ICT-32-2014: Cybersecurity, Trustworthy ICT WITDOM...
Transcript of ICT-32-2014: Cybersecurity, Trustworthy ICT WITDOM...
ICT-32-2014: Cybersecurity, Trustworthy ICT
WITDOM
"empoWering prIvacy and securiTy in non-trusteD envirOnMents"
D7.10 – Initial Exploitation Plan
Due date of deliverable: 31-03-2016
Actual submission date: 31-03-2016
Grant agreement number: 644371 Lead contractor: Atos Spain sae (Atos)
Start date of project: 1 January 2015 Duration: 36 months
Revision 1.0
Project co-funded by the European Commission within the EU Framework Programme for Research
and Innovation HORIZON 2020, and the Swiss State Secretariat for Education, Research and
Innovation (SERI)
Dissemination Level
PU = Public, fully open, e.g. web
CO = Confidential, restricted under conditions set out in Model Grant Agreement
CI = Classified, information as referred to in Commission Decision 2001/844/EC.
Int = Internal Working Document
D7.10 – Initial Exploitation Plan
The work described in this document has been conducted within the project WITDOM, started in January 2015.
This project has received funding from the European Union’s Horizon 2020 research and innovation programme
under grant agreement No 64437. This work was supported in part by the Swiss State Secretariat for Education,
Research and Innovation (SERI) under contract number 15.0098.
The opinions expressed and arguments employed herein do not necessarily reflect the official views of the
European Commission or the Swiss Government.
Copyright by the WITDOM Consortium.
D7.10 – Initial Exploitation Plan
Editor
Elsa Prieto (Atos)
Contributors
Román Mesa (BBVA), Sauro Vicini (FSCR), Nicolás Notario (Atos), Aleš Černivec
(XLAB), Juan R. Troncoso (UVIGO), Lilian Adkinson (UVIGO), José L. Otero Pena
(UVIGO), Nathan Van de Velde (KU Leuven), Eduarda Freire (IBM).
Reviewers
Mariano Cecowski (XLAB), Francesco Alberti, Lisa Catanzaro (FSCR).
31-03-2016
Revision 1.0
D7.10 – Initial Exploitation Plan
Page 3
Document History
Version Date Author(s) Description/Comments
0.1 2016-01-26 E.Prieto (Atos) ToC
0.2 2016-02-03 E.Prieto (Atos) All sections in chapter Introduction.
Value proposition. Rearrange exploitable items.
Initial segmentation and market analysis.
Initial SWOT.
Initial outline of commercial and non-commercial
exploitation.
Atos individual exploitation plan.
0.3 2016-02-15 E.Prieto (Atos) Exploitation methodology and relation to other project
work.
Initial segmentation.
Environment P-S-T factors.
0.4 2016-03-01 E.Prieto,
N. Notario (Atos),
A. Černivec
(XLAB)
Update exploitable items: platform + components.
Competitors first draft.
FSCR, XLAB individual exploitation plans
0.5 2016-03-14 E.Prieto (Atos) Components descriptions: data masking, SC, integrity
and consistency verification, KM
Competitors: R&D projects.
IBM, KU Leuven, BBVA individual exploitation
plans
0.6 2016-03-21 E.Prieto (Atos) Version for review
0.7 2016-03-27 E.Prieto (Atos) Addressed comments from reviewers.
Update privacy metrics and primitives.
XLAB, Atos plans updated.
References added.
1.0 2016-03-31 E.Prieto (Atos) Final version for submission
D7.10 – Initial Exploitation Plan
Page 4
Executive Summary
The objective of this deliverable D7.10 – “Initial Exploitation Plan” is to primarily approach to the
project exploitation by presenting an initial exploitation strategy that will be enforced during the
project lifetime (from March 2016 to December 2017).
Exploitation in the scope of WITDOM refers to the use of project results generally speaking.
Therefore the project acknowledges two lines of action: one line towards the commercial use of
results, and another one towards both the use of knowledge gained within the project and use of
research results that cannot be commercially exploited, but that they can provide instead additional
benefits such as development of competences or strengthen existing capabilities.
Nevertheless, the commercial focus of this document cannot be undermined. To this respect,
WITDOM exploitation strategy proposes several work lines that contribute to pave the way to the
project results adoption in a later stage of the project. These strategies focus on following a sales
lifecycle with strong emphasis on prospecting potential customers (both external to the project and
within the WITDOM partners’ business units), contacting them, and promoting the key features of
WITDOM, which can be summarized as follows:
Framework for end-to-end protection of outsourced data in untrusted environments
Effective data protection of outsourced data in untrusted domains based on a wide range of
protection mechanisms, such as anonymization, desensitization, secure signal processing
techniques, homomorphic encryption, and protection of the integrity and consistency of data.
Easy combination, orchestration and configuration of protection mechanisms to match the
end-user’s protection needs.
Compatibility with a wide range of cloud provider.
Compatibility with various service environments.
Separation of roles and access controls for protected data.
Quantitative privacy metrics and preferences for end-to-end privacy in untrusted
environments that reconciles the end-user’s data protection requirements and the data usage
requirements of the service.
Compliance with the EU data protection regulation.
The WITDOM offering distinguishes between the above mentioned exploitation lines:
Commercial exploitation Non-commercial exploitation
Software/Developments
WITDOM Platform
WITDOM components
Services built around the WITDOM
framework
Brand
Know-How
Methodologies
SPACE methodology for
requirements elicitation.
Methodology for technical
requirements formalization.
WITDOM architecture
Primitives
Privacy metrics
From the segmentation point of view, the WITDOM consortium considers as main targets Vertical
Service Providers and Managed security service providers, who are the ones providing cloud-based
D7.10 – Initial Exploitation Plan
Page 5
security solutions to the final users: the scenario providers. In some cases, the scenario providers can
be considered as target, especially if they follow a backwards integration and take on some activities
from their security providers. The main benefits that WITDOM offer to these segments is the
availability of new, advanced, and effective protection methodologies to transition operations to the
cloud, while ensuring legal compliance with the EU regulatory framework.
These latter three users can be considered for a commercial strategy. On the border between the
commercial and non-commercial side, we have the service developers, as they will be developing
solutions for the security providers, but they can also help extending WITDOM functionality in the
future. Finally, we consider researchers as target category from a non-commercial exploitation.
The deliverable D7.10 presents a macro environment analysis, summarizing the most important
Polititical, Economical, Societal and Technological aspects that are shaping the current security
landscape. It also presents an overview of the cloud-based security market, which is expected to have
a positive increase in CAGR of 15.7% from 2014 to 2019. This growth is mainly due to two factors:
the increase of moving operations to the cloud, and the reliance on MSSP to cover the security and
privacy requirements.
Cloud-based encryption services is the segment of this market with higher growth prospects. Some
vendors to watch in this area include CipherCloud, CloudLock, Elsatica, HP Voltage, Perspecsys,
Protegrity, or Vaultive. Nonetheless, for the sake of comprehensiveness, the deliverable also includes
an overview of PETs and some R&D projects that are closely related to WITDOM’s objectives and
functionalities.
Finally it is important mentioning that this initial exploitation plan reflects the current status of the
technological developments. At the time of release, the platform and most WITDOM components are
still under development, and technical decisions must be taken in the following months, which will
have a significant impact in the current exploitation plan. This explains why this deliverable focuses
mainly on the value proposition, segmentation and market analysis, while other business factors, such
as the distribution strategy, are tentative ideas to be considered in the future, and other, such as the
business models, are not totally defined. These questions will be solved in the future version of this
document, the deliverable D7.11, which is expected to contain the final description of a WITDOM
business model.
D7.10 – Initial Exploitation Plan
Page 6
Contents
Executive Summary ............................................................................................................................... 4
1 Introduction .................................................................................................................................. 9
1.1 Purpose of the document .......................................................................................................... 9
1.2 Relation to other project work ................................................................................................. 9
1.3 Structure of the document ...................................................................................................... 10
1.4 Glossary adopted in this document ........................................................................................ 11
1.5 Acronyms used in this document ........................................................................................... 12
2 WITDOM value proposition ...................................................................................................... 14
2.1 What is WITDOM? ............................................................................................................... 14
2.1.1 Problem statement ........................................................................................................ 14
2.1.2 The problem statement scenario ................................................................................... 14
2.1.3 The WITDOM framework ........................................................................................... 15
2.2 WITDOM exploitable items .................................................................................................. 15
2.2.1 Software/Developments ............................................................................................... 17
2.2.2 Services ........................................................................................................................ 23
2.2.3 Knowledge .................................................................................................................... 23
2.2.4 Brand ............................................................................................................................ 27
3 Market Analysis .......................................................................................................................... 28
3.1 Initial segmentation ................................................................................................................ 28
3.2 Environment analysis ............................................................................................................. 29
3.2.1 Political-Legal .............................................................................................................. 29
3.2.2 Economic ...................................................................................................................... 32
3.2.3 Societal ......................................................................................................................... 33
3.2.4 Technological ............................................................................................................... 35
3.3 Competitors ............................................................................................................................ 37
3.3.1 Overview of the cloud-based security services market ................................................ 37
3.3.2 Commercial competitors .............................................................................................. 38
3.3.3 PETs ............................................................................................................................. 41
3.3.4 R&D projects ................................................................................................................ 42
3.4 SWOT .................................................................................................................................... 44
3.4.1 Strengths ....................................................................................................................... 44
3.4.2 Weaknesses .................................................................................................................. 44
3.4.3 Opportunities ................................................................................................................ 45
3.4.4 Threats .......................................................................................................................... 45
4 Exploitation strategy ................................................................................................................... 46
4.1 Overall exploitation strategy .................................................................................................. 46
4.1.1 Commercial exploitation .............................................................................................. 46
4.1.2 Knowledge Exploitation (non-commercial) ................................................................. 46
4.1.3 Roles and responsibilities ............................................................................................. 47
4.1.4 Marketing ..................................................................................................................... 47
4.1.5 Distribution Strategy .................................................................................................... 48
4.1.6 Business impact drivers ................................................................................................ 49
4.2 Individual exploitation plans ................................................................................................. 49
D7.10 – Initial Exploitation Plan
Page 7
4.2.1 ATOS ............................................................................................................................ 50
4.2.2 UVIGO ......................................................................................................................... 52
4.2.3 KU Leuven ................................................................................................................... 53
4.2.4 FSCR ............................................................................................................................ 54
4.2.5 IBM .............................................................................................................................. 55
4.2.6 XLAB ........................................................................................................................... 56
4.2.7 BBVA ........................................................................................................................... 56
5 Conclusions and next steps ......................................................................................................... 58
6 References .................................................................................................................................. 59
List of Figures
Figure 1. WITDOM roadmap ................................................................................................................ 9
Figure 2. Exploitation strategy ............................................................................................................. 10
Figure 3. The problem statement scenario ........................................................................................... 15
Figure 4. Outline of WITDOM outcomes ............................................................................................ 16
Figure 5. WITDOM initial architecture ............................................................................................... 25
Figure 6. Share of Total Global R&D spending .................................................................................. 32
Figure 7. Top challenges holding back Cloud projects ........................................................................ 35
Figure 8. Verticals top 3 priorities ....................................................................................................... 36
Figure 9. Forecast for Cloud-based Security Services Market ............................................................ 38
Figure 10. WITDOM supply chain ...................................................................................................... 48
Figure 11:Atos commercial exploitation models ................................................................................. 51
Figure 12. FSCR exploitation lines ...................................................................................................... 54
List of Tables
Table 1. WITDOM offering per exploitation line ................................................................................ 16
Table 2. List of WITDOM components ............................................................................................... 18
Table 3. Template for components description .................................................................................... 18
Table 4. Component: Anonymization .................................................................................................. 18
Table 5. Component: Data masking ..................................................................................................... 19
Table 6. Component: SSP .................................................................................................................... 20
Table 7. Component: SC ...................................................................................................................... 20
Table 8. Component: Integrity and Consistency Verification ............................................................. 21
Table 9. Component: KM .................................................................................................................... 21
Table 10. Component: E2EE ............................................................................................................... 21
Table 11. Component: broker .............................................................................................................. 22
Table 12. Component: PO .................................................................................................................... 22
Table 13. Component: IAM ................................................................................................................. 23
Table 14. List of methodologies developed in WITDOM ................................................................... 24
Table 15. WITDOM architecture fiche ................................................................................................ 25
Table 16. Initial segmentation .............................................................................................................. 28
Table 17. PEST analysis ...................................................................................................................... 29
Table 18. Commercial competitors ...................................................................................................... 38
Table 19. Competitors: PETs ............................................................................................................... 41
D7.10 – Initial Exploitation Plan
Page 8
Table 20. Delivery channels ................................................................................................................. 48
Table 21. Individual exploitation plans................................................................................................ 49
D7.10 – Initial Exploitation Plan
Page 9
1 Introduction
1.1 Purpose of the document
This deliverable D7.10 – “Initial Exploitation Plan” aims at presenting the initial exploitation
strategy and plans for the main results coming from the project WITDOM. All consortium partners
contributed to this deliverable, expressing their exploitation interests according to their own
organizations’ strategical interest.
