framework. This category comprises universities (including Master and PhD students),

research institutes, information security labs, or similar R&D projects.

Table 16. Initial segmentation

Segment WITDOM value

Vertical Service Providers WITDOM solution allows an effective protection of sensitive

data before its outsourcing to the untrusted domain, where

multi tenants can operate. Protection of data is achieved by

advanced crypto and PETs technologies developed by

WITDOM. This facilitates the transition of operations to the

public cloud while remain compliant with the EU data

protection regulation. Moreover, indirect benefits can be

achieved through end-users’ valorisation based on increased

trust in offered services.

Managed security service provider By adopting WITDOM advanced solutions, existing security

service portfolios can be enhanced, contributing to a higher

differentiation and strengthening the service providers


’competitive positioning in the market. The existence of a

wider variety of protection mechanisms allows them to produce

the best combination with respect to the application functional

and security needs.

Service developers Benefits refer to the availability of different protection

mechanisms to produce the best combination with respect to

the application functional and security needs.

Researchers By approaching WITDOM techniques and methodologies, the

research community can strengthen its technical competences

in the areas of research covered by WITDOM.

3.2 Environment analysis

This section describes the framework of macro-environmental key factors (Political, Economic,

Social & Technological f= P.E.S.T) which can drive and have an impact on the exploitation of the

solutions from the WITDOM project. Table 17 represents a summary of each aspect. The following

sections provide further information about each.

Table 17. PEST analysis

Political-Legal Economic

The Digital Single Market strategy

EU protection regulation

The EU-US Privacy Shield agreement on

transatlantic data flows.

European Cloud Computing Strategy

Eurozone Economy recovery

Dynamic growth of R&D investment in

2016

Societal Technological

Privacy is becoming a value to which

customers will respond

Shortage of IT professionals

Reliance and trust on technology

Attitude towards workplace

Cloud as technological core

Hybrid cloud on the rise

Privacy- by -Design

Encryption adoption on the rise

3.2.1 Political-Legal

3.2.1.1 The Digital Single Market

On 6 May 2015, the European Commission adopted a new strategy to create a fully integrated Digital

Single Market (DSM) [9] [10] , in order to gradually bring down the remaining obstacles and move

from 28 national markets to a single one. The DSM strategy aims to open up digital opportunities for

people and business and enhance Europe's position as a world leader in the digital economy.

The DSM strategy comprises a mix of legislative and non-legislative initiatives, centred on three

pillars involving 16 actions to be delivered by the end of 2016. The pillars are: (i) improving access

to digital goods and services for consumers and businesses, (ii) creating the conditions for digital

networks and services to prosper, and (iii) maximising the growth potential of the digital economy.

In particular, the initiative #14 -”Free flow of data” addresses the following actions by the

Commission, as it is summarized in the DSM document: “The Commission will propose in 2016 a

European ‘Free flow of data’ initiative that tackles restrictions on the free movement of data for


reasons other than the protection of personal data within the EU and unjustified restrictions on the

location of data for storage or processing purposes. It will address the emerging issues of ownership,

interoperability, usability and access to data in situations such as business-to-business, business to

consumer, machine generated and machine-to-machine data. It will encourage access to public data

to help drive innovation. The Commission will launch a European Cloud initiative including cloud

services certification, contracts, switching of cloud services providers and a research open science

cloud.”

The DSM is still under a public consultation process aimed at gathering views and opinions on the

restrictions faced by users, consumers and businesses when they access or provide information, shop

or sell across borders in the European Union [11] , and it is expected that the results of the

consultation are soon made publicly available. The results of this consultation may complement the

challenges identified in the present white paper as they collect the points of view from consumers,

businesses, national authorities at all levels and interested organisations about major restrictions and

issues for cross-EU services and data.

3.2.1.2 The European Data Protection Regulation

In December 2015, the European Union agreed the draft text of the new European Data Protection

Regulation [12] . The aim of the new regulation is to harmonise the current data protection laws in

place across the EU member states. It will replace the current Data Protection Directive [13] (known

as the Directive 95/46/EC), and will be directly applicable in all Member States without the need for

implementing national legislation.

Even though the new data protection regulation is expected to come into force in the first half of

2018, it is also believed to have an immediate impact as it contains some onerous obligations. The

new regulation expands on the wording of Directive 95/46/EC and it is more specific,

comprehensive, and strict. It imposes new regulatory requirements such as data residency, data

breach detection and notification, encryption and data deletion policies, which have a significant

impact with regard to security and the cloud.

Moreover, the new regulations, while strong on EU citizens’ data protection, are intended not to

hamper business and to encourage growth in the European data economy. As a matter of fact the new

regulation contributes to the implementation of the DSM, as it facilitates business by simplifying

regulatory requirements companies across member states. At the same time the implementation of the

DSM can only be built on trust. With solid common standards for data protection, citizens can be

sure they are in control of their personal information.

3.2.1.3 The EU-US Privacy Shield

With the new Data Protection regulation, companies outside the EU will need to start thinking

through compliance with the General Data Protection Regulation (GDPR). Unlike the EU Data

Protection Directive (“EU Directive”), the GDPR will apply to processing by a data controller or a

data processor not established in the European Union if the processing activities are related to the

offering of goods or services to EU data subjects, as well as to profiling of EU data subjects’

behaviour while subjects are in the EU.

Safe Harbor was the name of an agreement between the United States Department of Commerce and

the European Union that regulated the way that US businesses could export and handle the personal

data of European citizens. The goal of Safe Harbor was to provide a single set of data protection

requirements for transferring data across the borders of countries that joined the Safe Harbor group.

Under the Safe Harbor Decision, if companies self-certified compliance with the “safe harbor

principles,” the EU assumed that there was adequate protection of personal data. In October 2015, the


European Court of Justice reversed the Safe Harbor agreement because it does not adequately protect

consumers in the wake of the Snowden revelations.

At the beginning of February 2016 The European Commission signed off on a new data transfer

agreement with the US to substitute the old Safe Harbour agreement. The new EU-US Privacy Shield

[14] reflects the requirements set out by the European Court of Justice in its ruling on October 6th

2015, which declared the old Safe Harbour framework invalid. The new arrangement will provide

stronger obligations on companies in the US to protect the personal data of European citizens and

stronger monitoring and enforcement by the US Department of Commerce and Federal Trade

Commission, including through increased cooperation with European Data Protection Authorities.

3.2.1.4 The European Cloud Computing Strategy

In September 2012, the European Commission adopted a strategy for”Unleashing the Potential of

Cloud Computing in Europe” [15] . The strategy outlines actions to deliver a net gain of 2.5 million

new European jobs, and an annual boost of €160 billion to the European Union GDP (around 1%), by

2020. The strategy is designed to hasten and stimulate the use of cloud computing across all

economic sectors.

The strategy includes three key actions: (i) Safe and Fair Contract Terms and Conditions, aiming at

developing model contract terms that would regulate issues not covered by the Common European

Sales Law (CESL) [16] , such as data preservation after termination of the contract, data disclosure

and integrity, data location and transfer, or ownership of the data, among others; (ii) cutting through

the jungle of Standards, fostering interoperability, data portability and reversibility; (iii) establishing

a European Cloud Partnership[17] bringing together industry and the public sector to work on

common procurement requirements for cloud computing in an open and fully transparent way.

3.2.1.5 US tech companies shielding data from government.

The application of cryptographic countermeasures increased quite a lot in the last years, and many

companies are considering introducing strong techniques for obfuscating their customers’ data. As an

example, in September 2014[18] , Apple introduced new encryption into its iPhone operating system

that would make it mathematically impossible for the company to unlock them for investigators. This

was a departure from the past, when US government investigators could get access to a device under

the provisions of a search warrant. Apple’s shift was in response to increased digital privacy concerns

and distrust of America’s digital spies following revelations from the Snowden’s case. Since then, the

US agency FBI has been trying to figure out a way around the software.

Apple and the US government want to set a legal precedent about where digital security ends Valley

shadowboxing. Speculation and national security begins after nearly two years of hearings, open

letters and Washington-Silicon has already begun about how far both sides are willing to go in

appealing unfavourable rulings.

For Apple, this is a battle that extends well past one iPhone. Apple sells a lot of things – 74.7m

iPhones in the last quarter, for example – but its biggest selling point these days is privacy. Cook has

made clear the fight for privacy is in some ways a personal one. He has spoken out on the importance

of civil rights on numerous occasions and is fundamentally committed to protecting his customers’

right to privacy.

The outcome of this particular fight will impact the business decisions of every other major tech

company when it comes mobile devices, Internet services and apps. People who value their privacy

above anything else will continue to use encrypted devices, even if these gadgets aren’t iPhones. On

top of that, they’ll ensure they install encrypted apps on these devices, adding extra layers of

protection. If the FBI does establish a precedent by defeating Apple, people who want to hide from


law enforcement agencies will find and use gadgets and services made by companies that aren’t

based in the US, and that won’t be subjected to a similar court battle.

3.2.2 Economic

3.2.2.1 Eurozone recovery continues

A recent report by Focus Economics [19] shows that the Eurozone economy grew gradually in the

last quarter of 2015, continuing the modest pace of recovery seen in the previous quarter. The

Eurozone economy picked up pace last year as healthy consumption led to a 1.5% increase in gross

domestic product (GDP), the strongest growth seen since 2011. Eurozone GDP improved 0.3%

quarter-on-quarter in Q4, which matched Q3’s pace of growth.

The conditions that led to last year’s recovery remain largely in place and the economy is expected to

record another healthy expansion in 2016. Q4’s expansion likely came on the back of solid domestic

data while the external sector is expected to have performed slowly. Consumption continues to be

propelled by low inflation, an improving labor market as well as by favorable financing conditions.

On the other hand, sluggish external demand—particularly from emerging economies—is likely to be

keep the Eurozone recovery stuck in a low gear and poses one of the main challenges to the growth

outlook going forward.

Analysts see a growth of 1.6% in 2016, and looking forward, the Eurozone economy is expected to

maintain that pace of growth in 2017 and is seen increasing 1.6%.

3.2.2.2 Dynamic growth of R&D investment in 2016

The 2016 Global R&D Funding Forecast by R&D Magazine [20] exposes that global R&D

investments will increase by 3.5% in 2016 to a total of $1.948 trillion in purchasing power parity

values for the more than 110 countries having significant R&D investments (more than $100

million). As in preceding years, the growth in global R&D investments is being driven by spending

in Asian countries, particularly in China. Asian countries account for more than 40% of all global

R&D investments, with North American investments less than 30% and European R&D only slightly

more than 20%.

Figure 6. Share of Total Global R&D spending

(Source:R&D magazine)

Much of the R&D growth in a country is driven by that country’s economic growth, measured by the

GDP. As documented by the IFM, GDP growth has small increase for European countries.

Sixteen of the European Union’s 28 member countries are included in the report’s Top 40 R&D

investing countries in the world. Three of the Top 10 R&D investing countries include Germany,


France and the U.K., with 2016 R&D forecasts of $109.25 billion, $60.05 billion and $45.54 billion,

respectively. Their R&D/GDP ratios are 2.92%, 2.26% and 1.78%, respectively. Germany is the

leading country in Europe for economic power, GDP ($3.741 trillion forecast for 2016), R&D,

industrial R&D and manufacturing production, technical paper publishing and patents.

When comparing US R&D to European R&D, US is considered superior in overall R&D, but not in

R&D quality, productivity, basic and applied research, development and R&D trends. When

comparing the top companies in the world with regard to R&D, the comparisons are close to equal

with 19 of the Top 50 corporations in the world being in Europe, 19 in the US and 12 in Asia.

In the US and Europe industrial R&D accounts for the largest share of each country’s total R&D

investments. R&D magazine forecasts a dynamic growth for 2016, with the ICT industry R&D

spending increasing by 5.5% to $204.5 billion.

Some technologies are expected to change the most over the next three years by 2018. There are no

surprises here, just a continuing technological progression with information technologies (IT) and

nanotechnology leading the way, followed by Software Analysis, Software Simulation, Big Data and

Virtualization.

3.2.3 Societal

3.2.3.1 Privacy is becoming a value to which customers will respond

Privacy is becoming a value to which customers will respond. Customers are changing their

behaviour because they do care about privacy. Despite the apparently different approach to privacy to

EU, this is also coming true in the US, where a 33% of online adults have canceled a transaction due

to privacy concerns. Actually the TRUSTe/National Cyber Security Alliance US Consumer Privacy

Index[22] found that 92% of US internet users worry about their privacy online, and the top cause of

concern is companies collecting and sharing their personal information, , even though only 3 in 10

Americans understand how organization share their personal data. For businesses, privacy should be

a major worry, as 89% of those users surveyed say they avoid companies who do not protect their

privacy and 74% say they have limited online activity due to privacy concerns.

Recent studies, such as “Predictions 2016: The Trust Imperative For Security & Risk Pros” [23] by

Forrester Research, suggest that public concern into online privacy issues will reach a tipping point in

2016. This will force Governments, and private companies to take much stronger measures to ensure

the privacy of their users. The study indicates that organizations usually make the mistake of thinking

that privacy is only about meeting compliance and regulatory requirements at the lowest possible

cost, while it is about time to recognize the importance of better customer relationships built on trust.

Businesses that collect, store and use people’s data are most at risk of appealing hackers and

regulatory oversight. Data brokers also stand to suffer the most when consumers decide to prioritize

privacy over convenience, something that is already beginning to shape online behavior as consumers

attempt to protect themselves from privacy abuses or identity theft.

3.2.3.2 Shortage of ICT specialists

According to a report issued by Eurostat in early 2016 [22] , there are almost eight million ICT

specialists employed in the EU in 2014, representing 3.7% of total employment. This profession is

largely made up of men, accounting in 2014 for more than eight ICT specialists out of ten employed

in the EU (81.9%). The fraction of women working in this segment of the labour market in the EU-28

has shrunk since 2005, to 18% in 2014. ICT employed mainly highly educated people, with more

than half (56.5%) of ICT specialists in the EU having a tertiary education level.

During the last decade, ICT specialists employment in the EU-28 has resisted the effects of the

downturn and of uncertainty on global labour markets, and remained on an upwards path. Growth in

https://www.truste.com/resources/privacy-research/ncsa-consumer-privacy-index-us/



the employment of ICT specialists averaged 4% over the period 2006-2014, more than twelve times

higher than the average growth rate for total employment over the same period. In 2014, ICT

specialists in the EU were mainly employed in the United Kingdom (1.49 million persons), Germany

(1.47 million) and France (0.91 million). These countries accounted for almost half of all ICT

specialists employed in the EU in 2014.

Over recent years, both the number and the share of ICT specialists in total employment have

incessantly increased to better adapt to an ever digitalized and connected world. However, almost

40% of enterprises, which recruited or tried to recruit ICT specialist, had hard-to-fill vacancies in

2014.

3.2.3.3 Reliance and trust on technology

The concept reliance means that our society cannot function any longer without the use of

technological devices. This includes smartphones, debit and credit cards, computers, and the Internet,

among others. They are confident that with that technology at hand anytime, anywhere, they can face

any challenge that might arise in their daily lives. Internet of Things (IoT) will be, alongside

mobility, transformative of daily life. Our ability to interact with objects could be altered remotely

based on immediate or present needs, in accordance with existing end-user agreements. Our trust in

technology has already profoundly changed our personal behaviours.

Society also relies on the technology to do more and more for us: nowadays almost anything can be

managed from a smartphone or tablet if and when required. The multitude of apps available covers

the diversity of needs that could pop up during the day.

While new technologies can enhance lives and streamline the way we do business, regrettably there

are individuals and entities who will attempt to exploit them to do harm. Thus trust, privacy, and

security are becoming pressing issues as more and more people, irrespective of their IT expertise,

become interconnected via the Internet and the amount of available personal and sensitive

information increases. To overcome these challenges, new technologies are needed to make security

and privacy aspects more approachable to society, in order to either increase their knowledge and

awareness on the risks when using the technologies or to ease the use of these technologies in a

reliable manner.

Another key aspect to building trust is the capability to adjust the functioning and properties of ICT

to individual preferences, which comes together with the concept of usability.

3.2.3.4 Changing attitude towards work(place)

Attitudes relating to work (work-life balance) and the workplace seem to be shifting, especially in the

‘advanced’ economies. This concept refers to giving individuals more control over the conditions at

work. It is also related to the physical location where work would need to be performed (home,

office, someplace else) and the way people are (or want to be) managed. This trend also makes it

possible for companies to hire talent outside their immediate geographic area, which mitigates to a

certain point the lack of IT skilled resources.

With employees working across multiple devices from various locations at any time, and

communicating with peers, partners and customers, it is important to create a seamless work

experience and distributed collaborative environments, while at the same time satisfying the

organization’s requirements for security and control, as well as meeting regulatory requirements for

data handling and confidentiality.


3.2.4 Technological

3.2.4.1 Cloud as technological core

Recent markets studies confirm that adoption of cloud computing continues at fast pace. As an

example, the consultancy company IDC predicts that by 2018, at least half of the IT spending will be

cloud based, reaching 60% of all IT infrastructure and 60-70% of all software, services, and

technology spending by 2020.

Virtually none of the other 3rd Platform technologies (big data analytics, mobile, social, IoT,

cognitive, etc.) or major Digital Transformation (DX) business initiatives are possible without the

cloud as the foundation, especially in scaled-up implementations. This means that over the next

several years enterprises will dramatically scale up their adoption of cloud services, especially those

pursuing DX strategies. By 2020, organizations' spending on cloud services (hardware and software

to support cloud services, and services for implementing and managing cloud services) will exceed

$500 billion, around three times what it is today.

This rapid shift of cloud services — from an "emerging" IT architecture to the preferred foundation

for enterprise IT and digitally transformed businesses — has important implications for IT and

business leaders.

Despite the increasing maturity of both cloud users and cloud providers, there are still some factors

that hold back a full transition to the cloud. According to a survey by the Cloud Security Alliance,

security remains the top barrier to cloud adoption with a 73%, as indicated in Figure 7. This refers to

security of data, which includes privacy aspects. Other studies [27] suggest that the concern about the

lack of IT resources and expertise is increasing and could supplant soon security as the largest

challenge to address.

Concern about regulatory compliance, with 38%, is also an important factor. As a matter of fact, the

passage of the EU Data Protection Legislation will have a significant impact on IT spend. Figure 8

shows the top three priorities per vertical. Regulatory compliance and protection of sensitive data

appear are systematically represented for most verticals, including Healthcare and Finance, who are

represented in WITDOM.

Figure 7. Top challenges holding back Cloud projects

(Source: Cloud Security Alliance)


Figure 8. Verticals top 3 priorities

Health care is widely adopting cloud-based services to exchange medical, financial and related

sensitive data across Health Care Information Exchange networks, rural health collectives, and large

cloud service providers specializing in pharmaceutical, radiology, billing and other areas of specialty

traditionally outsourced by health care organizations. Research and consulting firm Markets and

Markets reports that, globally, 32% of health care facilities surveyed are using cloud applications. Of

those not yet migrating to the cloud, close to 75% are considering doing so over the next three to five

years.