To understand the exploitation approach of WITDOM, it is necessary to read the definition below in
the glossary about what it is understood by exploitation. According to this definition, exploitation
refers to the use of results of the project generally speaking. This definition does not mention a pure
commercial meaning, thus opening the scope of application of results at different levels and in
different domains. This leads to both commercial and non-commercial exploitation, as described in
the strategy in Chapter 4. While exploitation is more related to taking results to the market, non-
commercial exploitation (also noted as knowledge exploitation) is more related to the effective use of
knowledge, know-how, methodologies or standards.
Nevertheless, the commercial aspect of exploitation cannot be undervalued. Therefore, the approach
adopted for this document is taken more from the commercial perspective than for the commercial
one, in order to pave the way for adoption of WITDOM project results.
1.2 Relation to other project work
This deliverable D7.10 is produced as part of the activities of Work package 7 – “Dissemination,
Communication, Exploitation and Standardisation”. It is a public document which will be made
available on the project website for those stakeholders interested in the dissemination plan of the
WITDOM project. This document will be revised and updated at the end of the project (December
2017 – M36), in the deliverable D7.11 – “Final Exploitation Plan and Reporting”.
The exploitation methodology chosen for WITDOM acknowledges the roadmap of the project, which
drives the technological build of the WITDOM framework, the main objective of the project. The
deliverable D7.10 is released in M15 (March 2016), when only the first milestone of the project,
called “Requirements and Methodology”, has been reached (this happened in December 2015, M12).
The second project milestone, “Common architecture”, will be achieved in M20 (August 2016),
which denotes that the technological solution will be still under design at the time of submission of
the D7.10. This explains why at the submission time of this deliverable, part of the offering cannot be
fully completed, and why it should be later refined in D7.11 (due in M36). Moreover, the technical
discussions will result into decisions that will dramatically affect the final value proposition of
WITDOM, which makes this deliverable preliminary.
Figure 1. WITDOM roadmap
Requirements & Methodology
Common architecture
Preliminary toolset & platform
Use-case architectures
Preliminary prototypes
Prototypes evaluation
Final prototypes & platform
Year 1(M01-M12)
Year 2(M13-M24)
Year 3(M25-M36)
M15D7.10
M36D7.11
D7.10 – Initial Exploitation Plan
Page 10
Figure 2 depicts the exploitation methodology proposed in WITDOM until the end of the project.
This consists of five steps:
1. Identification of those project items (tangible and intangible outcomes) that can be subject for
exploitation.
2. A market analysis.
3. Definition of an exploitation strategy, considering the commercial and non-commercial
aspects of the project. D7.10 considers a holistic view of WITDOM, comprising all
exploitable items, but recognizes that each single item could be exploited in a stand-alone
way.
4. Proposal of an action/marketing plan.
5. Development of (a) business case(s).
This deliverable D7.10 only covers steps from 1 to 3, considering the project roadmap and
acknowledging the status of technical developments. Each step is collected in the main chapters of
the document, as indicated in the following subsection. The exploitation strategy proposed in D7.10
will be enforced during the project span, which is expected to produce some project impact on both
the commercial and non-commercial lines. The enforcement of this strategy will also serve to sense
the target segments and collect feedback that can be used as inputs for the follow-up deliverable
D7.11. This new deliverable D7.11 will be based on more mature and validated results, which will
help us to develop a more advanced exploitation plan. D7.11 will cover the last steps of the
methodology, steps 4 and 5, which will end-up with a final business case.
Figure 2. Exploitation strategy
1.3 Structure of the document
This document is structured in three major chapters, corresponding to each phase of the exploitation
methodology steps 1-3:
Chapter 2 presents WITDOM value proposition, as well as information about the different outcomes
from the project that can be exploited by the consortium from both a commercial and non-
commercial.
Chapter 3 presents a market analysis, identifying which are the driving forces in the environment by
means of a Political – Economic – Societal –Technological (PEST) analysis (the macro environment
D7.10 – Initial Exploitation Plan
Page 11
where WITDOM is placed), identifying the main competitors in the market (the microenvironment),
and producing an initial segmentation (WITDOM target users).
Finally Chapter 4 presents the overall exploitation strategy for the project, as well as the exploitation
plans to be executed by the WITDOM partners during the project.
1.4 Glossary adopted in this document
Business Model. The concept of the business model in the literature on information systems
and business refers to ways of creating value for customers, and to the way in which a
business turns market opportunities into profit through sets of actors, activities and
collaboration.
Cold calling. It is defined as the solicitation of business from potential customer who has no
prior contact with the salesperson conducting the call.
Exploitation. The utilisation of results in further research activities other than those covered
by the action concerned, or in developing, creating and marketing a product or process, or in
creating and providing a service, or in standardisation activities.
Framework (privacy and security framework). System abstraction in which tools and
algorithms can be instantiated in order to provide privacy and security guarantees.
Freedom to Operate. It is the ability to proceed with the research, development and/or
commercial production of a new product or process with a minimal risk of infringing the
unlicensed intellectual property rights (IPRs) or tangible property rights of third parties.
Horizontal market. A horizontal market is a market in which a product or service meets a
specific need of a wide range of buyers across different sectors of an economy.
OpenSource. A copyright licence that allows for the access and use of certain source code,
with varying grades of freedom of usage for commercial purposes and requirements of
sharing the resulting solution’s code.
Privacy-preserving and security toolset. A set of libraries comprising privacy-preserving
building blocks, privacy and anonymity tools and cryptographic primitives designed for
protecting data in distributed or outsourced environments.
Privacy-preserving building block/primitive. Algorithms, protocols and techniques that can
be applied to enhancing the privacy of the to-be-protected signals and data, by concealing
them from adversaries.
Pull strategy. A pull strategy involves motivating customers to seek out your brand in an
active process.
Push strategy. A push strategy involves taking the product directly to the customer via
whatever means, ensuring the customer is aware of your brand at the point of purchase.
Sales Cycle. A sales cycle is the series of predictable phases required to sell a product or a
service. Sales cycles can vary greatly among organizations, products and services, and no one
sale will be exactly the same. However, identifying the key steps and stages improves
efficiency and can speed up the process of on-boarding new sales hires. For simplicity we will
consider five phases: prospect - contact - offer - negotiation – closing.
System Readiness level (SRL). It is an index of maturity applied at the system-level concept.
It is a function of individual Technology Readiness Levels (TRLs) and the maturities of the
links between them, based on a scale of integration readiness levels (IRLs).
Technology Scouting. Identification of technology developments and the facilitation of the
sourcing of technology.
Technology Readiness Level (TRL). The TRL scale is a metric for describing the maturity
of a technology. The scale consists of 9 levels. Each level characterises the progress in the
D7.10 – Initial Exploitation Plan
Page 12
development of a technology, from the idea (level 1) to the full deployment of the product in
the marketplace (level 9).
Time to market. It is the length of time it takes from a product being conceived until its
being available for sale.
Toolkit. In the context of software development, a toolkit is a set of software common
development tools, including, sample code, technical notes and other documentation that
allows the creation of applications for a certain platform.
Untrusted environment. Environments where a stakeholder cannot directly control or fully
verify the underlying hardware, software or people accessing it, being vulnerable to malicious
attacks. Examples of such environments are the Internet or public clouds.
Valorisation. Use, for socio-economic purposes, of the results of research financed by public
authorities. It represents society's direct and indirect return on the public sector's investment
in research and development.
Vertical market. A vertical market is a market in which vendors offer goods and/or services
specific to an industry, trade, profession, or other group of customers with specialized needs.
Examples of vertical markets are Financial Services (Banking), Healthcare or Energy.
1.5 Acronyms used in this document
AGPL Affero General Public License
API Application Programming Interface
ATOS Atos Spain sae
BBVA Banco Bilbao Vizcaya Argentaria
BSD Berkeley Software Distribution
CAGR Compound Annual Growth Rate
CESL Common European Sales Law
DoA Description of Action
DSM Digital Single Market
DX Digital Transformation
Dx.y Deliverable number y corresponding to WP number x
E2E End to end
E2EE End to end encryption
EIM Exploitation & Innovation Manager
EU European Union
EUIPO European Union Intellectual Property Office
FBI Federal Bureau of Investigation
FCSR Fondazione Centro San Raffaele
FPE Format-Preserving Encryption
FS Financial Services
GBU Global Business Unit
GDP Gross Domestic Product
GDPR General Data Protection Regulation
HE Homomorphic Encryption
HSM Hardware Security Module
IAM Identity and Access Management
D7.10 – Initial Exploitation Plan
Page 13
IaaS Infrastructure-as-a-Service
IBE Identity based encryption
IBM IBM Research Gmbh
ICT Information and Communication Technologies
IdP Identity Provider
IoT Internet of Things
IT Information Technology
JVM Java virtual machine
KM Key Management
KPI Key Performance Indicator
KU Leuven Katholieke Universiteit Leuven
MSSP Managed security service provider
PaaS Platform-as-a-Service
PEST Political, Economic, Socieal and Technological
PET Privacy Enhancing Technique
PhD Philosophiae Doctor
PINQ PrivacyIntegrated Queries
PO Protection Orchestrator
PVT Protegrity Vaultless Tokenization
R&D Research & Development
SaaS Software-as-a-Service
SC Secure Computation
SME Small and Medium Enterprise
SP Service Provider
SPACE Security and PrivAcy CodEsign
SRL System Readiness Level
SSP Secure Signal Processing
SWOT Strengths, Weakness, Opportunities and Threats
TRL Technology Readiness Level
US United States
UVIGO Universidad de Vigo
VSP Vertical Service Providers
WaaS WITDOM as-a-Service
XLAB XLAB razvoj programske opreme in svetovanje d.o.o
D7.10 – Initial Exploitation Plan
Page 14
2 WITDOM value proposition
2.1 What is WITDOM?
2.1.1 Problem statement
Although the cloud environment is not the only untrusted computing environment to be considered, it
is in fact the one with major uptake in the last years thanks to its low entry-cost and its scalability
features, making available unbelievable computation power at a price never before imagined. These
days it seems like everything is happening “in the cloud”.
Services and infrastructures for the Cloud are being developed with maximum openness in mind,
commonly providing a service without locality, pre-defined legal policies or risk context. Businesses
and public institutions alike are realizing that security properties may be business critical when their
information is maintained and managed in the Cloud, whereas for individual end-users there is a
slower consciousness building process that these properties may be of individual benefit.
There is a huge variety of scenarios in which it is mandatory to ensure that operations are executed
according to some security specifications, so that no adversary can manipulate their execution, their
inputs or outputs (verifiability). Further, these security requirements can be expanded so that they
also include privacy aspects: no adversary, including the devices executing the computations, should
be able to extract any information from the inputs, outputs or from the processing itself. In an even
more advanced case, the algorithm itself could be required to be secret and not accessible except by
their owners (e.g., a complex financial forecasting algorithm). These three requirements, ). These
three requirements, i.e., lack of data tampering, privacy of the data, and privacy of the algorithms and
procedures used to manipulate the data, can be considered three levels of trusted or secure computing
requirements.
From the very moment that data is being processed by external third parties, new security challenges
arise; data must be protected not only from access by unauthorized agents, but also from the parties
that perform processing and storage, which are not necessarily trusted.
Therefore the main goal is to allow the externalization of heavy-computation tasks, minimizing its
costs1 while aiming to achieve at least the same level of privacy attained when the computation takes
place in a fully trusted environment.
2.1.2 The problem statement scenario
The problem statement scenario is considered in Figure 3, showing two trust domains. The trusted
domain is shown on the left. On the right, the untrusted domain, where services and data may be
exposed to attacks, data leaks, and so on. The distinction between “trusted” and “untrusted” domains
occurs according to the views, assumptions, and policies determined by a so-called end user of
certain applications. This scenario is well represented by hybrid cloud environments, with a mix of
on-premises, private cloud, and third-party, public cloud services, and orchestration between the two
platforms.
All applications that run on behalf of end users (the IT department particularly) are hosted by the
trusted domain. Applications can be deployed in the trusted domain with light and standard
protection mechanisms, and they may benefit from application-specific services in the trusted
domain.
1 We will not analyze costs in this document since we are still in a preliminary phase of the project. More insights about
cost analysis and related KPIs will be discussed in future documents, e.g., D2.3.
D7.10 – Initial Exploitation Plan
Page 15
Figure 3. The problem statement scenario
2.1.3 The WITDOM framework
WITDOM is a framework for end-to-end (E2E) protection of outsourced data in untrusted
environments, for example the (public) cloud.
WITDOM provides:
Effective data protection of outsourced data in untrusted domains based on a wide range of
protection mechanisms:
Anonymization of data before its outsourcing to an untrusted domain that guarantees
the privacy of the datasets.
Desensitization of data that needs to be outsourced to an untrusted domain.
Processing operations on protected data and signals in an untrusted domain based on
secure signal processing techniques, which prevents the disclosure of the sensitive
information while it is being processed in the untrusted domain.
Processing operations on protected data in an untrusted domain based on
Homomorphic Encryption (HE), which protects the confidentiality while it is being
processed in the untrusted domain.
Protection of the integrity and consistency of data outsourced to an untrusted remote
storage, and detection and proof of unauthorized modification and loss of data stored
in the untrusted domain.
Easy combination, orchestration and configuration of protection mechanisms to match the
end-user’s protection needs.
Compatibility with a wide range of cloud provider.
Compatibility with various service environments.
Separation of roles and access controls for protected data.
Quantitative privacy metrics and preferences for end-to-end privacy in untrusted
environments that reconciles the end-user’s data protection requirements and the data usage
requirements of the service.
Compliance with the EU data protection regulation.
2.2 WITDOM exploitable items
WITDOM will deliver the following outcomes according to three different levels aligned with the
project objectives (defined in the deliverable D1.4): general outcomes, practical level, and
D7.10 – Initial Exploitation Plan
Page 16
implementation level, as indicated in Figure 4. These levels represent the degree of abstraction or
tangibility of results: from the end-to-end security framework to the generic results that instantiate
the general outcomes towards the application in the project scenarios (eHealth and Financial
Services).
Figure 4. Outline of WITDOM outcomes
The project results can also be categorised by nature into:
Knowledge. This category comprises the project know-how (mainly contained in deliverables
and papers), methodologies, architecture, and primitives.
Software/developments. This category refers to tangible outcomes, namely the WITDOM
platform, toolkits, prototypes.
Services. The word “Service” refers to the traditional meaning of IT services. These are future
services offered around WITDOM, which aim at improving customers' effective use of
WITDOM solutions and to provide in-depth customized assistance.
Brand.
The following sections describe broadly the different exploitation items. Table 3 categorizes these
project results according to the commercial and non-commercial exploitation introduced in section
1.1, which will be later expanded in section 4.1.
Table 1. WITDOM offering per exploitation line
Commercial exploitation Non-commercial exploitation
Software/Developments
WITDOM platform
WITDOM components
Services built around the WITDOM
framework
Brand
Know-How
Methodologies
SPACE methodology for
requirements elicitation.
Methodology for technical
requirements formalization.
WITDOM architecture
Primitives
Privacy metrics
D7.10 – Initial Exploitation Plan
Page 17
2.2.1 Software/Developments
This category comprises all tangible outcomes, listed in the following sections, that make up the
WITDOM framework.
2.2.1.1 Platform
The Generic platform is a core component offered by WITDOM. It provides a modular framework
capable of adding new services as modular blocks. It consists of an administrative dashboard and
cloud orchestration service. The administrative dashboard talks with cloud orchestration service via
RESTful API, and provides means to deploy the core services within the trusted or untrusted domain.
The cloud orchestration service is built on top of Cloudify [7] and it is used to manage core
WITDOM components: Broker, Protection orchestrator, Identity and access management component,
and Key management service. Each request originating from the user application will be handled by
the broker service that will redirect the request towards specific WITDOM protection component.
This can be seen as a pipeline of requests originating from the application and routed by the broker
towards the suitable components able to handle the request.
WITDOM toolkit consists of prototypes of protection components (the component are listed below).
Each component features an obfuscation technique in order to protect data and algorithms in terms of
data privacy and security outsourced to the untrusted domain. The protection component applies an
obfuscation technique to a request originating from the user application via the generic platform’s
core components. Prototypes will be packaged into self-contained easily exploitable micro-service
that could easily be deployed using agile approaches (such as using vagrant and/or docker
technologies).
The WITDOM platform and the prototypes will be developed, integrated and demonstrated, making
it to the SRL level 3. Moreover, in the validation phase of the pilots the integrated solution will
achieve operational capabilities, aiming at providing tangible results based in practice.
Service model that WITDOM is targeting is combination of Infrastructure and Platform as a Service
(IaaS/PaaS): the platform has capabilities to provision core and protection components via API
offered by the WITDOM generic platform. Using Cloudify the platform will offer automation of the
deployment and management of the services of higher degree of control over usual application stack
(e.g. not restricting of a specific version of web servers, rather to modified, WITDOM-specific
services). Moreover, since the cloud orchestration component will be capable of addressing trusted
and untrusted domain, WITDOM will address hybrid cloud deployment model.
2.2.1.2 Components
This section provides a description of those components that are part of the WITDOM solution. The
list of components refers to the initial architecture provided in the deliverable D4.1- “Preliminary
specification of an end-to-end secure architecture” [5] , which will be refined in the deliverable D4.2
– “Final specification of an end-to-end secure architecture” (due in August 2016). This means that
new components can appear in the following version, which will modify the current list.
Table 2 provides the initial list of components2.The first column indicates the type of component
considered, whether this is a specific protection component, or it has a supporting role (core
components). The second column provides the name of the component, as mentioned in D4.1. The
third column provides the expected level of maturity for each component, measured by the
Technology Readiness Level (TRL) scale. Finally the fourth column provides the expected license
for each component, as it is necessary to identify the Intellectual Property Rights (IPRs) per partner
2 In D4.1 there are other elements called “Application-specific elements”, which are not described as they are clients for
the mentioned components of the list.
D7.10 – Initial Exploitation Plan
Page 18
in order to manage the potential constraints to the exploitation model, including the freedom to
operate. The symbol “*” in the table means that the component has initially a license envisaged, but it
can be reconsidered in a later stage (e.g: change the license to open source).
Table 2. List of WITDOM components
Type of
component
(as indicated
in D4.1)
List of components Current
TRL
Expected Licence Ownership
Core
components
Broker 3 Copyright* UVIGO
Protection orchestrator (PO) 2 Copyright* UVIGO,
ATOS
Identity and Access Management
(IAM)
5 Open source, BSD
licence
XLAB
Key Management (KM) 7 Open source* XLAB,
ATOS
Protection
components
Anonymization component 2 Copyright* UVIGO
Data masking component 3 Patent IBM
Secure signal processing component
(SSP)
3 Copyright* UVIGO
Secure computation component (SC) 4 Open source KU Leuven
Integrity and consistency verification 3 TBD IBM
End-to-End Encryption (E2EE) 5 Open source XLAB
Each component is described by means of the following table, which indicates the meaning of each
field:
Table 3. Template for components description
Functionality Short description of component functionality.
Market Target Target user of the component. The initial segmentation is provided in
section 3.1
Independency Dependencies with other WITDOM components to provide its
functionality. Level of independency to operate.
Availability Point of access to the component release, URL if available.
Licencing Open source, patent, type of licence.
Ownership Partners involved in the component development.
Component manager Leading owner. Contact person.
TRL Current Technology Readiness Level
2.2.1.2.1 Anonymization
Table 4. Component: Anonymization
Functionality It allows protecting data in order to preserve the identity of users and the
value of their sensitive attributes while maintaining the utility of data. The
component offers different anonymization algorithms, allowing to select in
D7.10 – Initial Exploitation Plan
Page 19
a flexible way the most appropriate scheme for each application and
scenario.
Market Target End-users of multiple sectors (e.g., banks and hospitals in the case of
WITDOM scenarios), security providers, service developers, and
researchers.
Independency The anonymization component requires communication with the protection
orchestrator and the storage service. From the component perspective it is
assumed that these components will be deployed also within the trusted
domain and will offer high availability guarantees. However, as the
anonymization component offers a RESTful API it can also be used as a
standalone component in other scenarios.
As the component is developed in Java, there are no further dependencies
regarding the execution environment (only a JVM is required). This
guarantees the service independence from the operating system (Linux or
Windows) and distribution.
Availability The component is still not available, it is under development.
Licencing Copyright (subject to revision).
Ownership Gradiant/UVIGO
Component manager Lilian Adkinson Orellana ([email protected])
TRL 2
2.2.1.2.2 Data Masking
Table 5. Component: Data masking
Functionality The data masking component is used to desensitize data that needs to be
outsourced to an untrusted domain, in a way that data can still be used for
the original purposes. The component offers dynamic updates so that
whenever a masking key is updated, only new data sets have to be
outsourced, and previously masked data are updated in the untrusted
domain without privacy compromise, i.e., without re-identification of the
user. Security features such as irreversibility of masked data, referential
integrity and unlinkability between data that have been masked with
different keys are enforced.
Market Target End-users from multiple sectors.
Independency The component makes use of the Key Management component in order to
get access to masking keys and updating values. The E2EE component is
also required in order to send updating values over to the untrusted
domain.
Availability Not available yet.
Licencing Patent
Ownership IBM
Component manager Eduarda Freire ([email protected])
D7.10 – Initial Exploitation Plan
Page 20
TRL 3
2.2.1.2.3 Secure Signal Processing (SSP)
Table 6. Component: SSP
Functionality This component is in charge of efficiently performing secure signal
processing operations on protected data and signals (encrypted, obfuscated,
split or a combination thereof) in an untrusted environment, by preventing
the disclosure of the sensitive information while it is being processed in the
untrusted domain. Therefore, the main element of this component is
located in the untrusted domain, while the trusted-domain part manages the
pre-processing operations (secret share, encrypt or garble circuit) of the
inputs and the post-process of the results (join or decrypt).
Market Target End-users of multiple sectors, security providers, service/application
developers.
Independency The SSP module can autonomously work on data to perform low-level
tasks related to protection/protected processing/disclosure as a Service
through a RESTful API. Within WITDOM architecture, it relies on the
Protection Orchestrator and a common storage. The core of the component
is developed under C/C++, and will be cross-compiled for several
architectures.
Availability Still under development
Licencing Copyright (subject to revision)
Ownership UVIGO
Component manager Juan Troncoso ([email protected])
TRL 3
2.2.1.2.4 Secure Computation (SC)
Table 7. Component: SC
Functionality Performs a subset of the required operations in the WITDOM domain on
the encrypted domain, homomorphically.
Market Target Cloud Computing Providers
Independency For those functionalities that can be fully performed in the encrypted
domain, i.e., homomorphically, it is independent from other WITDOM
components.
Availability Not available yet. Software library will be publicly available (url will be
provided), hardware will be provided as a blackbox.
Licencing Software will be open source. Hardware will be offered as a blackbox
component.
Ownership KU Leuven COSIC
Component manager Sujoy Sinharoy ([email protected])
TRL 4
2.2.1.2.5 Integrity and Consistency Verification
D7.10 – Initial Exploitation Plan
Page 21
Table 8. Component: Integrity and Consistency Verification
Functionality Protects the integrity and consistency of data outsourced to an untrusted
remote storage (e.g. commodity remote storage services). In particular,
this component targets applications where multiple users collaborate on
outsourced data.
Market Target Cloud storage user with strong security requirements in terms of integrity
and consistency.
Independency Depends on a remote storage system such as OpenStack Swift.
Availability TBD
Licencing TBD
Ownership IBM
Component manager Marcus Brandenburger ([email protected])
TRL 3
2.2.1.2.6 Key Management (KM)
Table 9. Component: KM
Functionality Secure provisioning, management and storage of secrets (e.g. private keys,
certificates, passwords). The component can connect with security
appliances (i.e. Hardware Security Modules - HSMs) in order to provide a
higher level of security and with cryptographic back ends using KMIP
standard.
It has a plugin mechanism that allows extending the component so support
standard and non-standard secret generation.
Market Target Security providers, service/application developers, end-users of multiple
sectors.
Independency It depends on the IAM to control access to the secrets
Availability Under development.
Licencing Open source*
Ownership XLAB, Atos
Component manager Aleš Černivec ([email protected]), Nicolás Notario
TRL 7
2.2.1.2.7 End-to-End Encryption (E2EE)
Table 10. Component: E2EE
Functionality The data sent to the cloud provider is beforehand locally encrypted on the
client’s machine. By that confidentiality and integrity is enforced to the
data provided by the client. With complementary components (Auditor
and Remediation system) write-serializability and read-freshness can be
enforced.
D7.10 – Initial Exploitation Plan
Page 22
Market Target Cloud storage providers.
Independency Depends on the cloud storage system used within the platform. Swift cloud
store is planned to be used with the prototype.
Availability http://www.specs-project.eu/solutions-portofolio/e2ee/
Licencing Open source, AGPL
Ownership XLAB
Component manager Aleš Černivec ([email protected])
TRL 5
2.2.1.2.8 Broker
Table 11. Component: broker
Functionality The purpose of the Broker is to isolate the applications and other
components of the infrastructure from the network topology and
location.
Market Target The market target for this module is the hybrid cloud community. The
movement of peak load charges or data between different environments,
trusted and untrusted needs to address some issues like location, external
access management, and data security.
Independency The broker depends on other three modules: Deployment manager, IAM
module and PO. Deployment manager provides the services’ information
needed by the broker to relay the received requests properly. The IAM
module provides the authentication for the application requests in order
to authorize their access. The PO is the module in charge of the
operations oriented to the data protection if it needs to be transferred to
an untrusted domain.
Availability The component is still not available, it is under development.
Licencing Copyright (subject to revision).
Ownership Gradiant
Component manager José L. Otero Pena ([email protected])
TRL 3
2.2.1.2.9 Protection Orchestrator (PO)
Table 12. Component: PO
Functionality This component parses the protection configuration of an application and
applies it by building the requests to the protection components deployed
in the trusted domain of WITDOM and calling them for protecting the
input data before being sent to the untrusted domain, and disclosing the
results after a service finished.
Market Target Service/Application developers, researchers, WITDOM end-users.
Independency The PO receives requests from the broker and interacts with the protection
components of WITDOM through a RESTful API. It depends on the
protection components and an adequate configuration to fulfil the final
protection functionalities.
D7.10 – Initial Exploitation Plan
Page 23
Availability Still under development
Licencing Copyright (subject to revision)
Ownership UVIGO/Atos
Component manager Juan Troncoso ([email protected])
TRL 2
2.2.1.2.10 Identity and Access Management (IAM)
Table 13. Component: IAM
Functionality ConSec is an implementation of a federated identity management solution
enabling access to protected web resources via untrusted network (public
internet). The framework is capable of bridging different identity domains,
“federation” means that potentially multiple identity providers (IdPs) and
multiple service providers (SPs) are separate entities.