With regard to the Financial Services, both the Cloud Security Alliance [24] and ENISA [25] indicate

that the financial sector is still in the early stages of cloud adoption. Infrastructure flexibility, reduced

total cost of ownership, and shortened time to market are just some of the top reasons to move to the

cloud. According to CSA, a majority 61% of financial institutions is developing a cloud strategy

within their organization, where mutual strategies use a mix of private, public, or hybrid cloud

environments. The exact deployment models companies took are correlated to the maturity of their

cloud strategies. ENISA indicates that almost 88% of EU Financial Institutions are by now using

cloud based services before June 2015, and 81% were aware these were cloud-based and their

implications. In approximately 1 out of 4 organisations consulted, there were business units using

cloud based services without the involvement of the respective IT department (“shadow IT”).

3.2.4.2 Hybrid cloud on the rise

As the cloud computing market continues to grow, enterprises are exploring different cloud models in

search of the right balance of functionality, flexibility and investment protection. The adoption of

hybrid cloud is gradually gaining momentum amongst enterprises, and in the coming years, this

cloud delivery model is expected to go mainstream. The major point of differentiation for hybrid

cloud is the flexibility it provides to the client, to adopt either a public cloud or private cloud, based

on the applications and data they want to run or store in the cloud. According to a recent survey by

RightScale [27] , Hybrid cloud is the preferred strategy. The use of hybrid cloud environments has

grown to 71 percent, up from 58% in 2015.

For sectors such as financial services and government, the hybrid cloud model makes the most sense,

as there is more concern with the security and integrity of the data stored in the cloud; however,

enterprises looking for economies of scale will also achieve high value to cost ratios by deploying a

hybrid model.


Over the coming years, many different versions of the hybrid cloud are expected to evolve, including

virtual private clouds, such as a private cloud on top of a pubic cloud, i.e. AWS’s VPC, and a shared

private cloud or community cloud.

In addition, vendors are also looking to provide multiple cloud offerings in a hybrid model, such as

the combination of IaaS, SaaS, and PaaS. Analysts note that the concept of multiple cloud models is

set to gain momentum in the coming years, with most cloud vendors and cloud brokers providing a

bundled solution, integrating PaaS to IaaS and SaaS.

The other factor driving the demand for hybrid cloud solutions is that most enterprises that have

opted for public or private cloud solutions from multiple vendors, are finding it tough to effectively

track their resources and investment and achieve expertise in every cloud solution that they have

deployed. Consequently, these organizations are set to move towards a hybrid cloud environment that

will enable them to simplify their private-public cloud mix by procuring that solution from a single

hybrid cloud solution provider.

3.2.4.3 Privacy-by-design

For companies that are making use of cloud services, there are two areas to consider. The first is the

responsibility for ensuring that third parties are measuring up to their promises around security and

data privacy. This should be outlined in any contract between the organisations, as well as being

audited on a regular basis. The second element is how cloud-based security services can be used to

track status of devices and implementation of updates to ensure that the organisation's vulnerability

management strategy is enforced. The second option is an organization shift towards “design

thinking”, which implies a closest look into the users’ needs. It requires embed privacy standards into

technology and the product design process from the start.

3.2.4.4 Encryption adoption on the rise

According to the recent Ponemon Institute's “2016 Global Encryption Trends Study” [28] ,

commissioned by Thales e-Security and Vormetric Data Security, there has been a big leap in the

number of organizations using encryption across the enterprise. 41% of respondents indicated that

encryption is adopted extensively in their organizations, which represents an increase from 16% in

2005. Nevertheless, a 15% of respondents indicated that their organizations have no comprehensive

strategy for encryption.

Encryption adoption depends on the industry: financial services and healthcare are the biggest users

of encryption, because of regulatory pressures. The manufacturing and consumer products industries

are the least like to adopt encryption.

As with most security technology adoption, compliance is a big factor driving encryption. More than

60% of respondents say compliance with privacy and security rules are the main reason they are

adopting encryption across the organization, while compliance with internal policies (15%) and

avoiding a data breach disclosure (8%) ranked much lower.

One of the biggest hurdles to encryption is the residency of sensitive in today’s “borderless” network

(57% of respondents). Initial deployment of encryption and identifying which data to encrypt are

other factors that impedes encryption.

3.3 Competitors

3.3.1 Overview of the cloud-based security services market

WITDOM is a security and privacy solution, therefore the target market is the security market. The

on-premises security market is still growing, but the gains look meager next to the accelerating

growth of cloud-based security services. Gartner is predicting this market to hit $4.13 billion by


2017, as shown in .According to its study titled “Market Trends: Cloud-based Security Services

Market, Worldwide, 2014,” [29] . The research firm Markets and Markets expects the global cloud

security market to grow from $4.20 billion in 2014 to $8.71 billion by 2019, which represents a

CAGR of 15.7% from 2014 to 2019.

Cloud-based security is taking off as the cloud adoption is growing. For most organizations, it’s

about ease of deployment and management: cloud security solutions remove that burden and

therefore lower operating costs. This is an important reason why the MSSP market would more than

double before the end of the decade, from $14.3 billion in 2014 to $31.9 billion by 2019. The

transition of because business processes and data are moving to the cloud, it also makes sense that

security services also be cloud-based. This is called MSS 2.0.

Not only large enterprises that will be embracing MSSPs; as small and midsize businesses continue

to move to cloud, they will rely almost entirely on cloud-based security controls, many experts

predict. In fact Gartner attributed the growth of the cloud-based security market to the adoption of

these services by small- to-mid-sized business in particular.

Figure 9. Forecast for Cloud-based Security Services Market

(source: Gartner)

Certain market segments mentioned in the Gartner’s report will see higher overall sales and year-

over-year growth. Cloud-based encryption services are expected to be a “new area of growth”. But

Gartner expresses concerns, saying, “however, service providers’ relative lack of interest in cloud-

based encryption means it has remained a complex activity, requiring organizations to initiate

complex, build-your-own deployments. The strongest interest is in encryption products from cloud

security brokers, thanks to their relative ease of deployment and their options for on-premises

encryption management.” In terms of cloud-based encryption as a service, some vendors to watch in

this area include CipherCloud, CloudLock, Elsatica, HP Voltage, Perspecsys, Protegrity, or Vaultive.

3.3.2 Commercial competitors

This section tries to provide more information about some competitors indicated in the Gartner

report, considering solutions that are close to WITDOM. For each, some strengths and restraints are

indicated.

Table 18. Commercial competitors

Provider Strengths Restraints

CipherCloud

[30]

CipherCloud Searchable Strong Encryption (SSE)

delivers the benefits of the cloud, while assuring

security and.

Standard-based encryption that only you can

The kind of available

operations are text-based

search capabilities.

http://www.idc.com/getdoc.jsp?containerId=prUS24948114



unlock.

It also provides format and function preserving

techniques or tokenization.

Full search capabilities are available to work on

encrypted data (natural language and Boolean

searches, contains text, starts/ends with text)

Highly scalable distributed architecture, high-

throughput and extremely low latency

All operations over the

protected data are centralized.

Potential single point failures

or scalability must be

considered.

CloudLock

[31]

CloudLock delivers security for any cloud

application and platform, including IaaS, PaaS,

and IDaaS and orchestrates security across your

existing investments.

CloudLock is a frictionless solution that is

installed in minutes and protects cloud

applications and provides codeless security for

custom-built apps

CloudLock provides actionable cybersecurity

intelligence across an organization’s entire cloud

infrastructure

I falls under the category of

decision support,

accountability or enforcement

PETs. It identifies and aids in

remediating privacy &

compliance risks.

Provides limited protection to

personal data. It does not

diminish the amount of trust to

be placed on the cloud

provider.

Elsatica Its tool suite falls under the category of decision

support, accountability or enforcement PETs.

Elsatica’s securlets protect sensitive customer

information and data in different cloud providers.

It identifies and aids in remediating compliance

risks

It supports Risk-Based policies to identify, alert

and block transactions before data breaches occur

Elastica also provides auditing and forensic tools

to ensure adequate measures are in place and to

perform post-incident investigations across all

historical transactions for your cloud applications

and services.

Provides limited protection to

personal data. It does not

diminish the amount of trust to

be placed on the cloud

provider.

HP Voltage

[32]

HPE Security – Data Security is a leading expert

in data encryption and tokenization data security

solutions. It provides:

Identity based encryption (IBE): IBE can

use any arbitrary string as a public key,

enabling data to be protected without the

need for certificates

Format-Preserving Encryption (FPE): h

protects data fields or sub-fields while

preserving format under policy control.

The operations that will be

available over protected data

are limited (i.e. or numeric

attributes are not protected or

they will cannot be added for a

report) if must be first

unprotected.



Secure Stateless Tokenization: protects

fields such as credit cards or social security

numbers using tokenization without the

complexity of managing token databases

Stateless Key Management

It also provide secure and privacy enabling

vertical solutions such as:

HPE SecureMail

HPE SecureStorage

HPE SecureData Payments

It is the most complete tool suite. It addresses

horizontal needs (payment, storage), it provide

design tools to aid developers and a wide range of

protection mechanisms.

Perspecsys

[33]

The Cloud Data Protection Gateway is a software

solution that delivers critical data privacy and

security capabilities to users of public cloud

applications.

The Cloud Data Protection Gateway can be

deployed in a wide range of configurations with

optional server components. The core system in

the Gateway is the Server, acting as a forward or a

reverse proxy.

In addition to monitoring and reporting on cloud

use and encrypting and tokenizing data in

accordance with an enterprise’s data protection

policies, the server intelligently indexes encrypted

and tokenized data

Its gateway architecture poses

a risk towards availability and

scalability.

The operations that will be

available over protected data

are limited (i.e. or numeric

attributes are not protected or

they will cannot be added for a

report)

Close interdependence with

the protected services

Protegrity [34] Protegrity Avatar™ for delivers highly transparent

file-level AES 256 encryption and patented

Protegrity Vaultless Tokenization (PVT)

individual data elements. It provides Field/column

PVT, encryption or masking to protect data

wherever it goes.

It works both at file and database level. Its

integration with big-data platforms such as

Hadoop bridges the gap between access and

security in big data


a potential risk towards

availability and scalability.