Market Target Cloud service providers (CSPs).
Independency The framework consists of several components that are dependent of each
other, e.g. OAuth2 Authorization Server, IdP, Auditing service.
Availability https://github.com/consec/ConSec
Licencing Open source, BSD licence
Ownership XLAB
Component manager Aleš Černivec ([email protected])
TRL 5
2.2.2 Services
Services are intangible assets of the project, as they are capabilities that could create new revenue
streams for individuals and/or organisations. WITDOM does not offer services at the time of release
of this deliverable, but these can be included in the final offering, as value that can contribute to
differentiate the offering. The following services are considered:
Training services: IT analysts belonging to service providers (see also section 3.1) could be
provided with training to be able to deploy WITDOM framework into their operational
environments of influence. This would eliminate the frustrating trial and error that often
accompanies deployment, as well as maximize the utilization of WITDOM key features. Any
insight into encryption, PETs, and protection orchestration, could be of great, generic value
and benefit to the security community at large. Such training could help provide target users
with better insight and understanding of the application of data protection via WITDOM
framework.
Configuration/customization services: The adaptation of WITDOM to a specific context, such
as a new customer environment could be offered as service. Partners of WITDOM are in
principle able to offer customisation services for a client or a security vendor depending on
the requirements.
Both categories could be offered in remote or on-site versions.
2.2.3 Knowledge
Apart from developments there are other kinds of results in WITDOM that can be exploited (used),
mostly in a non-commercial way. What follows is a list of such results.
D7.10 – Initial Exploitation Plan
Page 24
2.2.3.1 Know-How
Under this category the following outputs can be mentioned:
Project deliverables. Public deliverables are available for the target audience at the project
website. http://www.witdom.eu/deliverables
Project publications. WITDOM publications, mainly research papers, follow a Green Open
Access, this is they are freely available through either the project website or an open access
repository, which is linked from the project website. http://www.witdom.eu/publications
Video- and audio-recordings from workshops and discussions. They are accessible from the
project website.
2.2.3.2 Methodologies
During the first project stages, WITDOM has applied two methodologies related to the requirements
elicitation from scenarios and the formalization of technological requirements. They are shortly
described in the Table 14.
Table 14. List of methodologies developed in WITDOM
Methodology Description Creator Target user Level of
dissemination
SPACE
(Security and
PrivAcy
CodEsign)
SPACE is a new methodology for
requirements elicitation that combines
the PRIPARE project [41]
methodology for Privacy and Security
by Design with the Co-Creation
Methodology, which targets the
innovation and the deployment of
tomorrow’s eServices by involving the
users directly in their creation process.
The SPACE methodology provides a
way for involving and engaging the
end-users in the elicitation of privacy
and security requirements supported
by concrete tools.
ATOS,
FSCR
Researchers Public (D2.1)
Available on
the project
website.
Requirements
formalization
process.
This methodology helps to formalize
user requirements into technological
requirements. User requirements are
expressed in a fashion that cannot be
directly used as input for any technical
design. Hence, it is necessary to map
these high-level requirements into
concrete technological requirements
that can actually be fulfilled by the
developed technologies, and that can
be validated within the project.
UVIGO Researchers and
secure
systems/services
designers and
developers
Public (D3.1)
Available on
the project
website.
2.2.3.3 Architecture
The WITDOM architecture represents the design of the WITDOM end-to-end security framework.
The architecture aims at conceptualizing a flexible end-to-end framework, which not only forms the
basis for securing the use-case applications provided by the scenarios, but also serves as a foundation
D7.10 – Initial Exploitation Plan
Page 25
for protecting many further applications that use remote untrusted services. Figure 5 presents an
overview of the initial architecture, provided in the deliverable D4.1. Table 15 provides some
characteristics of this preliminary architecture.
Figure 5. WITDOM initial architecture
Table 15. WITDOM architecture fiche
Functionality WITDOM architecture
Market Target Research
Level of dissemination The initial WITDOM architecture is explained in the confidential
deliverable D4.1 (delivered in December 2016), but will be refined and
upgraded in the public deliverable D4.2 - Final specification of an end-to-
end secure architecture (due in August 2016). The deliverable D4.5 will
also include a preliminary specification of the adaptation layer for cloud
computing.
Characteristics The WITDOM architecture possess the following characteristics:
Service-oriented architecture
Flexible design
Modular: The architecture assembles several building blocks
Architecture allows end users to develop their own applications
The WITDOM architecture does not rely on a specific deployment
model or service environment.
D7.10 – Initial Exploitation Plan
Page 26
2.2.3.4 Primitives
UVIGO designs and develops secure signal processing primitives, which will be published in
scientific conferences and can be of independent interest for the development of advanced secure
processing algorithms. The value of these primitives is oriented towards knowledge exploitation;
those commercially valuable primitives will be packaged in the toolkit and the components as part of
WITDOM’s architecture.
The first contribution of KU Leuven – COSIC to the WITDOM primitives will be to design and
implement the Recryption Box, which will be used to speed up the bootstrapping procedure in the
hommorhic domain. The recryption box can be instantiated in three different ways. In the first and
simplest way, the recryption box will work as an HSM service of the cloud. In this setting the HSM
will contain the public/private key pair of the user. To clean an encrypted data, the cloud will send
the masked data to the HSM service and then the HSM will perform a decryption followed by an
encryption. Note that in this type of instantiation there will be one HSM per user. In the second type
of instantiation, the HSM will contain its own public/private key pair. This instantiation uses the key
switching concept of recent homomorphic encryption scheme: encrypted data under users’ public key
will be converted into encrypted data under the recryption box’s encrypted data. The third
instantiation uses Shamir’s secret sharing concept. In this setting the cleaning of encrypted data will
be done by a set of HSMs handled by different parties. This instantiation is the strongest in terms of
security. The second contribution of KU Leuven – COSIC will be the WITDOM C++ crypto library,
which will be used for aiding computations in the untrusted environments. It will support
homomorphic encryption functionalities, including a neural network with backpropagation and other
computations suitable for large encrypted datasets so that data processing can be done in the cloud
without decrypting them. KU Leuven will publish the research results in scientific conferences and
journals. We will aim mainly towards knowledge exploitation, but also both primitives will be
included in the components toolkit of WITDOM’s architecture.
IBM's contributions to WITDOM primitives are twofold: First, the design of provable secure data
masking schemes, which features updates of masking keys. These schemes produce identifier-
specific tags which cannot be linked back to the identifier, and are unlinkable across epochs, i.e., two
tags produced for the same identifier, but with different masking keys, cannot be related to each
other. Second, the design of efficient integrity and consistency verification schemes with particular
focus on collaboration applications. That is, applications where multiple users collaborate on a shared
resource located in an untrusted environment (e.g. online file sharing and online text editor). These
schemes will enable end users (e.g. enterprise customers) with strong security requirements (e.g. in
terms of integrity) to employ collaboration applications in untrusted environments, such as the Cloud.
IBM aims at publishing the results of the research in these topics in relevant scientific conferences
and journals; also to discuss them in workshops in the area of privacy-enhancing technologies and
cloud security. Furthermore, IBM intends to expand expertise in these areas in order to incorporate in
solutions for customer projects.
2.2.3.5 Privacy metrics
WITDOM’s design and assessment methodology comprises the use of novel privacy metrics for
evaluating the fulfilment of the privacy-related requirements for the developed primitives and
systems. WITDOM’s metrics allow for a qualitative assessment of the achieved privacy levels, which
enable more accurate and effective system evaluation and privacy-by-design practices. Additionally,
some of the metrics are specifically related to the two application scenarios, and they can be applied
to systems dealing with genomic and financial data. These metrics will be made available for the sake
D7.10 – Initial Exploitation Plan
Page 27
of knowledge exploitation through the corresponding WITDOM public deliverables and scientific
publications.
2.2.4 Brand
The project brand could be considered as an intangible asset. It is worthy differentiating the project
brand, used during the project execution, from the final brand to commercialize the solution. The
current brand is built on the project logo and the identity it projects. However in a final commercial
solution it can be advisable to separate its identity from the project identity.
In a first analysis, the WITDOM brand is clearly distinctive and fanciful but not descriptive therefore
it would not be rejected for such registration. The NICE class would be 42 - IT security, protection
and restoration. In a first search in the European Union Intellectual Property Office (EUIPO)[8] there
was no result for any registration under that label.
D7.10 – Initial Exploitation Plan
Page 28
3 Market Analysis
3.1 Initial segmentation
For this first exploitation deliverable the initial segmentation considers the type of targets WITDOM
would address. This considers the following categories:
Vertical Service Providers (VSPs). A VSP delivers IT services and solutions that are
purposely designed, built, delivered and addressed for a vertical market, for example
Healthcare and Financial services. In WITDOM two options are identified:
The scenario service provider, this is the IT departments of scenario providers. In the
WITDOM project this role is represented by FSCR for the eHealth scenario and by
BBVA for the Financial Services scenario, who could adopt WITDOM solutions to
improve the security and privacy of their services.
Managed service providers. Scenario owners have the option to out-task some or all of
their operation tasks and retain control of the rest, even if the equipment is physically
located at the provider’s site. In some cases, the operation could be fully managed by
the service provider.
Managed security service provider (MSSPs). A MSSP is a type of service provider that
provisions remote software/hardware-based information or network security services to an
organization. MSSPs can also be VSPs, but in this category we adopt a more general vision,
as they refer to providers that can deliver to different verticals. In the WITDOM project, this
role is represented by Atos, or better said, its internal business units/transfer lines who could
adopt the WITDOM solutions to provide a better offering to its customers, belonging to
different verticals.
Service developers. Application, component and/or integration developers that have access
to WITDOM items.
Researchers. This refers to any organisation, group, initiative or individual conducting
research related to the security field, in particular to the research areas that lie within the
WITDOM scope: Privacy Enhancing Techniques (PETs), Practical Homomorphic
Encryption, Secure Signal Processing (SSP), Verifiability and Integrity, as well as Legal
Framework. This category comprises universities (including Master and PhD students),
research institutes, information security labs, or similar R&D projects.
Table 16. Initial segmentation
Segment WITDOM value
Vertical Service Providers WITDOM solution allows an effective protection of sensitive
data before its outsourcing to the untrusted domain, where
multi tenants can operate. Protection of data is achieved by
advanced crypto and PETs technologies developed by
WITDOM. This facilitates the transition of operations to the
public cloud while remain compliant with the EU data
protection regulation. Moreover, indirect benefits can be
achieved through end-users’ valorisation based on increased
trust in offered services.
Managed security service provider By adopting WITDOM advanced solutions, existing security
service portfolios can be enhanced, contributing to a higher
differentiation and strengthening the service providers
D7.10 – Initial Exploitation Plan
Page 29
’competitive positioning in the market. The existence of a
wider variety of protection mechanisms allows them to produce
the best combination with respect to the application functional
and security needs.
Service developers Benefits refer to the availability of different protection
mechanisms to produce the best combination with respect to
the application functional and security needs.
Researchers By approaching WITDOM techniques and methodologies, the
research community can strengthen its technical competences
in the areas of research covered by WITDOM.
3.2 Environment analysis
This section describes the framework of macro-environmental key factors (Political, Economic,
Social & Technological f= P.E.S.T) which can drive and have an impact on the exploitation of the
solutions from the WITDOM project. Table 17 represents a summary of each aspect. The following
sections provide further information about each.
Table 17. PEST analysis
Political-Legal Economic
The Digital Single Market strategy
EU protection regulation
The EU-US Privacy Shield agreement on
transatlantic data flows.
European Cloud Computing Strategy
Eurozone Economy recovery
Dynamic growth of R&D investment in
2016
Societal Technological
Privacy is becoming a value to which
customers will respond
Shortage of IT professionals
Reliance and trust on technology
Attitude towards workplace
Cloud as technological core
Hybrid cloud on the rise
Privacy- by -Design
Encryption adoption on the rise
3.2.1 Political-Legal
3.2.1.1 The Digital Single Market
On 6 May 2015, the European Commission adopted a new strategy to create a fully integrated Digital
Single Market (DSM) [9] [10] , in order to gradually bring down the remaining obstacles and move
from 28 national markets to a single one. The DSM strategy aims to open up digital opportunities for
people and business and enhance Europe's position as a world leader in the digital economy.
The DSM strategy comprises a mix of legislative and non-legislative initiatives, centred on three
pillars involving 16 actions to be delivered by the end of 2016. The pillars are: (i) improving access
to digital goods and services for consumers and businesses, (ii) creating the conditions for digital
networks and services to prosper, and (iii) maximising the growth potential of the digital economy.
In particular, the initiative #14 -”Free flow of data” addresses the following actions by the
Commission, as it is summarized in the DSM document: “The Commission will propose in 2016 a
European ‘Free flow of data’ initiative that tackles restrictions on the free movement of data for
D7.10 – Initial Exploitation Plan
Page 30
reasons other than the protection of personal data within the EU and unjustified restrictions on the
location of data for storage or processing purposes. It will address the emerging issues of ownership,
interoperability, usability and access to data in situations such as business-to-business, business to
consumer, machine generated and machine-to-machine data. It will encourage access to public data
to help drive innovation. The Commission will launch a European Cloud initiative including cloud
services certification, contracts, switching of cloud services providers and a research open science
cloud.”
The DSM is still under a public consultation process aimed at gathering views and opinions on the
restrictions faced by users, consumers and businesses when they access or provide information, shop
or sell across borders in the European Union [11] , and it is expected that the results of the
consultation are soon made publicly available. The results of this consultation may complement the
challenges identified in the present white paper as they collect the points of view from consumers,
businesses, national authorities at all levels and interested organisations about major restrictions and
issues for cross-EU services and data.
3.2.1.2 The European Data Protection Regulation
In December 2015, the European Union agreed the draft text of the new European Data Protection
Regulation [12] . The aim of the new regulation is to harmonise the current data protection laws in
place across the EU member states. It will replace the current Data Protection Directive [13] (known
as the Directive 95/46/EC), and will be directly applicable in all Member States without the need for
implementing national legislation.
Even though the new data protection regulation is expected to come into force in the first half of
2018, it is also believed to have an immediate impact as it contains some onerous obligations. The
new regulation expands on the wording of Directive 95/46/EC and it is more specific,
comprehensive, and strict. It imposes new regulatory requirements such as data residency, data
breach detection and notification, encryption and data deletion policies, which have a significant
impact with regard to security and the cloud.
Moreover, the new regulations, while strong on EU citizens’ data protection, are intended not to
hamper business and to encourage growth in the European data economy. As a matter of fact the new
regulation contributes to the implementation of the DSM, as it facilitates business by simplifying
regulatory requirements companies across member states. At the same time the implementation of the
DSM can only be built on trust. With solid common standards for data protection, citizens can be
sure they are in control of their personal information.
3.2.1.3 The EU-US Privacy Shield
With the new Data Protection regulation, companies outside the EU will need to start thinking
through compliance with the General Data Protection Regulation (GDPR). Unlike the EU Data
Protection Directive (“EU Directive”), the GDPR will apply to processing by a data controller or a
data processor not established in the European Union if the processing activities are related to the
offering of goods or services to EU data subjects, as well as to profiling of EU data subjects’
behaviour while subjects are in the EU.
Safe Harbor was the name of an agreement between the United States Department of Commerce and
the European Union that regulated the way that US businesses could export and handle the personal
data of European citizens. The goal of Safe Harbor was to provide a single set of data protection
requirements for transferring data across the borders of countries that joined the Safe Harbor group.
Under the Safe Harbor Decision, if companies self-certified compliance with the “safe harbor
principles,” the EU assumed that there was adequate protection of personal data. In October 2015, the
D7.10 – Initial Exploitation Plan
Page 31
European Court of Justice reversed the Safe Harbor agreement because it does not adequately protect
consumers in the wake of the Snowden revelations.
At the beginning of February 2016 The European Commission signed off on a new data transfer
agreement with the US to substitute the old Safe Harbour agreement. The new EU-US Privacy Shield
[14] reflects the requirements set out by the European Court of Justice in its ruling on October 6th
2015, which declared the old Safe Harbour framework invalid. The new arrangement will provide
stronger obligations on companies in the US to protect the personal data of European citizens and
stronger monitoring and enforcement by the US Department of Commerce and Federal Trade
Commission, including through increased cooperation with European Data Protection Authorities.
3.2.1.4 The European Cloud Computing Strategy
In September 2012, the European Commission adopted a strategy for”Unleashing the Potential of
Cloud Computing in Europe” [15] . The strategy outlines actions to deliver a net gain of 2.5 million
new European jobs, and an annual boost of €160 billion to the European Union GDP (around 1%), by
2020. The strategy is designed to hasten and stimulate the use of cloud computing across all
economic sectors.
The strategy includes three key actions: (i) Safe and Fair Contract Terms and Conditions, aiming at
developing model contract terms that would regulate issues not covered by the Common European
Sales Law (CESL) [16] , such as data preservation after termination of the contract, data disclosure
and integrity, data location and transfer, or ownership of the data, among others; (ii) cutting through
the jungle of Standards, fostering interoperability, data portability and reversibility; (iii) establishing
a European Cloud Partnership[17] bringing together industry and the public sector to work on
common procurement requirements for cloud computing in an open and fully transparent way.
3.2.1.5 US tech companies shielding data from government.
The application of cryptographic countermeasures increased quite a lot in the last years, and many
companies are considering introducing strong techniques for obfuscating their customers’ data. As an
example, in September 2014[18] , Apple introduced new encryption into its iPhone operating system
that would make it mathematically impossible for the company to unlock them for investigators. This
was a departure from the past, when US government investigators could get access to a device under
the provisions of a search warrant. Apple’s shift was in response to increased digital privacy concerns
and distrust of America’s digital spies following revelations from the Snowden’s case. Since then, the
US agency FBI has been trying to figure out a way around the software.
Apple and the US government want to set a legal precedent about where digital security ends Valley
shadowboxing. Speculation and national security begins after nearly two years of hearings, open
letters and Washington-Silicon has already begun about how far both sides are willing to go in
appealing unfavourable rulings.
For Apple, this is a battle that extends well past one iPhone. Apple sells a lot of things – 74.7m
iPhones in the last quarter, for example – but its biggest selling point these days is privacy. Cook has
made clear the fight for privacy is in some ways a personal one. He has spoken out on the importance
of civil rights on numerous occasions and is fundamentally committed to protecting his customers’
right to privacy.
The outcome of this particular fight will impact the business decisions of every other major tech
company when it comes mobile devices, Internet services and apps. People who value their privacy
above anything else will continue to use encrypted devices, even if these gadgets aren’t iPhones. On
top of that, they’ll ensure they install encrypted apps on these devices, adding extra layers of
protection. If the FBI does establish a precedent by defeating Apple, people who want to hide from
D7.10 – Initial Exploitation Plan
Page 32
law enforcement agencies will find and use gadgets and services made by companies that aren’t
based in the US, and that won’t be subjected to a similar court battle.
3.2.2 Economic
3.2.2.1 Eurozone recovery continues
A recent report by Focus Economics [19] shows that the Eurozone economy grew gradually in the
last quarter of 2015, continuing the modest pace of recovery seen in the previous quarter. The
Eurozone economy picked up pace last year as healthy consumption led to a 1.5% increase in gross
domestic product (GDP), the strongest growth seen since 2011. Eurozone GDP improved 0.3%
quarter-on-quarter in Q4, which matched Q3’s pace of growth.
The conditions that led to last year’s recovery remain largely in place and the economy is expected to
record another healthy expansion in 2016. Q4’s expansion likely came on the back of solid domestic
data while the external sector is expected to have performed slowly. Consumption continues to be
propelled by low inflation, an improving labor market as well as by favorable financing conditions.
On the other hand, sluggish external demand—particularly from emerging economies—is likely to be
keep the Eurozone recovery stuck in a low gear and poses one of the main challenges to the growth
outlook going forward.
Analysts see a growth of 1.6% in 2016, and looking forward, the Eurozone economy is expected to
maintain that pace of growth in 2017 and is seen increasing 1.6%.
3.2.2.2 Dynamic growth of R&D investment in 2016
The 2016 Global R&D Funding Forecast by R&D Magazine [20] exposes that global R&D
investments will increase by 3.5% in 2016 to a total of $1.948 trillion in purchasing power parity
values for the more than 110 countries having significant R&D investments (more than $100
million). As in preceding years, the growth in global R&D investments is being driven by spending
in Asian countries, particularly in China. Asian countries account for more than 40% of all global
R&D investments, with North American investments less than 30% and European R&D only slightly
more than 20%.
Figure 6. Share of Total Global R&D spending
(Source:R&D magazine)
Much of the R&D growth in a country is driven by that country’s economic growth, measured by the
GDP. As documented by the IFM, GDP growth has small increase for European countries.
Sixteen of the European Union’s 28 member countries are included in the report’s Top 40 R&D
investing countries in the world. Three of the Top 10 R&D investing countries include Germany,
D7.10 – Initial Exploitation Plan
Page 33
France and the U.K., with 2016 R&D forecasts of $109.25 billion, $60.05 billion and $45.54 billion,
respectively. Their R&D/GDP ratios are 2.92%, 2.26% and 1.78%, respectively. Germany is the
leading country in Europe for economic power, GDP ($3.741 trillion forecast for 2016), R&D,
industrial R&D and manufacturing production, technical paper publishing and patents.
When comparing US R&D to European R&D, US is considered superior in overall R&D, but not in
R&D quality, productivity, basic and applied research, development and R&D trends. When
comparing the top companies in the world with regard to R&D, the comparisons are close to equal
with 19 of the Top 50 corporations in the world being in Europe, 19 in the US and 12 in Asia.
In the US and Europe industrial R&D accounts for the largest share of each country’s total R&D
investments. R&D magazine forecasts a dynamic growth for 2016, with the ICT industry R&D
spending increasing by 5.5% to $204.5 billion.
Some technologies are expected to change the most over the next three years by 2018. There are no
surprises here, just a continuing technological progression with information technologies (IT) and
nanotechnology leading the way, followed by Software Analysis, Software Simulation, Big Data and
Virtualization.
3.2.3 Societal
3.2.3.1 Privacy is becoming a value to which customers will respond
Privacy is becoming a value to which customers will respond. Customers are changing their
behaviour because they do care about privacy. Despite the apparently different approach to privacy to
EU, this is also coming true in the US, where a 33% of online adults have canceled a transaction due
to privacy concerns. Actually the TRUSTe/National Cyber Security Alliance US Consumer Privacy
Index[22] found that 92% of US internet users worry about their privacy online, and the top cause of
concern is companies collecting and sharing their personal information, , even though only 3 in 10
Americans understand how organization share their personal data. For businesses, privacy should be
a major worry, as 89% of those users surveyed say they avoid companies who do not protect their
privacy and 74% say they have limited online activity due to privacy concerns.
Recent studies, such as “Predictions 2016: The Trust Imperative For Security & Risk Pros” [23] by
Forrester Research, suggest that public concern into online privacy issues will reach a tipping point in
2016. This will force Governments, and private companies to take much stronger measures to ensure
the privacy of their users. The study indicates that organizations usually make the mistake of thinking
that privacy is only about meeting compliance and regulatory requirements at the lowest possible
cost, while it is about time to recognize the importance of better customer relationships built on trust.
Businesses that collect, store and use people’s data are most at risk of appealing hackers and
regulatory oversight. Data brokers also stand to suffer the most when consumers decide to prioritize
privacy over convenience, something that is already beginning to shape online behavior as consumers
attempt to protect themselves from privacy abuses or identity theft.
3.2.3.2 Shortage of ICT specialists
According to a report issued by Eurostat in early 2016 [22] , there are almost eight million ICT
specialists employed in the EU in 2014, representing 3.7% of total employment. This profession is
largely made up of men, accounting in 2014 for more than eight ICT specialists out of ten employed
in the EU (81.9%). The fraction of women working in this segment of the labour market in the EU-28
has shrunk since 2005, to 18% in 2014. ICT employed mainly highly educated people, with more
than half (56.5%) of ICT specialists in the EU having a tertiary education level.
During the last decade, ICT specialists employment in the EU-28 has resisted the effects of the
downturn and of uncertainty on global labour markets, and remained on an upwards path. Growth in
D7.10 – Initial Exploitation Plan
Page 34
the employment of ICT specialists averaged 4% over the period 2006-2014, more than twelve times
higher than the average growth rate for total employment over the same period. In 2014, ICT
specialists in the EU were mainly employed in the United Kingdom (1.49 million persons), Germany
(1.47 million) and France (0.91 million). These countries accounted for almost half of all ICT
specialists employed in the EU in 2014.
Over recent years, both the number and the share of ICT specialists in total employment have
incessantly increased to better adapt to an ever digitalized and connected world. However, almost
40% of enterprises, which recruited or tried to recruit ICT specialist, had hard-to-fill vacancies in
2014.
3.2.3.3 Reliance and trust on technology
The concept reliance means that our society cannot function any longer without the use of
technological devices. This includes smartphones, debit and credit cards, computers, and the Internet,
among others. They are confident that with that technology at hand anytime, anywhere, they can face
any challenge that might arise in their daily lives. Internet of Things (IoT) will be, alongside
mobility, transformative of daily life. Our ability to interact with objects could be altered remotely
based on immediate or present needs, in accordance with existing end-user agreements. Our trust in
technology has already profoundly changed our personal behaviours.
Society also relies on the technology to do more and more for us: nowadays almost anything can be
managed from a smartphone or tablet if and when required. The multitude of apps available covers
the diversity of needs that could pop up during the day.
While new technologies can enhance lives and streamline the way we do business, regrettably there
are individuals and entities who will attempt to exploit them to do harm. Thus trust, privacy, and
security are becoming pressing issues as more and more people, irrespective of their IT expertise,
become interconnected via the Internet and the amount of available personal and sensitive
information increases. To overcome these challenges, new technologies are needed to make security
and privacy aspects more approachable to society, in order to either increase their knowledge and
awareness on the risks when using the technologies or to ease the use of these technologies in a
reliable manner.
Another key aspect to building trust is the capability to adjust the functioning and properties of ICT
to individual preferences, which comes together with the concept of usability.
3.2.3.4 Changing attitude towards work(place)
Attitudes relating to work (work-life balance) and the workplace seem to be shifting, especially in the
‘advanced’ economies. This concept refers to giving individuals more control over the conditions at
work. It is also related to the physical location where work would need to be performed (home,
office, someplace else) and the way people are (or want to be) managed. This trend also makes it
possible for companies to hire talent outside their immediate geographic area, which mitigates to a
certain point the lack of IT skilled resources.