It supports, out-of-the-box a

limited number of SaaS

platforms (box, salesforce and

xactly)

The protection offered limits

the performance of the system

and the utility of the protected

data, however, its fine-grain

policy system enables to

minimize its impact



Vaultive

Encryption

Platform for

Cloud Security

[35]

The Vaultive Cloud Data Protection Platform:

Encrypts data before it leaves the trusted

on-premises infrastructure.

Gives the data owner or a trusted third

party sole custody of the encryption keys.

Delivers a seamless experience to users.

Store and process your encrypted data

without changes to client side applications

Deploy based on your needs with an on-

premise virtual or physical appliance

Secure Hybrid (cloud + on-premise)

Exchange environments

Load-balancing and auto-failover

embedded into the product

Operations on protected data

limited to basic text-based

operations: search, sort, index

All operations over the

protected data are centralized.

Potential single point failures

or scalability must be

considered

High interdependence with the

services it protects (e.g. Office

365)

Vormetric [36] Vormetric Transparent Encryption delivers data-

at-rest encryption with

centralized key management, privileged

user access control, and security

intelligence logs to proactively meet

compliance reporting requirements for

structured databases and unstructured files

It provides tokenization, encryption and

tokenization features and out-of-the-box

integration with cloud storage solutions such as

Amazon Simple Storage Service (Amazon S3),

Box and Caringo


a risk towards availability and

scalability.

Protected data loses its utility

as no operation can be

performed unless previously

decrypted

3.3.3 PETs

Privacy-Enhancing Technologies (PETs) is a very broad product category and encompasses many

different types of technologies but with privacy as its main objective. There are PETs related to

personal data management focusing in providing data subjects with decision support, managing

consent and dealing with accountability or enforcement. Additionally, there is a whole subset of

PETs dealing with data and trust minimization that are closely related to WITDOM’s objectives and

functionalities:

Table 19. Competitors: PETs

PET Features Strengths Cautions

OpenPGP [37] Confidentiality

Integrity

Authentication

Is a decentralized and

recognized encryption

standard.

Not user friendly

Off the record

messaging Confidentiality

Perfect

forward

Message-oriented Messages do not have

digital signatures and may

be forged after a

conversation is complete.


secrecy

Authentication

Privacy

Analytics

Data de-identification Risk based methodology for

assessing thresholds for re-

identification

Record and health

oriented.

Cornell

Anonymization

Toolkit [38]

K-anonymity The suggested

anonymization process

involves utility and risk

evaluation

Record oriented

ARX [39] K-anonymity

ℓ-diversity

t-closeness

δ-disclosure

privacy

δ-presence

Differential

privacy

Generalization,

suppression,

micro-

aggregation

and

top/bottom-

coding as well

as global and

local recoding

A comprehensive software

for risk- and utility-based

privacy-preserving

microdata publishing

Record oriented

PINQ (Privacy

Integrated

Queries) [40]

Policy-based

Differential privacy

It is a trustworthy platform

for privacy-preserving data

analysis.

Record oriented. Very

specific privacy model.

The privacy model

assumes trust towards the

entity holding the data but

does not fully trust actors

accessing the data. Not

useful for outsourcing

data.

3.3.4 R&D projects

In the deliverable D7.2 a group of projects were listed, considering them as potential partners for

WITDOM. The idea of this list was seeking for technological synergies, as well as multiplying

effects of communication and dissemination, that could benefit both parties. The following list on the

contrary presents a list of projects considering them as potential competitors to WITDOM. These

R&D projects, even when listed as partners in D7.2, could position their solutions in the market

within a similar timeframe to WITDOM, becoming a direct threat. In particular it is worth

mentioning those projects belonging to the same call as WITDOM (programme H2020-EU.2.1.1,


topic ICT-32-2014 - Cybersecurity, Trustworthy ICT)3, because they address a similar expected

impact, with strong focus on security-by-design for end-to-end security and cryptography. The goal

of this section is to acknowledge the possible similarities and differences to highlight WITDOM

added value.

Within this group the project PRISMACLOUD (PRIvacy and Security MAintaining Services in the

CLOUD) [41] is the closest one in scope to WITDOM. The PRISMACLOUD project is a RIA

belonging to the programme H2020-EU.2.1.1. This project focuses on the development of methods

and tools to increase the security of cloud based services as well as technologies to increase the

privacy of users interacting with the cloud. They aim to enable end-to-end security for cloud users

and provide tools to protect their privacy by means of cryptography. WITDOM is wider in scope, as

also non-cryptographic technics are considered for the protection of outsourced data.

PRISMACLOUD focus is more on certification, third party auditing, and Composition of secure

cloud services, which is not addressed in WITDOM. In terms of validation, PRISMACLOUD will

implement three pilots to demonstrate their capabilities in the fields of smart city, eHealth, and e-

Government. The eHealth scenario is related security in long-term storage of electronic health

records, which is a scenario different to the processing of genomic data in WITDOM.

PRISMACLOUD at the same time as WITDOM and will be running in parallel until December

2017, when WITDOM finishes. A possible competitive advantage for WITDOM in terms of time to

reach market is difficult to say, as it also depends on the specific roadmaps for the both projects and

the teams’ ability to develop their solutions and go to market.

Another relevant project related to the programme H2020-EU.2.1.1 is TREDISEC (Trust-aware,

REliable and Distributed Information SEcurity in the Cloud.) [43] . TREDISEC addresses the

confidentiality and integrity of outsourced data in the presence of a powerful attacker who controls

the entire network. In addition, TREDISEC will develop security primitives support data

compression and data deduplication, while providing the necessary means for cloud providers to

efficiently search and process encrypted data. In this sense, TREDISEC cannot be considered a direct

competitor for WITDOM, because of different scopes.

Finally it is worth mentioning the project HEAT (Homomorphic Encryption Applications and

Technology) [45] , which also belongs to the programme H2020-EU.2.1.1. The HEAT project

focuses on the development of advanced cryptographic technologies to process sensitive information

in encrypted form, without needing to compromise on the privacy and security of the citizens and

organizations that provide the input data. The core technology is based on homomorphic

cryptography, which allows performing computations on encrypted information without decrypting

it. The main goal of HEAT is to produce a step change in the efficiency and applicability of this

technology. In comparison to WITDOM, HEAT focus is more reduced, as it is only addressing SHE.

HEAT, however, has a focus also on the following topics that are not in WITDOM: cryptanalysis of

underlying hard problems, implementation in SW and HW of primitives and optimizations, and

developing SHE friendly symmetric ciphers. The HEAT applications are also completely different:

smart grid, satellites and crime detection.

There are other programmes with projects that are of interest for WITDOM in terms of competition.

The first one is CLARUS (A Framework for user-centred privacy and security in the cloud) [44] , a

RIA belonging to the programme H2020-EU.2.1.1.3., a different one to WITDOM. It relies on

33

Some projects belonging to this programme has been discarded, as they are considered too far in scope for WITDOM.

This is particularly true for the projects SHARCS, more oriented to architectures, and SCISSOR, very SCADA oriented.


functionality-preserving cryptographic and non-cryptographic data protection techniques with a

special focus on preserving the benefits associated with cloud services (functionality, cost-

effectiveness, efficiency, etc.). CLARUS will implement a demonstrator on the management of

Electronic Medical Records to provide security-aware access to functionalities, which should be

backed up by a series of auditing tools. EMRs shall be securely stored in the CLARUS cloud and

appropriate privacy-preserving mechanisms should be implemented before outsourcing obfuscated

data to the cloud with preservation of functionalities.

Finally, the project CREDENTIAL [46] from the programme H2020-EU.3.7 started in October

2015. The main idea of CREDENTIAL is to enable end-to-end security and improved privacy in

cloud identity management services for managing secure access control. This is achieved by

advancing novel cryptographic technologies and improving strong authentication mechanisms.

To evaluate and validate the capabilities of CREDENTIAL tools and bring developed components to

market readiness, scenes for e-Government solutions, e-Health services and e-Business applications

will be set up.

3.4 SWOT

Based on the analysis of the macro and microenvironment (PEST and competition) and the value

proposition, this "Strengths, Weaknesses, Opportunities and Threats" (SWOT) allows identifying

where the WITDOM framework stands and its real potential.

3.4.1 Strengths

Value proposition for protection of sensitive data to be outsourced in untrusted environments

with multi-faceted approach, i.e. leverages protection mechanisms targeting different

protection requirements.

Value proposition based on advancing current best practices and the state-of-the-art

technologies.

The fact that the WITDOM solutions will be piloted in real life scenarios is a positive factor

that increases the credibility and acceptance of the proposed technologies.

The validation of the WITDOM with the support of end-users, who participates in the project,

guarantees the field orientation of the product in real world applicability.

The framework might be easily extended with additional components due to the flexibility

and modularity of the architecture, and the service-oriented approach.

The framework can be migrated to a completely different environment with ease thanks to its

architecture.

3.4.2 Weaknesses

Components show different levels of maturity. Some components need further development

before being ready for production environments. The time-to-market can be high.

As a collaboration project there is no single owner to champion the exploitation, leaving the

situation open in terms of who drives exploitation of the solution as a whole.

WITDOM is a new entrant to the considered market. This means competition is established

against consolidated players, with a more recognized brand and certain vendor lock-in.

Low brand reputation. WITDOM is currently associated to a project, not to a final solution.

The brand can benefit from the project reputation, as soon as the promising project results

come into reality.


Target users’ satisfaction to be tested. This will be addressed in a later stage of the project.

3.4.3 Opportunities

The growing market of cloud-based security services applications and the gap on privacy can

make WITDOM a reference.

Opportunities to expand the products/services portfolio – the participation in the WITDOM

project will enable the partners expand their portfolios of products/ services.

The approval of the EU data protection regulation can boost the adoption of solutions like

WITDOM.