With employees working across multiple devices from various locations at any time, and
communicating with peers, partners and customers, it is important to create a seamless work
experience and distributed collaborative environments, while at the same time satisfying the
organization’s requirements for security and control, as well as meeting regulatory requirements for
data handling and confidentiality.
D7.10 – Initial Exploitation Plan
Page 35
3.2.4 Technological
3.2.4.1 Cloud as technological core
Recent markets studies confirm that adoption of cloud computing continues at fast pace. As an
example, the consultancy company IDC predicts that by 2018, at least half of the IT spending will be
cloud based, reaching 60% of all IT infrastructure and 60-70% of all software, services, and
technology spending by 2020.
Virtually none of the other 3rd Platform technologies (big data analytics, mobile, social, IoT,
cognitive, etc.) or major Digital Transformation (DX) business initiatives are possible without the
cloud as the foundation, especially in scaled-up implementations. This means that over the next
several years enterprises will dramatically scale up their adoption of cloud services, especially those
pursuing DX strategies. By 2020, organizations' spending on cloud services (hardware and software
to support cloud services, and services for implementing and managing cloud services) will exceed
$500 billion, around three times what it is today.
This rapid shift of cloud services — from an "emerging" IT architecture to the preferred foundation
for enterprise IT and digitally transformed businesses — has important implications for IT and
business leaders.
Despite the increasing maturity of both cloud users and cloud providers, there are still some factors
that hold back a full transition to the cloud. According to a survey by the Cloud Security Alliance,
security remains the top barrier to cloud adoption with a 73%, as indicated in Figure 7. This refers to
security of data, which includes privacy aspects. Other studies [27] suggest that the concern about the
lack of IT resources and expertise is increasing and could supplant soon security as the largest
challenge to address.
Concern about regulatory compliance, with 38%, is also an important factor. As a matter of fact, the
passage of the EU Data Protection Legislation will have a significant impact on IT spend. Figure 8
shows the top three priorities per vertical. Regulatory compliance and protection of sensitive data
appear are systematically represented for most verticals, including Healthcare and Finance, who are
represented in WITDOM.
Figure 7. Top challenges holding back Cloud projects
(Source: Cloud Security Alliance)
D7.10 – Initial Exploitation Plan
Page 36
Figure 8. Verticals top 3 priorities
Health care is widely adopting cloud-based services to exchange medical, financial and related
sensitive data across Health Care Information Exchange networks, rural health collectives, and large
cloud service providers specializing in pharmaceutical, radiology, billing and other areas of specialty
traditionally outsourced by health care organizations. Research and consulting firm Markets and
Markets reports that, globally, 32% of health care facilities surveyed are using cloud applications. Of
those not yet migrating to the cloud, close to 75% are considering doing so over the next three to five
years.
With regard to the Financial Services, both the Cloud Security Alliance [24] and ENISA [25] indicate
that the financial sector is still in the early stages of cloud adoption. Infrastructure flexibility, reduced
total cost of ownership, and shortened time to market are just some of the top reasons to move to the
cloud. According to CSA, a majority 61% of financial institutions is developing a cloud strategy
within their organization, where mutual strategies use a mix of private, public, or hybrid cloud
environments. The exact deployment models companies took are correlated to the maturity of their
cloud strategies. ENISA indicates that almost 88% of EU Financial Institutions are by now using
cloud based services before June 2015, and 81% were aware these were cloud-based and their
implications. In approximately 1 out of 4 organisations consulted, there were business units using
cloud based services without the involvement of the respective IT department (“shadow IT”).
3.2.4.2 Hybrid cloud on the rise
As the cloud computing market continues to grow, enterprises are exploring different cloud models in
search of the right balance of functionality, flexibility and investment protection. The adoption of
hybrid cloud is gradually gaining momentum amongst enterprises, and in the coming years, this
cloud delivery model is expected to go mainstream. The major point of differentiation for hybrid
cloud is the flexibility it provides to the client, to adopt either a public cloud or private cloud, based
on the applications and data they want to run or store in the cloud. According to a recent survey by
RightScale [27] , Hybrid cloud is the preferred strategy. The use of hybrid cloud environments has
grown to 71 percent, up from 58% in 2015.
For sectors such as financial services and government, the hybrid cloud model makes the most sense,
as there is more concern with the security and integrity of the data stored in the cloud; however,
enterprises looking for economies of scale will also achieve high value to cost ratios by deploying a
hybrid model.
D7.10 – Initial Exploitation Plan
Page 37
Over the coming years, many different versions of the hybrid cloud are expected to evolve, including
virtual private clouds, such as a private cloud on top of a pubic cloud, i.e. AWS’s VPC, and a shared
private cloud or community cloud.
In addition, vendors are also looking to provide multiple cloud offerings in a hybrid model, such as
the combination of IaaS, SaaS, and PaaS. Analysts note that the concept of multiple cloud models is
set to gain momentum in the coming years, with most cloud vendors and cloud brokers providing a
bundled solution, integrating PaaS to IaaS and SaaS.
The other factor driving the demand for hybrid cloud solutions is that most enterprises that have
opted for public or private cloud solutions from multiple vendors, are finding it tough to effectively
track their resources and investment and achieve expertise in every cloud solution that they have
deployed. Consequently, these organizations are set to move towards a hybrid cloud environment that
will enable them to simplify their private-public cloud mix by procuring that solution from a single
hybrid cloud solution provider.
3.2.4.3 Privacy-by-design
For companies that are making use of cloud services, there are two areas to consider. The first is the
responsibility for ensuring that third parties are measuring up to their promises around security and
data privacy. This should be outlined in any contract between the organisations, as well as being
audited on a regular basis. The second element is how cloud-based security services can be used to
track status of devices and implementation of updates to ensure that the organisation's vulnerability
management strategy is enforced. The second option is an organization shift towards “design
thinking”, which implies a closest look into the users’ needs. It requires embed privacy standards into
technology and the product design process from the start.
3.2.4.4 Encryption adoption on the rise
According to the recent Ponemon Institute's “2016 Global Encryption Trends Study” [28] ,
commissioned by Thales e-Security and Vormetric Data Security, there has been a big leap in the
number of organizations using encryption across the enterprise. 41% of respondents indicated that
encryption is adopted extensively in their organizations, which represents an increase from 16% in
2005. Nevertheless, a 15% of respondents indicated that their organizations have no comprehensive
strategy for encryption.
Encryption adoption depends on the industry: financial services and healthcare are the biggest users
of encryption, because of regulatory pressures. The manufacturing and consumer products industries
are the least like to adopt encryption.
As with most security technology adoption, compliance is a big factor driving encryption. More than
60% of respondents say compliance with privacy and security rules are the main reason they are
adopting encryption across the organization, while compliance with internal policies (15%) and
avoiding a data breach disclosure (8%) ranked much lower.
One of the biggest hurdles to encryption is the residency of sensitive in today’s “borderless” network
(57% of respondents). Initial deployment of encryption and identifying which data to encrypt are
other factors that impedes encryption.
3.3 Competitors
3.3.1 Overview of the cloud-based security services market
WITDOM is a security and privacy solution, therefore the target market is the security market. The
on-premises security market is still growing, but the gains look meager next to the accelerating
growth of cloud-based security services. Gartner is predicting this market to hit $4.13 billion by
D7.10 – Initial Exploitation Plan
Page 38
2017, as shown in .According to its study titled “Market Trends: Cloud-based Security Services
Market, Worldwide, 2014,” [29] . The research firm Markets and Markets expects the global cloud
security market to grow from $4.20 billion in 2014 to $8.71 billion by 2019, which represents a
CAGR of 15.7% from 2014 to 2019.
Cloud-based security is taking off as the cloud adoption is growing. For most organizations, it’s
about ease of deployment and management: cloud security solutions remove that burden and
therefore lower operating costs. This is an important reason why the MSSP market would more than
double before the end of the decade, from $14.3 billion in 2014 to $31.9 billion by 2019. The
transition of because business processes and data are moving to the cloud, it also makes sense that
security services also be cloud-based. This is called MSS 2.0.
Not only large enterprises that will be embracing MSSPs; as small and midsize businesses continue
to move to cloud, they will rely almost entirely on cloud-based security controls, many experts
predict. In fact Gartner attributed the growth of the cloud-based security market to the adoption of
these services by small- to-mid-sized business in particular.
Figure 9. Forecast for Cloud-based Security Services Market
(source: Gartner)
Certain market segments mentioned in the Gartner’s report will see higher overall sales and year-
over-year growth. Cloud-based encryption services are expected to be a “new area of growth”. But
Gartner expresses concerns, saying, “however, service providers’ relative lack of interest in cloud-
based encryption means it has remained a complex activity, requiring organizations to initiate
complex, build-your-own deployments. The strongest interest is in encryption products from cloud
security brokers, thanks to their relative ease of deployment and their options for on-premises
encryption management.” In terms of cloud-based encryption as a service, some vendors to watch in
this area include CipherCloud, CloudLock, Elsatica, HP Voltage, Perspecsys, Protegrity, or Vaultive.
3.3.2 Commercial competitors
This section tries to provide more information about some competitors indicated in the Gartner
report, considering solutions that are close to WITDOM. For each, some strengths and restraints are
indicated.
Table 18. Commercial competitors
Provider Strengths Restraints
CipherCloud
[30]
CipherCloud Searchable Strong Encryption (SSE)
delivers the benefits of the cloud, while assuring
security and.
Standard-based encryption that only you can
The kind of available
operations are text-based
search capabilities.
D7.10 – Initial Exploitation Plan
Page 39
Provider Strengths Restraints
unlock.
It also provides format and function preserving
techniques or tokenization.
Full search capabilities are available to work on
encrypted data (natural language and Boolean
searches, contains text, starts/ends with text)
Highly scalable distributed architecture, high-
throughput and extremely low latency
All operations over the
protected data are centralized.
Potential single point failures
or scalability must be
considered.
CloudLock
[31]
CloudLock delivers security for any cloud
application and platform, including IaaS, PaaS,
and IDaaS and orchestrates security across your
existing investments.
CloudLock is a frictionless solution that is
installed in minutes and protects cloud
applications and provides codeless security for
custom-built apps
CloudLock provides actionable cybersecurity
intelligence across an organization’s entire cloud
infrastructure
I falls under the category of
decision support,
accountability or enforcement
PETs. It identifies and aids in
remediating privacy &
compliance risks.
Provides limited protection to
personal data. It does not
diminish the amount of trust to
be placed on the cloud
provider.
Elsatica Its tool suite falls under the category of decision
support, accountability or enforcement PETs.
Elsatica’s securlets protect sensitive customer
information and data in different cloud providers.
It identifies and aids in remediating compliance
risks
It supports Risk-Based policies to identify, alert
and block transactions before data breaches occur
Elastica also provides auditing and forensic tools
to ensure adequate measures are in place and to
perform post-incident investigations across all
historical transactions for your cloud applications
and services.
Provides limited protection to
personal data. It does not
diminish the amount of trust to
be placed on the cloud
provider.
HP Voltage
[32]
HPE Security – Data Security is a leading expert
in data encryption and tokenization data security
solutions. It provides:
Identity based encryption (IBE): IBE can
use any arbitrary string as a public key,
enabling data to be protected without the
need for certificates
Format-Preserving Encryption (FPE): h
protects data fields or sub-fields while
preserving format under policy control.
The operations that will be
available over protected data
are limited (i.e. or numeric
attributes are not protected or
they will cannot be added for a
report) if must be first
unprotected.
D7.10 – Initial Exploitation Plan
Page 40
Provider Strengths Restraints
Secure Stateless Tokenization: protects
fields such as credit cards or social security
numbers using tokenization without the
complexity of managing token databases
Stateless Key Management
It also provide secure and privacy enabling
vertical solutions such as:
HPE SecureMail
HPE SecureStorage
HPE SecureData Payments
It is the most complete tool suite. It addresses
horizontal needs (payment, storage), it provide
design tools to aid developers and a wide range of
protection mechanisms.
Perspecsys
[33]
The Cloud Data Protection Gateway is a software
solution that delivers critical data privacy and
security capabilities to users of public cloud
applications.
The Cloud Data Protection Gateway can be
deployed in a wide range of configurations with
optional server components. The core system in
the Gateway is the Server, acting as a forward or a
reverse proxy.
In addition to monitoring and reporting on cloud
use and encrypting and tokenizing data in
accordance with an enterprise’s data protection
policies, the server intelligently indexes encrypted
and tokenized data
Its gateway architecture poses
a risk towards availability and
scalability.
The operations that will be
available over protected data
are limited (i.e. or numeric
attributes are not protected or
they will cannot be added for a
report)
Close interdependence with
the protected services
Protegrity [34] Protegrity Avatar™ for delivers highly transparent
file-level AES 256 encryption and patented
Protegrity Vaultless Tokenization (PVT)
individual data elements. It provides Field/column
PVT, encryption or masking to protect data
wherever it goes.
It works both at file and database level. Its
integration with big-data platforms such as
Hadoop bridges the gap between access and
security in big data
Its gateway architecture poses
a potential risk towards
availability and scalability.
It supports, out-of-the-box a
limited number of SaaS
platforms (box, salesforce and
xactly)
The protection offered limits
the performance of the system
and the utility of the protected
data, however, its fine-grain
policy system enables to
minimize its impact
D7.10 – Initial Exploitation Plan
Page 41
Provider Strengths Restraints
Vaultive
Encryption
Platform for
Cloud Security
[35]
The Vaultive Cloud Data Protection Platform:
Encrypts data before it leaves the trusted
on-premises infrastructure.
Gives the data owner or a trusted third
party sole custody of the encryption keys.
Delivers a seamless experience to users.
Store and process your encrypted data
without changes to client side applications
Deploy based on your needs with an on-
premise virtual or physical appliance
Secure Hybrid (cloud + on-premise)
Exchange environments
Load-balancing and auto-failover
embedded into the product
Operations on protected data
limited to basic text-based
operations: search, sort, index
All operations over the
protected data are centralized.
Potential single point failures
or scalability must be
considered
High interdependence with the
services it protects (e.g. Office
365)
Vormetric [36] Vormetric Transparent Encryption delivers data-
at-rest encryption with
centralized key management, privileged
user access control, and security
intelligence logs to proactively meet
compliance reporting requirements for
structured databases and unstructured files
It provides tokenization, encryption and
tokenization features and out-of-the-box
integration with cloud storage solutions such as
Amazon Simple Storage Service (Amazon S3),
Box and Caringo
Its gateway architecture poses
a risk towards availability and
scalability.
Protected data loses its utility
as no operation can be
performed unless previously
decrypted
3.3.3 PETs
Privacy-Enhancing Technologies (PETs) is a very broad product category and encompasses many
different types of technologies but with privacy as its main objective. There are PETs related to
personal data management focusing in providing data subjects with decision support, managing
consent and dealing with accountability or enforcement. Additionally, there is a whole subset of
PETs dealing with data and trust minimization that are closely related to WITDOM’s objectives and
functionalities:
Table 19. Competitors: PETs
PET Features Strengths Cautions
OpenPGP [37] Confidentiality
Integrity
Authentication
Is a decentralized and
recognized encryption
standard.
Not user friendly
Off the record
messaging Confidentiality
Perfect
forward
Message-oriented Messages do not have
digital signatures and may
be forged after a
conversation is complete.
D7.10 – Initial Exploitation Plan
Page 42
secrecy
Authentication
Privacy
Analytics
Data de-identification Risk based methodology for
assessing thresholds for re-
identification
Record and health
oriented.
Cornell
Anonymization
Toolkit [38]
K-anonymity The suggested
anonymization process
involves utility and risk
evaluation
Record oriented
ARX [39] K-anonymity
ℓ-diversity
t-closeness
δ-disclosure
privacy
δ-presence
Differential
privacy
Generalization,
suppression,
micro-
aggregation
and
top/bottom-
coding as well
as global and
local recoding
A comprehensive software
for risk- and utility-based
privacy-preserving
microdata publishing
Record oriented
PINQ (Privacy
Integrated
Queries) [40]
Policy-based
Differential privacy
It is a trustworthy platform
for privacy-preserving data
analysis.
Record oriented. Very
specific privacy model.
The privacy model
assumes trust towards the
entity holding the data but
does not fully trust actors
accessing the data. Not
useful for outsourcing
data.
3.3.4 R&D projects
In the deliverable D7.2 a group of projects were listed, considering them as potential partners for
WITDOM. The idea of this list was seeking for technological synergies, as well as multiplying
effects of communication and dissemination, that could benefit both parties. The following list on the
contrary presents a list of projects considering them as potential competitors to WITDOM. These
R&D projects, even when listed as partners in D7.2, could position their solutions in the market
within a similar timeframe to WITDOM, becoming a direct threat. In particular it is worth
mentioning those projects belonging to the same call as WITDOM (programme H2020-EU.2.1.1,
D7.10 – Initial Exploitation Plan
Page 43
topic ICT-32-2014 - Cybersecurity, Trustworthy ICT)3, because they address a similar expected
impact, with strong focus on security-by-design for end-to-end security and cryptography. The goal
of this section is to acknowledge the possible similarities and differences to highlight WITDOM
added value.
Within this group the project PRISMACLOUD (PRIvacy and Security MAintaining Services in the
CLOUD) [41] is the closest one in scope to WITDOM. The PRISMACLOUD project is a RIA
belonging to the programme H2020-EU.2.1.1. This project focuses on the development of methods
and tools to increase the security of cloud based services as well as technologies to increase the
privacy of users interacting with the cloud. They aim to enable end-to-end security for cloud users
and provide tools to protect their privacy by means of cryptography. WITDOM is wider in scope, as
also non-cryptographic technics are considered for the protection of outsourced data.
PRISMACLOUD focus is more on certification, third party auditing, and Composition of secure
cloud services, which is not addressed in WITDOM. In terms of validation, PRISMACLOUD will
implement three pilots to demonstrate their capabilities in the fields of smart city, eHealth, and e-
Government. The eHealth scenario is related security in long-term storage of electronic health
records, which is a scenario different to the processing of genomic data in WITDOM.
PRISMACLOUD at the same time as WITDOM and will be running in parallel until December
2017, when WITDOM finishes. A possible competitive advantage for WITDOM in terms of time to
reach market is difficult to say, as it also depends on the specific roadmaps for the both projects and
the teams’ ability to develop their solutions and go to market.
Another relevant project related to the programme H2020-EU.2.1.1 is TREDISEC (Trust-aware,
REliable and Distributed Information SEcurity in the Cloud.) [43] . TREDISEC addresses the
confidentiality and integrity of outsourced data in the presence of a powerful attacker who controls
the entire network. In addition, TREDISEC will develop security primitives support data
compression and data deduplication, while providing the necessary means for cloud providers to
efficiently search and process encrypted data. In this sense, TREDISEC cannot be considered a direct
competitor for WITDOM, because of different scopes.
Finally it is worth mentioning the project HEAT (Homomorphic Encryption Applications and
Technology) [45] , which also belongs to the programme H2020-EU.2.1.1. The HEAT project
focuses on the development of advanced cryptographic technologies to process sensitive information
in encrypted form, without needing to compromise on the privacy and security of the citizens and
organizations that provide the input data. The core technology is based on homomorphic
cryptography, which allows performing computations on encrypted information without decrypting
it. The main goal of HEAT is to produce a step change in the efficiency and applicability of this
technology. In comparison to WITDOM, HEAT focus is more reduced, as it is only addressing SHE.
HEAT, however, has a focus also on the following topics that are not in WITDOM: cryptanalysis of
underlying hard problems, implementation in SW and HW of primitives and optimizations, and
developing SHE friendly symmetric ciphers. The HEAT applications are also completely different:
smart grid, satellites and crime detection.
There are other programmes with projects that are of interest for WITDOM in terms of competition.
The first one is CLARUS (A Framework for user-centred privacy and security in the cloud) [44] , a
RIA belonging to the programme H2020-EU.2.1.1.3., a different one to WITDOM. It relies on
33
Some projects belonging to this programme has been discarded, as they are considered too far in scope for WITDOM.
This is particularly true for the projects SHARCS, more oriented to architectures, and SCISSOR, very SCADA oriented.
D7.10 – Initial Exploitation Plan
Page 44
functionality-preserving cryptographic and non-cryptographic data protection techniques with a
special focus on preserving the benefits associated with cloud services (functionality, cost-
effectiveness, efficiency, etc.). CLARUS will implement a demonstrator on the management of
Electronic Medical Records to provide security-aware access to functionalities, which should be
backed up by a series of auditing tools. EMRs shall be securely stored in the CLARUS cloud and
appropriate privacy-preserving mechanisms should be implemented before outsourcing obfuscated
data to the cloud with preservation of functionalities.
Finally, the project CREDENTIAL [46] from the programme H2020-EU.3.7 started in October
2015. The main idea of CREDENTIAL is to enable end-to-end security and improved privacy in
cloud identity management services for managing secure access control. This is achieved by
advancing novel cryptographic technologies and improving strong authentication mechanisms.
To evaluate and validate the capabilities of CREDENTIAL tools and bring developed components to
market readiness, scenes for e-Government solutions, e-Health services and e-Business applications
will be set up.
3.4 SWOT
Based on the analysis of the macro and microenvironment (PEST and competition) and the value
proposition, this "Strengths, Weaknesses, Opportunities and Threats" (SWOT) allows identifying
where the WITDOM framework stands and its real potential.
3.4.1 Strengths
Value proposition for protection of sensitive data to be outsourced in untrusted environments
with multi-faceted approach, i.e. leverages protection mechanisms targeting different
protection requirements.
Value proposition based on advancing current best practices and the state-of-the-art
technologies.
The fact that the WITDOM solutions will be piloted in real life scenarios is a positive factor
that increases the credibility and acceptance of the proposed technologies.
The validation of the WITDOM with the support of end-users, who participates in the project,
guarantees the field orientation of the product in real world applicability.
The framework might be easily extended with additional components due to the flexibility
and modularity of the architecture, and the service-oriented approach.
The framework can be migrated to a completely different environment with ease thanks to its
architecture.
3.4.2 Weaknesses
Components show different levels of maturity. Some components need further development
before being ready for production environments. The time-to-market can be high.
As a collaboration project there is no single owner to champion the exploitation, leaving the
situation open in terms of who drives exploitation of the solution as a whole.
WITDOM is a new entrant to the considered market. This means competition is established
against consolidated players, with a more recognized brand and certain vendor lock-in.
Low brand reputation. WITDOM is currently associated to a project, not to a final solution.
The brand can benefit from the project reputation, as soon as the promising project results
come into reality.
D7.10 – Initial Exploitation Plan
Page 45
Target users’ satisfaction to be tested. This will be addressed in a later stage of the project.
3.4.3 Opportunities
The growing market of cloud-based security services applications and the gap on privacy can
make WITDOM a reference.
Opportunities to expand the products/services portfolio – the participation in the WITDOM
project will enable the partners expand their portfolios of products/ services.
The approval of the EU data protection regulation can boost the adoption of solutions like
WITDOM.
3.4.4 Threats
Similar R&D projects on the race increases competition.
The liking for encryption and the need for more privacy may attract more competitors in the
future.
Inadequate or poor advertising may hinder the process of distributing the software product.
The project roadmap pushes the solution delivery at the end of the project, which may both
create many target users’ expectations to handle, and to arrive late in the market.
D7.10 – Initial Exploitation Plan
Page 46
4 Exploitation strategy
4.1 Overall exploitation strategy
This section presents the initial exploitation strategy to be implemented during the project lifetime
(until M36).
The objectives of WITDOM exploitation activities are:
Funnelling of the WITDOM projects outcomes, identifying the most promising items to bring
them to the software, services and security communities for further shake up, and ultimately,
industrialization.
Paving the way for a successful industrial, commercial and/or scientific exploitation of the
project results.
Exploitation is broken down in two major lines: the commercial and the non-commercial
exploitation, as described next:
4.1.1 Commercial exploitation
This strategy refers to WITDOM products that independently constitute commercial software and
services, or that constitute part of other existing or new commercial software products and services.
In this area, there were basically two goals:
Internal exploitation, oriented to improve the product/service offering of project partners.
External exploitation, oriented to take WITDOM innovations into industry, in particular our
segments.
To achieve these goals the consortium adopted the following action lines for exploitation:
Prospects within business units of WITDOM partners to incorporate the innovations into the
existing portfolios and direct them through their product management and innovation process
management cycles. We considered here two visions:
Contacts with potential users in a market pull approach.
Development of new products or services based on WITDOM components or
techniques.
Prospects outside the project borders to transfer innovations/solutions to potential customers.
This corresponds to the sales cycle indicated in the glossary section. This would likely imply
the cycle phases of prospect and contact, probably also the offering phase. Eventually,
depending on the customer’s motivation, the complete cycle up to the closing phase could be
covered.
Participation in platforms of large industry visibility.
4.1.2 Knowledge Exploitation (non-commercial)
This exploitation line is applicable to knowledge and prototypical software products that will be
sustained through continued research. It also applies to projects and that need further work before
they are ready for the market.
In this area, there were basically two goals:
Use knowledge gained during the project to augment partners’ existing products or solutions.
Take WITDOM innovations and concepts into academia, but also to industry.
The exploitation plan covered the following action lines:
D7.10 – Initial Exploitation Plan
Page 47
Protection of intellectual property, such as licensing agreements or patents.
Exchange research with external R&D groups and initiatives to promote WITDOM concepts,
techniques and results.
Standardization activities. This activity is reported in deliverable D7.8.
Academic opportunities in form of thematic courses or PhD opportunities.
Technology transfer actions to industry.
Technology transfer actions to new research initiatives, such as H2020 program.
Exchange of public versions of deliverables (or partial versions of deliverables when
restricted dissemination) to particular communities (advisory board, research clusters).
WITDOM branding.
4.1.3 Roles and responsibilities
The WITDOM exploitation strategy is based on experience of partners, recommendations of the
European Commission and the best practices from the area of the product management and
marketing communication. All partners of the consortium contribute to the exploitation activity, both
commercial as non-commercial. Nevertheless, three special roles can be highlighted:
The Exploitation & Innovation Manager (EIM) coordinates consortium efforts for
exploitation of the project results, and monitors the external innovation actions to align the
innovation actions at project level with impact creation. This role is played by ATOS.