3.4.4 Threats

Similar R&D projects on the race increases competition.

The liking for encryption and the need for more privacy may attract more competitors in the

future.

Inadequate or poor advertising may hinder the process of distributing the software product.

The project roadmap pushes the solution delivery at the end of the project, which may both

create many target users’ expectations to handle, and to arrive late in the market.


4 Exploitation strategy

4.1 Overall exploitation strategy

This section presents the initial exploitation strategy to be implemented during the project lifetime

(until M36).

The objectives of WITDOM exploitation activities are:

Funnelling of the WITDOM projects outcomes, identifying the most promising items to bring

them to the software, services and security communities for further shake up, and ultimately,

industrialization.

Paving the way for a successful industrial, commercial and/or scientific exploitation of the

project results.

Exploitation is broken down in two major lines: the commercial and the non-commercial

exploitation, as described next:

4.1.1 Commercial exploitation

This strategy refers to WITDOM products that independently constitute commercial software and

services, or that constitute part of other existing or new commercial software products and services.

In this area, there were basically two goals:

Internal exploitation, oriented to improve the product/service offering of project partners.

External exploitation, oriented to take WITDOM innovations into industry, in particular our

segments.

To achieve these goals the consortium adopted the following action lines for exploitation:

Prospects within business units of WITDOM partners to incorporate the innovations into the

existing portfolios and direct them through their product management and innovation process

management cycles. We considered here two visions:

Contacts with potential users in a market pull approach.

Development of new products or services based on WITDOM components or

techniques.

Prospects outside the project borders to transfer innovations/solutions to potential customers.

This corresponds to the sales cycle indicated in the glossary section. This would likely imply

the cycle phases of prospect and contact, probably also the offering phase. Eventually,

depending on the customer’s motivation, the complete cycle up to the closing phase could be

covered.

Participation in platforms of large industry visibility.

4.1.2 Knowledge Exploitation (non-commercial)

This exploitation line is applicable to knowledge and prototypical software products that will be

sustained through continued research. It also applies to projects and that need further work before

they are ready for the market.

In this area, there were basically two goals:

Use knowledge gained during the project to augment partners’ existing products or solutions.

Take WITDOM innovations and concepts into academia, but also to industry.

The exploitation plan covered the following action lines:


Protection of intellectual property, such as licensing agreements or patents.

Exchange research with external R&D groups and initiatives to promote WITDOM concepts,

techniques and results.

Standardization activities. This activity is reported in deliverable D7.8.

Academic opportunities in form of thematic courses or PhD opportunities.

Technology transfer actions to industry.

Technology transfer actions to new research initiatives, such as H2020 program.

Exchange of public versions of deliverables (or partial versions of deliverables when

restricted dissemination) to particular communities (advisory board, research clusters).

WITDOM branding.

4.1.3 Roles and responsibilities

The WITDOM exploitation strategy is based on experience of partners, recommendations of the

European Commission and the best practices from the area of the product management and

marketing communication. All partners of the consortium contribute to the exploitation activity, both

commercial as non-commercial. Nevertheless, three special roles can be highlighted:

The Exploitation & Innovation Manager (EIM) coordinates consortium efforts for

exploitation of the project results, and monitors the external innovation actions to align the

innovation actions at project level with impact creation. This role is played by ATOS.

The component manager, who drives the development of a particular component within the

WITDOM solution. Component managers come from UVIGO, KU Leuven, IBM and XLAB,

as indicated in the section 2.2.1.2.

The sales force, consisting of all partners’ individuals related to explore commercial

opportunities. The sales force will follow the sales cycle and its five phases: prospect, contact,

presentation of the offer, negotiation, and closing.

4.1.4 Marketing

Following the Bowman´s strategic clock, WITDOM is expected to position its strategy in product

differentiation. There are several reasons for this taking this approach:

WITDOM solution provides unique functional features with regard to its competitors.

WITDOM mainly targets educated customers able to understand the essential characteristics

and qualities of services they are purchasing.

To reach our target audience, one important aspect is the communication of the value proposition.

This refers to awareness rising about the WITDOM solution and its key features. This is much related

to the communication strategy described in the deliverable D7.2, which was aligned with the

WITDOM evolution along the project timeline. From a more commercial perspective, there are

several means to promote the WITDOM framework:

The project website (D7.1), as main access point to the project information, clearly

communicating the added value of the project.

The commercial action by the WITDOM sales force, supported by promotional material.

The project participation in trade conferences, as these events are usually very targeted.

Word of mouth. From the very beginning of the project, the co-creation methodology required

the participation of WITDOM users in the requirements elicitation phase. They are also

expected to participate in the evaluation in later stages of the project. Therefore they will


become advocates in their specific environments and drive more business in through word of

mouth.

The support of the Project Advisory Board, as multipliers. To this respect, other alliances can

be considered, as the support of related R&D projects.

4.1.5 Distribution Strategy

The distribution strategy is very dependent on the work of WP5 - A Trustworthy Privacy-preserving

Platform - Toolkit & Prototypes, which is expected to produce its preliminary results at the end

September 2016, with the availability of the design of prototypes and trustworthy privacy-preserving

platform (toolkit). This means that the development will condition part of the distribution strategy as

it is considered in this section. Nevertheless, the internal discussions at the present stage lead

WITDOM towards the following delivery models:

WITDOM as-a-Service (WaaS): WITDOM licensed on a cloud subscription basis and

centrally hosted. This option allows potential customers to take advantage of WITDOM

features without having to install and use encryption on their own.

Packages: a bundle of components for a specific functionality and key features.

Components distribution isolated.

Figure 10 represents WITDOM supply chain when considering the first categories. It shows how

WITDOM solutions (in red) relates to infrastructure provisioning (for example, a cloud provider)

towards the target users (VSPs and MMSPs), and finally to customers. Parts of this flow may be

removed depending on the delivery model. For example, in the case of packages, the infrastructure

provision arrow would make no sense.

Figure 10. WITDOM supply chain

With regard to the possible delivery channels a mix is foreseen: WITDOM will count of distribution

channels can be direct, which means selling directly to customers, but also intermediaries can be

used. The first advantage resulting from the use of a sales strategy based on intermediaries is referred

to the level of economic resources committed. This means, it is possible to reach a broader market

without being physically present at all the points of sale, so that the investment required starting to

operate decreases intensely.

The following table specifies these channels:

Table 20. Delivery channels

# Name Type Ownership

1 WITDOM sales force Direct Own channel

2 The WITDOM project website

http://witdom.eu

Direct Own channel

3 Internal transfer lines Direct/indirect Own channel/Third party

channel


4.1.6 Business impact drivers

This section presents those factors that have an impact in the effectiveness of the exploitation

strategy.

4.1.6.1 Technology readiness of the solution

The business impact of WITDOM is driven by the technology readiness of the components and the

platform. At this moment there are some components whose current TRL is rather low, though it is

expected to increase at the end of the project to reach a TRL 4-5 (as planned in the DoA). This

maturity may be not enough to go to market, and these components should enter an additional

maturation process before going to production level (TRL9), hence contributing to the exploitation of

the framework as a whole.

4.1.6.2 Licenses

At this moment, the analysis of the indicated licenses does not indicate any conflict that could

hamper the WITDOM framework commercial exploitation. The final license for some components is

still not fixed. The reason is that in some cases, the development of components is rather preliminary

for partners to define a suitable license matching their interests. In other cases the joint development

of requires a bilateral agreement about the final license of the component.

4.1.6.3 Promotion

The promotion of the WITDOM framework is instrumental for its take-up, therefore

communication/dissemination and exploitation activities have to be aligned. In this sense, the

communication activity should include:

To create awareness of the WITDOM framework.

To convey the differentiation aspects of the WITDOM solution.

To involve target users. Regular networking, lobbying activities, and participation in

platforms of high visibility can be instrumental in this sense.

To stimulate the take-up.

The communication of dissemination strategy proposed in the deliverable D7.2 suggested that this

kind of promotion would be more feasible during the so-called “Adoption Phase”, going from

January 2017 (M25) to December 2017 (M36). During the Adoption Phase, the communication

which will be not so focused on the research aspects of the project (corresponding to the

“Understanding Phase” from M7-M24), but on the final outcomes, and it is fully aligned with the last

project milestones requiring the release of WITDOM results.

4.2 Individual exploitation plans

This section provides a wider insight about the partners’ individual exploitation plans in alignment

with the exploitation lines defined in the overall exploitation strategy for commercial and non-

commercial paths. Table 21 summarizes the positioning of each partner.

Table 21. Individual exploitation plans

Exploitation

path

Action Atos UVIGO KU

Leuven

IBM XLAB FSCR BBVA

Commercial Prospects within

business units

Prospects outside the

project borders


Exploitation

path

Action Atos UVIGO KU

Leuven

IBM XLAB FSCR BBVA

Participation in

platforms

Non-

commercial

Licensing agreements

Clustering activities

Standardization

activities

Academic opportunities

Technology transfer

Exchange of public

versions of deliverables

WITDOM branding

4.2.1 ATOS

Atos is focused on business technology that powers progress and helps organisations to create their

firm of the future. Serving a global client base, Atos delivers solutions and services, across five

market sectors: Manufacturing, Retail & Services, Public Sector, Healthcare & Transports, Financial

Services, Telecoms, Media & Technology, and Energy & Utilities.

The vision of the Research & Innovation group of Atos (ARI) is mainly focused on applying the

latest research outcomes to real world situations where Atos’ clients need solutions that go beyond

what current products provide. This is the case for WITDOM, where ARI first interest is to promote

both WITDOM as a whole and specific outcomes to Atos existing portfolio. This portfolio consists of

commercial services and also assets.

In WITDOM Atos contributes particularly to the development of the PO and KM components. The

PO is interesting for Atos in order to produce a privacy broker that can be applied to orchestrate

several protection mechanisms. As protection mechanisms, we consider not only WITDOM

protection mechanisms, but also additional open source anonymization components such as ARX

[47] . The PO can also be connected to the Atos P-IAM, an Authentication, Authorization and

Auditing asset based on open source (OpenAM) implementation compatible with open standards

such as OASIS SAML. This technological asset also features privacy-preserving features that could

be orchestrated through the PO such as Atos PI-Hub, a pseudonymization component, or Atos

Awareness Service, a transparency tool and privacy dashboard.

For the KM, Atos is interested in building upon the results of the project Coco-Cloud, developed by

Atos, to extend its capabilities and adapt it to the WITDOM needs.

The ARI commercial exploitation model is depicted in Figure 11, where three possibilities are

highlighted. After an initial phase of technology scouting, identifying some exploitable outcomes and

knowledge by WITDOM, the most promising from Atos perspective are selected to be taken to the

market. The first flow represents a direct contact with final customers in order to explore commercial

opportunities. This activity will be carried out by the Atos team participating in WITDOM or by

markets representatives belonging to ARI. Considering the sales cycle this interaction consists of

prospecting potential customers, establishing a relationship with them to promote WITDOM and

recognize their need. This targets not only verticals markets in Atos, but also horizontal markets or

transfer lines. This implies a very strong market push, but at the same time some feedback can be

collected from the customers, which can be used to redefine the offering or the value proposition. If


the opportunity materializes, Atos will analyse case by case the needed exploitation agreements with

other WITDOM partners.

As the main goal for ARI is to align WITDOM results with Atos market strategy, the second flow is

preferred. In this second flow, the transfer lines can act as both, as customer and consumer of

WITDOM solutions, and as a facilitator to reach the final customer and orient the commercial action

(preventing considerably the drawbacks of cold calling). As significant transfer lines the following

can be mentioned:

Global Business Units (GBUs), which segment Atos business geographically.

Service lines. Among the services lines the cybersecurity line is one of the most promising for

WITDOM, in these three categories: information protection services, dealing with encryption

services, security consulting services, dealing with compliance, and Security Systems

Integration Services.

Vertical markets, especially (but not limited to) Financial Services, due to the close relation of

Atos to the FS pilot.

Innovation committees.

Figure 11:Atos commercial exploitation models

A third path is to apply for the ARI innovation board. The innovation board selects different solutions

or ideas according to several criteria, such as the alignment with the Atos strategy, the solution

availability, business and technology criteria. After this firs filter, a second assessment filters

according to another set of criteria, such as maturity of the solution, potential market, or

transferability. The innovation board selects those solutions with higher potential, and decides about

the most suitable way for internal exploitation towards more Atos transfer lines, including the

organization of commercial workshops or applying for internal funding to set-up commercial proof-

of-concepts or pilots with selected customers. This third path is more targeted that the previous one,

but requires a higher level of maturity of the solution, which makes it more suitable for the third year

of the project. The first and second flows are suitable for the entire project span, though the approach

needs to evolve with the development of WITDOM solutions. The three flows do not run in isolation,


but some interactions can be expected between them, as indicated with the salmon arrows. These

arrows can imply informational flows, but also a change of exploitation course when necessary.

On the non-commercial side, Atos intends to look for synergies with other research projects towards

transfer actions. An example of this kind of exploitation during the first project year was how the

methodology produced by the project PRIPARE was combined with the FSCR co-creation

methodology to create the SPACE methodology to elicit requirements in WITDOM. This is also

what Atos intends to do with Coco-Cloud.

Atos will also exploit the gained know-how through forthcoming EU research programmes (e.g.

H2020) and apply for grants in the forthcoming ICT calls.

Training actions are also expected. The expertise gained during the project can be transferred by

mean of workshops practical sessions to security teams within Atos, especially the Atos Research &

Innovation, to extend internal capabilities.

4.2.2 UVIGO

UVIGO is a university with a strong research-oriented focus and role. The main expertise and

background that UVIGO applies to WITDOM comes from the marriage of the signal processing and

cryptography areas, and a novel signal-processing-oriented approach for tackling information

security problems that aims at producing efficient cryptographic primitives working with encrypted

signals and privacy enhancing tools and analysis stemming from information theory and estimation

theory.

UVIGO will receive Gradiant’s support in the exploitation process, as it is a research centre primarily

focused on technology transfer, which acts as an active link between university and industry.

Gradiant’s main objective is helping companies to generate business and improve their

competitiveness through the transfer of ITC knowledge. Thus, the main activity of the research centre

is developing R&D projects that serve as a technology transfer mean for the partners of the projects,

or which result in the generation of new intellectual property. The complementarity of both entities

comes primarily from their position in the research-innovation chain, where UVIGO performs basic

research tasks, while Gradiant is more focused on technology transfer, IPR protection, and evaluation

methodologies for market-ready end-to-end security solutions.

UVIGO is responsible of developing four components in WITDOM: the anonymization component,

the Secure Signal Processing (SSP) component, the Protection Orchestrator (PO) and the broker. As

it is expected that these components will achieve different levels of maturity at the end of the project,

they will be exploited by different means.

The anonymization component has a relatively wide range of application, as it is envisaged as a

service that can be used whenever it is necessary to outsource personal data to an untrusted

environment (e.g., the cloud) where further analysis will be performed to extract valuable

information from the data. Even though anonymization algorithms can be applicable to different

datasets, it is important to highlight that the performance and effectiveness of the process is highly

dependent on the application that exploits the anonymized data. In WITDOM two use case scenarios

are foreseen (a financial scenario and an eHealth scenario), and each of them will require the

development of different anonymization algorithms, in order to adapt the component to their

particular requirements and needs. This adaptation process is also necessary if the component aims to

be applicable to other scenarios and use cases outside the scope of the project. As it is not possible to

develop a unique solution that covers all the possible application scenarios, UVIGO will study

different use cases and markets in which the anonymization component could be of help by offering

an added value to its users. The final objective of this analysis will be to feed the development

process of the component from the very beginning, in order to increase its applicability and

exploitability options. The anonymization component presents currently a low TRL (2) and it is

expected to evolve until TRL 4 or 5 at the end of the project. In consequence, the goal is not to obtain


a full commercial prototype during the lifecycle of the project, and further development will be

required in order to obtain a more mature solution.

The Secure Signal Processing component has also a wide range of application, as a service accessible

to protect and process outsourced data. As in the case of the anonymization component, the

developed primitives and solutions are tailored towards the two WITDOM use-cases (financial and

eHealth scenarios), and therefore its exploitation will be also targeted towards these areas. The SSP

component presents currently a low TRL (3) and it is expected to evolve until TRL 4 or 5 at the end

of the project, and be integrated in the project demonstrators as a proof-of-concept.

The Protection Orchestrator is a shared development with Atos. Its design will be based on Open

Source available developments and will be as generic as possible, so that it can be used in any

WITDOM-based architecture and ease the development of WITDOM-based applications and

services. Due to its dependence with the protection components, it cannot be individually exploited,

so its exploitation will be always tied to the exploitation of the accompanying WITDOM

components.

For the Broker commercial exploitation UVIGO expects to integrate the results in other research

projects to provide full-stack solutions in order to solve detected issues in the hybrid cloud scope.

Among these issues is the multi-cloud orchestration of services with distributed data in different

locations or branch offices, the control access to confidential and sensible information in hybrid

environments or load balancing with the last tendencies in container virtualization. It will also be

studied the added value of the broker against similar approaches so it can be compared quantitatively.

Broker can be a great solution for the market of big enterprises with hybrid cloud orchestration. Only

this kind of organizations has the required complexity to need this solution. The broker capabilities

will be shown in commercial demonstrations in order to obtain feedback to evolve new features and

to adapt it to new use cases. It will be also considered the possibility of releasing the broker code as

open source code and then UVIGO will support the production deployments through a spin-off start-

up.

Besides the mentioned commercial exploitation actions, UVIGO will also consider exploiting the

non-commercial aspects of the developed technologies, such as reusing the acquired know-how with

forthcoming research initiatives (e.g. H2020).

4.2.3 KU Leuven

The WITDOM project is allowing the KU Leuven to expand its knowledge and expertise on secure

data processing in Cloud computing. The prime interest of KU Leuven as an academic partner is to

publish research results in high ranking international conferences and to earn reputation and

publication credit points with our conference contributions. An intended impact of these scientific

publications is that they will attract interested industry stakeholders and follow-up projects are likely

to happen.

For KU Leven–COSIC, the research and technology development work carried out in WITDOM

further develops its experience and the competences of the researchers as well as increases the

visibility reached by scientific publications. Our work in WITDOM is useful to improve education

and teaching of students, allowing courses and seminars to be taught with current technology and

research results.

Specifically, the secure computation component currently under development involves both software

and hardware production. We aim to publish all research advances in high ranking conferences but

also to use this tool to demonstrate to industry and academia what is currently possible to be done for

secure computation using homomorphic techniques. The development of a dedicated hardware

component will further enable us to demonstrate to industry the feasibility of performing secure

computation in the cloud, potentially attracting companies interested in commercially or individually


exploiting our results. Lastly, all our research outcomes can potentially be subject to standardisation

activities as new standards or parts of existing, currently underway standardisation efforts.

For KU Leuven–CiTiP it is an excellent opportunity to gain international acknowledgment and

renown as a leading centre with expertise on the legal aspects of data processing. Within WITDOM,

CiTiP places specific focus on the legal constraints and privacy issues arising from the processing

and storing of personal data in untrusted environments and the application of the current European

Data Protection Directive (95/46/EC). In view of the regulatory reform and the expected adoption of

the General Data Protection Regulation mid-2016, CiTiP will look to assess the newfound

requirements and obligations and clarify these. A selected number of privacy issues such as defining

the applicable law in cloud computing environments and obtaining valid (informed) consent, are

being focused on. CiTiP - K.U.Leuven intends to ensure that the solutions developed by WITDOM

are socially acceptable in terms of civil liberties and the fundamental right to privacy. CiTiP-

K.U.Leuven interests lies with the analysis of the role of the law in the definition of technical

requirements and the translation of (evolving) legal obligations/requirements into technical solutions.

To that effect, the research will result in recommendations for the design of the system but also for

the further development of legislation and policy in this area. WITDOMs results will be disseminated

towards society by publishing in (scientific) journals and contributing to conferences.

4.2.4 FSCR

Figure 12. FSCR exploitation lines

e-Services for Life and Health is the ICT research and innovation unit of Fondazione Centro San

Raffaele (FCSR) and its third party the San Raffaele Hospital (OSR). Business model of this unit is

based on the translation of hospital and market’s demand into innovative services through research

projects in order to build strength prototypes (TRL4 to TRL7) able to be exploited in different

context. Main outputs of a research project should be described as:

Knowledge and know how: able to generate revenues through consultancy activity and able to

support and stimulate the production of new proposal for other EU grants

Assets and patents: In the WITDOM case, the main asset will be the prototype of the

Laboratory Information Management System specialized in genomic application.

This software will be able to exploit the WITDOM platform in order to solve the issues related to

storage and computing, using public cloud as a secure and privacy compliant infrastructure. In order


to transform the prototype into a product an engineering activity will be planned after the end of the

project, exploiting FCSR’s ecosystem in order to deploy this new software into the OSR’s genomic

laboratory and understand how is possible to port it other similar laboratories.

Thanks to the WITDOM project, e-Services for Life and Health, during this first year of the project,

was able to improve their requirements elicitation methodology, adding privacy-by-design techniques

and enhancing its coCreation process. This result, called SPACE process is the output of the

collaboration with other partners, ATOS in particular, which represent the industrial side, and can

guarantee the business attractiveness of this methodology.

4.2.5 IBM

IBM Research – Zurich, the European branch of IBM Research, focuses on developing cutting-edge

research in the area of information technology. IBM’s previous participation in EU projects have

substantially influenced its projects and services. Within WITDOM, IBM is advancing the state-of-

the art in privacy-enhancing data storage and computation, and verifiability of integrity and

consistency of data stored in untrusted domains, such as the Cloud. IBM expects the technology

developed in WITDOM to widely influence its products. In more details, the envisioned exploitation

plans of IBM include the following:

Enhancing its products and services. Among other types of institutions, IBM does business

with car manufactures and banks. These institutions very often need to outsource data to non-

production environments in order to perform some data analysis and computation. They do so

in order to reduce costs and avoid the necessity of an in-house computation infrastructure that

deals with large amounts of data. IBM will be able to use the results of WITDOM, more

specifically the outcomes of the Data Masking and the Integrity and Consistency Verification

component, to offer better products and services to these customers, and at the same time,

being compliant with EU data protection regulations. In other words, IBM expects to turn

research prototypes into actual solutions that can be used for its business.

Advance in cloud technologies and cognitive computing. IBM will incorporate results of

WITDOM in these areas in order to provide better products and services for customers with

high security requirements. In particular, IBM as cloud provider will be able to offer secure

cloud services and transfer expertise to other related open source projects, such as OpenStack

or Open Blockchain.

Protecting valuable results through patenting or copyrights.

Collaborating with other EU projects as a mean of technology sharing.

Technology transfer by means of transferring the technology to other industries and academia.

Apart from post-docs and regular researchers, IBM also counts with PhD students working in

EU projects, allowing them to gain valuable knowledge working on a European project. By

working in WITDOM, IBM maintains close collaboration with academia and makes

industrial research more attractive for young researchers.

Disseminating research. IBM plans to continue disseminating the progress of the project via

its own channels, social media websites, and workshops. IBM is currently co-organizing a

WITDOM workshop at ARES, which will be a good vehicle for technology transfer. We

expect the workshop to bring fruitful discussions in the state-of-the art in secure and storage

computation in non-production environments. Furthermore, another way of technology

transfer used by IBM is the publication of scientific papers at relevant conferences. As said

before, IBM in not only an industry partner, but also a research partner, which contributes to

the scientific community in the area.

Making sure that relevant cryptographic standards are used in the project’s prototypes.


4.2.6 XLAB

XLAB’s exploitation plan is presented in in two parts: an exploitation plan as an individual

organization, and in the second section we present an exploitation plan as part of the WITDOM

consortium.

4.2.6.1 Exploitation as an individual organisation

XLAB wishes to exploit WITDOM’s results in various ways: by expanding a set of products and

services that currently has and operates (e.g. private cloud installations offered to external clients);

with new security offerings in security and privacy field in the Balkans region; by using the network

of partners from WITDOM to gain new opportunities for innovating projects within H2020

perspective; last but not least - by and extending the business network and obtaining new business

opportunities. Listed exploitation activities have already begun; for example, WITDOM was

presented in ISACA conference in Slovenia where attendees were interested into current state and

results of the WITDOM project. Moreover, ISL Online (XLAB’s brand) has just started a partnership

with AVG Solutions and security is utmost important in the communication solutions (ISL Online is

interested into embedding end-to-end encryption techniques for data transfer/storage). Single

components of the WITDOM platform are expected to be used in enhancing the security and privacy

features of different XLAB’s products. Besides the aforementioned ISL Online, Koofr’s [48]

distributed storage can provide further services for encrypted data manipulation based on

WITDOM’s results, while Sentinel’s [49] sensor information that is been currently aggregated for the

purposes of weather and sea conditions report among other, could be anonymized to prevent any

abuse of information.

WITDOM’s results will be also offered to other existing clients that are interested in adding security

and privacy to their already existing services, such as Alanta’s CloudAnalytics [50] , or Olaii’s [51]

payment systems. The know-how and WITDOM results, being it just a single component or the

entire platform, will increase XLAB’s potential for supporting new clients in delivering their

solutions, being by consulting, platform and infrastructure deployment, or the development of a

secure-centric solution from its requirements or existing application.

Finally, a not direct exploitation results from XLAB’s participation of the WITDOM research project

is the added experience and reputation obtained to the existing research projects XLAB has

participated, and which have proved to be critical for approaching new collaborations.

4.2.6.2 Exploitation plan as being part of WITDOM

XLAB is planning to evolve offerings within WITDOM to be ready to integrate within end-customer

services. The offered toolkit and the platform will be easy to integrate and use within interested

parties. The plan is that XLAB will provide a testbed of WITDOM services to the most possible

extend (use of internal private cloud based on OpenStack). If XLAB sees an opportunity to open and

extend the offerings to external partners, XLAB will consider and look into the possibility of

collaborating with other project’s partners to provide privacy enhancing services as a PaaS offering.

Since XLAB is already a technology provider and integrator of private cloud deployments based on

OpenStack, XLAB will extend its offering with possible deployments of dedicated branded toolkit

consisting of WITDOM services to both existing and new clients.

4.2.7 BBVA

BBVA is planning to use the WITDOM outcomes as a final user. Our Main goal is transfer workload

to public clouds with the guarantee that the privacy and security requirements are fulfilled. Another

target is allowing the automatization of the authorization processes in the load transfers to public

clouds.


These goals apply to our vertical, financial services, where we are searching for OpenStack toolkits

with the WITDOM services or other solutions that allow perform some data analysis and

computation in cloud environments in order to reduce cost and avoid the necessity of an in-house

computation infrastructure.


5 Conclusions and next steps

WITDOM is an end-to-end security framework that protects sensitive data to be outsourced to

untrusted environments (mainly the public cloud) by means of some effective protection mechanisms

and in compliance with the EU regulation framework.

Since the technical results of the project (components, platform) are still in a preliminary stage, the

objective of this deliverable is to provide a reference to ensure that the technical dimension is

oriented to the future market opportunities and to prepare an effective launch upon completion of the

project.

Demand for cloud-based security has increased with the change of pace in IT security towards the

cloud and the realisation of the importance of protecting sensitive data transferred to untrusted

environments. The strongest interest is in encryption products from cloud security brokers. The

market is attending a flood of tools, with several vendors emerging as leaders. WITDOM enters a

market with high growth prospects, which represents a good opportunity to new entrants to have a

share before concurrence intensifies. Existing competitors are well known and probably they leverage

some vendor-locking situations. In this situation WITDOM can compete by providing a differentiated

solution, which is built on its advanced and effective protection mechanisms. It will be also important

for WITDOM to establish alliances or partnerships, especially with regard to the delivery channels,

which will help to reach a wider audience.

The deliverable D7.10 has outlined the main exploitation activities of the WITDOM project to be

carried out until the end of the project in December 2016, considering both the commercial and non-

commercial use of the project results. According to the exploitation methodology defined in section

1.2., D7.10 has covered the steps of identifying the project exploitable items, the market analysis, and

outlined the exploitation strategy to be enforced until December 2017 (M36). Each WITDOM partner

identified its exploitation strategy for the next years. The future deliverable D7.11 (due in December

2017) will supersede this deliverable D7.10, by refining the proposition here made and elaborating

the business case based on the known business canvas model.


6 References

[1] European Commission. Directorate General for Communications Networks, Content and Technology.

Grant Agreement for Research and Innovation action. “empoWering prIvacy and securiTy in non-

trusteD envirOnMents (WITDOM)”. No. 644371 H2020-ICT-2014/H2020-ICT-2014-1

[2] WITDOM consortium. “D1.4 – First project workplan”. January 2015.

[3] WITDOM consortium. “D2.1 Requirements analysis for un-trusted environments”. June 2015.

[4] WITDOM consortium. “D3.1. – Formalized technological requirements”. December 2015.

[5] WITDOM consortium. “D4.1 – Specification of an end-to-end architecture”. December 2015

[6] WITDOM consortium. “D7.2 – “Dissemination Plan”. June 2015.

[7] Cloudify. Homepage. http://getcloudify.org/ , retrieved on 2016-03-30

[8] European Union Intellectual Property Office (EUIPO). Homepage.

https://euipo.europa.eu/ohimportal/en/ , retrieved on 2016-03-30

[9] Szczepański, M. Briefing: "A Digital Single Market Strategy for Europe". Tracking European

Commission priority initiatives in 2015 – Number 3. September 2015.

http://www.europarl.europa.eu/RegData/etudes/BRIE/2015/568325/EPRS_BRI(2015)568325_EN.pdf

, retrieved on 2016-03-30

[10] European Commission. "Priority: Digital Single Market". https://ec.europa.eu/priorities/digital-single-

market_en , retrieved on 2016-03-30

[11] European Commission. Digital Single Market. "Public consultation on Geo-Blocking and other

geographically based restrictions when shopping and accessing information in the EU". September

2015. https://ec.europa.eu/digital-agenda/en/news/public-consultation-geo-blocking-and-other-

geographically-based-restrictions-when-shopping-and , retrieved on 2016-03-30

[12] European Commission - Press release: "Agreement on Commission's EU data protection reform will

boost Digital Single Market". December 2015. http://europa.eu/rapid/press-release_IP-15-

6321_en.htm , retrieved on 2016-03-30

[13] Eur-Lex. "Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on

the protection of individuals with regard to the processing of personal data and on the free movement

of such data". Official Journal L 281 , 23/11/1995 P. 0031 - 0050. November 1995. http://eur-

lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML , retrieved on 2016-03-

30

[14] European Commission. Press release: "EU Commission and United States agree on new framework

for transatlantic data flows: EU-US Privacy Shield". February 2016. http://europa.eu/rapid/press-

release_IP-16-216_en.htm , retrieved on 2016-03-30

[15] Eur-Lex. Communication from the Commission to the European Parliament, the Council, the

European Economic and Social Committee and the Committee of the Regions. "Unleashing the

Potential of Cloud Computing in Europe". September 2012. http://eur-

lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2012:0529:FIN:EN:PDF , retrieved on 2016-03-

30

[16] Eur-Lex. "Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE

COUNCIL on a Common European Sales Law /* COM/2011/0635 final - 2011/0284 (COD) */ "

http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52011PC0635 , retrieved on 2016-

03-30

[17] European Commission. Digital Single Market. "European Cloud Partnership".

https://ec.europa.eu/digital-agenda/en/european-cloud-partnership , retrieved on 2016-03-30

http://getcloudify.org/

https://euipo.europa.eu/ohimportal/en/

http://www.europarl.europa.eu/RegData/etudes/BRIE/2015/568325/EPRS_BRI(2015)568325_EN.pdf

https://ec.europa.eu/priorities/digital-single-market_en

https://ec.europa.eu/priorities/digital-single-market_en

http://europa.eu/rapid/press-release_IP-15-6321_en.htm


http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML

http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML



http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2012:0529:FIN:EN:PDF

http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2012:0529:FIN:EN:PDF

http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52011PC0635

https://ec.europa.eu/digital-agenda/en/european-cloud-partnership


[18] The Guardian. "Inside the FBI's encryption battle with Apple". February 2016.

http://www.theguardian.com/technology/2016/feb/17/inside-the-fbis-encryption-battle-with-apple ,

retrieved on 2016-03-30

[19] Focus Economics. “Economic Snapshot for the Euro Area”. March 2016. http://www.focus-

economics.com/regions/euro-area, retrieved on 2016-03-30

[20] Industrial Research Institute. "2016 Global R&D Funding Forecast". R&D Magazine.

https://www.iriweb.org/sites/default/files/2016GlobalR%26DFundingForecast_2.pdf, retrieved on

2016-03-30

[21] BGR. "Why the FBI has already lost its encryption battle with Apple". February 2016.

http://bgr.com/2016/02/25/fbi-apple-encryption-iphone/ , retrieved on 2016-03-30

[22] TRUSTe/NCSA Consumer Privacy Index (Infographic) – US, 2016.

https://www.truste.com/resources/privacy-research/ncsa-consumer-privacy-index-us/ , retrieved on

2016-03-30

[23] Forrester. "Predictions 2016: The Trust Imperative For Security & Risk Pros". November 2015.

https://www.forrester.com/report/Predictions+2016+The+Trust+Imperative+For+Security+Risk+Pros/

-/E-RES117436 , retrieved on 2016-03-30 , retrieved on 2016-03-30

[24] Cloud Security Alliance. "How Cloud is beign used in the Financial Sector: survey report". March

2015. https://cloudsecurityalliance.org/group/financial-services/#_downloads

[25] ENISA. "Secure Use of Cloud Computing in the Finance Sector Good practices and

recommendations". December 2015. https://www.enisa.europa.eu/activities/Resilience-and-

CIIP/cloud-computing/cloud-in-finance/at_download/fullReport

[26] Eurostat. "ICT specialists in employment". December 2015. http://ec.europa.eu/eurostat/statistics-

explained/index.php/ICT_specialists_in_employment , retrieved on 2016-03-30

[27] Rightscale. "Cloud Computing Trends: 2016 State of the Cloud Survey". February 2016.

http://www.rightscale.com/blog/cloud-industry-insights/cloud-computing-trends-2016-state-cloud-

survey#security

[28] Thales eSecurity. "2016 Global Encryption Trends Study". https://www.thales-

esecurity.com/knowledge-base/analyst-reports/global-encryption-trends-study , retrieved on 2016-03-

30

[29] Gartner. "Market Trends: Cloud-Based Security Services Market, Worldwide, 2014".

https://www.gartner.com/doc/2607617/market-trends-cloudbased-security-services , retrieved on

2016-03-30

[30] CipherCloud. http://www.ciphercloud.com/ , retrieved on 2016-03-30

[31] CloudLock: CASB and Cloud Cybersecurity Solutions. https://www.cloudlock.com/ , retrieved on

2016-03-30

[32] HP. Security Voltage. http://www8.hp.com/es/es/software-solutions/voltage-data-encryption-security/

, retrieved on 2016-03-30

[33] Perspecsys: Cloud Security Software, Cloud Data Encryption. http://perspecsys.com/ , retrieved on

2016-03-30

[34] Protegity. http://www.protegrity.com/ , retrieved on 2016-03-30

[35] Vaultive Encryption Platform for Cloud Security. http://vaultive.com/ , retrieved on 2016-03-30

[36] Vormetric. http://es.vormetric.com/ , retrieved on 2016-03-30

[37] The OpenPGP Alliance Home Page. http://www.openpgp.org/ , retrieved on 2016-03-30

[38] Cornell Anonymization Toolkit. https://sourceforge.net/projects/anony-toolkit/ , retrieved on 2016-03-

30

http://www.theguardian.com/technology/2016/feb/17/inside-the-fbis-encryption-battle-with-apple

http://bgr.com/2016/02/25/fbi-apple-encryption-iphone/


http://ec.europa.eu/eurostat/statistics-explained/index.php/ICT_specialists_in_employment

http://ec.europa.eu/eurostat/statistics-explained/index.php/ICT_specialists_in_employment

https://www.thales-esecurity.com/knowledge-base/analyst-reports/global-encryption-trends-study

https://www.thales-esecurity.com/knowledge-base/analyst-reports/global-encryption-trends-study

https://www.gartner.com/doc/2607617/market-trends-cloudbased-security-services

http://www.ciphercloud.com/

https://www.cloudlock.com/

http://www8.hp.com/es/es/software-solutions/voltage-data-encryption-security/

http://perspecsys.com/

http://www.protegrity.com/

http://vaultive.com/

http://es.vormetric.com/

http://www.openpgp.org/

https://sourceforge.net/projects/anony-toolkit/


[39] ARx. http://www.arx.com/ , retrieved on 2016-03-30

[40] McSherry, F. "An Extensible Platform for Privacy-Preserving Data Analysis".

http://research.microsoft.com/pubs/80218/sigmod115-mcsherry.pdf , retrieved on 2016-03-30

[41] Project PRIPARE. http://pripareproject.eu/ , retrieved on 2016-03-30

[42] Project PRISMACLOUD. https://prismacloud.eu/ , retrieved on 2016-03-30

[43] Project TREDISEC. http://www.tredisec.eu/ , retrieved on 2016-03-30

[44] Project CLARUS. http://www.clarussecure.eu/project-vision , retrieved on 2016-03-30

[45] Project HEAT. https://heat-project.eu/ , retrieved on 2016-03-30

[46] Project CREDENTIAL. https://credential.eu/ , retrieved on 2016-03-30

[47] ARX – Powerful Data Anonymization. http://arx.deidentifier.org/ , retrieved on 2016-03-30

[48] Koofr. Homepage. http://koofr.eu/ , retrieved on 2016-03-30

[49] Sentinel Marine Solutions. Homepage. http://www.sentinelmarine.net/ , retrieved on 2016-03-30

[50] Alanta. CloudAnalytics. http://alanta.si/cloudanalytics.html , retrieved on 2016-03-30

[51] Olaii. https://cashless.olaii.com , retrieved on 2016-03-30

http://www.arx.com/

http://research.microsoft.com/pubs/80218/sigmod115-mcsherry.pdf

http://pripareproject.eu/

https://prismacloud.eu/

http://www.tredisec.eu/

http://www.clarussecure.eu/project-vision

https://heat-project.eu/

https://credential.eu/

http://arx.deidentifier.org/

http://koofr.eu/

http://www.sentinelmarine.net/

http://alanta.si/cloudanalytics.html

https://cashless.olaii.com/

ICT-32-2014: Cybersecurity, Trustworthy ICT WITDOM...

Documents

Transcript of ICT-32-2014: Cybersecurity, Trustworthy ICT WITDOM...