The component manager, who drives the development of a particular component within the
WITDOM solution. Component managers come from UVIGO, KU Leuven, IBM and XLAB,
as indicated in the section 2.2.1.2.
The sales force, consisting of all partners’ individuals related to explore commercial
opportunities. The sales force will follow the sales cycle and its five phases: prospect, contact,
presentation of the offer, negotiation, and closing.
4.1.4 Marketing
Following the Bowman´s strategic clock, WITDOM is expected to position its strategy in product
differentiation. There are several reasons for this taking this approach:
WITDOM solution provides unique functional features with regard to its competitors.
WITDOM mainly targets educated customers able to understand the essential characteristics
and qualities of services they are purchasing.
To reach our target audience, one important aspect is the communication of the value proposition.
This refers to awareness rising about the WITDOM solution and its key features. This is much related
to the communication strategy described in the deliverable D7.2, which was aligned with the
WITDOM evolution along the project timeline. From a more commercial perspective, there are
several means to promote the WITDOM framework:
The project website (D7.1), as main access point to the project information, clearly
communicating the added value of the project.
The commercial action by the WITDOM sales force, supported by promotional material.
The project participation in trade conferences, as these events are usually very targeted.
Word of mouth. From the very beginning of the project, the co-creation methodology required
the participation of WITDOM users in the requirements elicitation phase. They are also
expected to participate in the evaluation in later stages of the project. Therefore they will
D7.10 – Initial Exploitation Plan
Page 48
become advocates in their specific environments and drive more business in through word of
mouth.
The support of the Project Advisory Board, as multipliers. To this respect, other alliances can
be considered, as the support of related R&D projects.
4.1.5 Distribution Strategy
The distribution strategy is very dependent on the work of WP5 - A Trustworthy Privacy-preserving
Platform - Toolkit & Prototypes, which is expected to produce its preliminary results at the end
September 2016, with the availability of the design of prototypes and trustworthy privacy-preserving
platform (toolkit). This means that the development will condition part of the distribution strategy as
it is considered in this section. Nevertheless, the internal discussions at the present stage lead
WITDOM towards the following delivery models:
WITDOM as-a-Service (WaaS): WITDOM licensed on a cloud subscription basis and
centrally hosted. This option allows potential customers to take advantage of WITDOM
features without having to install and use encryption on their own.
Packages: a bundle of components for a specific functionality and key features.
Components distribution isolated.
Figure 10 represents WITDOM supply chain when considering the first categories. It shows how
WITDOM solutions (in red) relates to infrastructure provisioning (for example, a cloud provider)
towards the target users (VSPs and MMSPs), and finally to customers. Parts of this flow may be
removed depending on the delivery model. For example, in the case of packages, the infrastructure
provision arrow would make no sense.
Figure 10. WITDOM supply chain
With regard to the possible delivery channels a mix is foreseen: WITDOM will count of distribution
channels can be direct, which means selling directly to customers, but also intermediaries can be
used. The first advantage resulting from the use of a sales strategy based on intermediaries is referred
to the level of economic resources committed. This means, it is possible to reach a broader market
without being physically present at all the points of sale, so that the investment required starting to
operate decreases intensely.
The following table specifies these channels:
Table 20. Delivery channels
# Name Type Ownership
1 WITDOM sales force Direct Own channel
2 The WITDOM project website
http://witdom.eu
Direct Own channel
3 Internal transfer lines Direct/indirect Own channel/Third party
channel
D7.10 – Initial Exploitation Plan
Page 49
4.1.6 Business impact drivers
This section presents those factors that have an impact in the effectiveness of the exploitation
strategy.
4.1.6.1 Technology readiness of the solution
The business impact of WITDOM is driven by the technology readiness of the components and the
platform. At this moment there are some components whose current TRL is rather low, though it is
expected to increase at the end of the project to reach a TRL 4-5 (as planned in the DoA). This
maturity may be not enough to go to market, and these components should enter an additional
maturation process before going to production level (TRL9), hence contributing to the exploitation of
the framework as a whole.
4.1.6.2 Licenses
At this moment, the analysis of the indicated licenses does not indicate any conflict that could
hamper the WITDOM framework commercial exploitation. The final license for some components is
still not fixed. The reason is that in some cases, the development of components is rather preliminary
for partners to define a suitable license matching their interests. In other cases the joint development
of requires a bilateral agreement about the final license of the component.
4.1.6.3 Promotion
The promotion of the WITDOM framework is instrumental for its take-up, therefore
communication/dissemination and exploitation activities have to be aligned. In this sense, the
communication activity should include:
To create awareness of the WITDOM framework.
To convey the differentiation aspects of the WITDOM solution.
To involve target users. Regular networking, lobbying activities, and participation in
platforms of high visibility can be instrumental in this sense.
To stimulate the take-up.
The communication of dissemination strategy proposed in the deliverable D7.2 suggested that this
kind of promotion would be more feasible during the so-called “Adoption Phase”, going from
January 2017 (M25) to December 2017 (M36). During the Adoption Phase, the communication
which will be not so focused on the research aspects of the project (corresponding to the
“Understanding Phase” from M7-M24), but on the final outcomes, and it is fully aligned with the last
project milestones requiring the release of WITDOM results.
4.2 Individual exploitation plans
This section provides a wider insight about the partners’ individual exploitation plans in alignment
with the exploitation lines defined in the overall exploitation strategy for commercial and non-
commercial paths. Table 21 summarizes the positioning of each partner.
Table 21. Individual exploitation plans
Exploitation
path
Action Atos UVIGO KU
Leuven
IBM XLAB FSCR BBVA
Commercial Prospects within
business units
Prospects outside the
project borders
D7.10 – Initial Exploitation Plan
Page 50
Exploitation
path
Action Atos UVIGO KU
Leuven
IBM XLAB FSCR BBVA
Participation in
platforms
Non-
commercial
Licensing agreements
Clustering activities
Standardization
activities
Academic opportunities
Technology transfer
Exchange of public
versions of deliverables
WITDOM branding
4.2.1 ATOS
Atos is focused on business technology that powers progress and helps organisations to create their
firm of the future. Serving a global client base, Atos delivers solutions and services, across five
market sectors: Manufacturing, Retail & Services, Public Sector, Healthcare & Transports, Financial
Services, Telecoms, Media & Technology, and Energy & Utilities.
The vision of the Research & Innovation group of Atos (ARI) is mainly focused on applying the
latest research outcomes to real world situations where Atos’ clients need solutions that go beyond
what current products provide. This is the case for WITDOM, where ARI first interest is to promote
both WITDOM as a whole and specific outcomes to Atos existing portfolio. This portfolio consists of
commercial services and also assets.
In WITDOM Atos contributes particularly to the development of the PO and KM components. The
PO is interesting for Atos in order to produce a privacy broker that can be applied to orchestrate
several protection mechanisms. As protection mechanisms, we consider not only WITDOM
protection mechanisms, but also additional open source anonymization components such as ARX
[47] . The PO can also be connected to the Atos P-IAM, an Authentication, Authorization and
Auditing asset based on open source (OpenAM) implementation compatible with open standards
such as OASIS SAML. This technological asset also features privacy-preserving features that could
be orchestrated through the PO such as Atos PI-Hub, a pseudonymization component, or Atos
Awareness Service, a transparency tool and privacy dashboard.
For the KM, Atos is interested in building upon the results of the project Coco-Cloud, developed by
Atos, to extend its capabilities and adapt it to the WITDOM needs.
The ARI commercial exploitation model is depicted in Figure 11, where three possibilities are
highlighted. After an initial phase of technology scouting, identifying some exploitable outcomes and
knowledge by WITDOM, the most promising from Atos perspective are selected to be taken to the
market. The first flow represents a direct contact with final customers in order to explore commercial
opportunities. This activity will be carried out by the Atos team participating in WITDOM or by
markets representatives belonging to ARI. Considering the sales cycle this interaction consists of
prospecting potential customers, establishing a relationship with them to promote WITDOM and
recognize their need. This targets not only verticals markets in Atos, but also horizontal markets or
transfer lines. This implies a very strong market push, but at the same time some feedback can be
collected from the customers, which can be used to redefine the offering or the value proposition. If
D7.10 – Initial Exploitation Plan
Page 51
the opportunity materializes, Atos will analyse case by case the needed exploitation agreements with
other WITDOM partners.
As the main goal for ARI is to align WITDOM results with Atos market strategy, the second flow is
preferred. In this second flow, the transfer lines can act as both, as customer and consumer of
WITDOM solutions, and as a facilitator to reach the final customer and orient the commercial action
(preventing considerably the drawbacks of cold calling). As significant transfer lines the following
can be mentioned:
Global Business Units (GBUs), which segment Atos business geographically.
Service lines. Among the services lines the cybersecurity line is one of the most promising for
WITDOM, in these three categories: information protection services, dealing with encryption
services, security consulting services, dealing with compliance, and Security Systems
Integration Services.
Vertical markets, especially (but not limited to) Financial Services, due to the close relation of
Atos to the FS pilot.
Innovation committees.
Figure 11:Atos commercial exploitation models
A third path is to apply for the ARI innovation board. The innovation board selects different solutions
or ideas according to several criteria, such as the alignment with the Atos strategy, the solution
availability, business and technology criteria. After this firs filter, a second assessment filters
according to another set of criteria, such as maturity of the solution, potential market, or
transferability. The innovation board selects those solutions with higher potential, and decides about
the most suitable way for internal exploitation towards more Atos transfer lines, including the
organization of commercial workshops or applying for internal funding to set-up commercial proof-
of-concepts or pilots with selected customers. This third path is more targeted that the previous one,
but requires a higher level of maturity of the solution, which makes it more suitable for the third year
of the project. The first and second flows are suitable for the entire project span, though the approach
needs to evolve with the development of WITDOM solutions. The three flows do not run in isolation,
D7.10 – Initial Exploitation Plan
Page 52
but some interactions can be expected between them, as indicated with the salmon arrows. These
arrows can imply informational flows, but also a change of exploitation course when necessary.
On the non-commercial side, Atos intends to look for synergies with other research projects towards
transfer actions. An example of this kind of exploitation during the first project year was how the
methodology produced by the project PRIPARE was combined with the FSCR co-creation
methodology to create the SPACE methodology to elicit requirements in WITDOM. This is also
what Atos intends to do with Coco-Cloud.
Atos will also exploit the gained know-how through forthcoming EU research programmes (e.g.
H2020) and apply for grants in the forthcoming ICT calls.
Training actions are also expected. The expertise gained during the project can be transferred by
mean of workshops practical sessions to security teams within Atos, especially the Atos Research &
Innovation, to extend internal capabilities.
4.2.2 UVIGO
UVIGO is a university with a strong research-oriented focus and role. The main expertise and
background that UVIGO applies to WITDOM comes from the marriage of the signal processing and
cryptography areas, and a novel signal-processing-oriented approach for tackling information
security problems that aims at producing efficient cryptographic primitives working with encrypted
signals and privacy enhancing tools and analysis stemming from information theory and estimation
theory.
UVIGO will receive Gradiant’s support in the exploitation process, as it is a research centre primarily
focused on technology transfer, which acts as an active link between university and industry.
Gradiant’s main objective is helping companies to generate business and improve their
competitiveness through the transfer of ITC knowledge. Thus, the main activity of the research centre
is developing R&D projects that serve as a technology transfer mean for the partners of the projects,
or which result in the generation of new intellectual property. The complementarity of both entities
comes primarily from their position in the research-innovation chain, where UVIGO performs basic
research tasks, while Gradiant is more focused on technology transfer, IPR protection, and evaluation
methodologies for market-ready end-to-end security solutions.
UVIGO is responsible of developing four components in WITDOM: the anonymization component,
the Secure Signal Processing (SSP) component, the Protection Orchestrator (PO) and the broker. As
it is expected that these components will achieve different levels of maturity at the end of the project,
they will be exploited by different means.
The anonymization component has a relatively wide range of application, as it is envisaged as a
service that can be used whenever it is necessary to outsource personal data to an untrusted
environment (e.g., the cloud) where further analysis will be performed to extract valuable
information from the data. Even though anonymization algorithms can be applicable to different
datasets, it is important to highlight that the performance and effectiveness of the process is highly
dependent on the application that exploits the anonymized data. In WITDOM two use case scenarios
are foreseen (a financial scenario and an eHealth scenario), and each of them will require the
development of different anonymization algorithms, in order to adapt the component to their
particular requirements and needs. This adaptation process is also necessary if the component aims to
be applicable to other scenarios and use cases outside the scope of the project. As it is not possible to
develop a unique solution that covers all the possible application scenarios, UVIGO will study
different use cases and markets in which the anonymization component could be of help by offering
an added value to its users. The final objective of this analysis will be to feed the development
process of the component from the very beginning, in order to increase its applicability and
exploitability options. The anonymization component presents currently a low TRL (2) and it is
expected to evolve until TRL 4 or 5 at the end of the project. In consequence, the goal is not to obtain
D7.10 – Initial Exploitation Plan
Page 53
a full commercial prototype during the lifecycle of the project, and further development will be
required in order to obtain a more mature solution.
The Secure Signal Processing component has also a wide range of application, as a service accessible
to protect and process outsourced data. As in the case of the anonymization component, the
developed primitives and solutions are tailored towards the two WITDOM use-cases (financial and
eHealth scenarios), and therefore its exploitation will be also targeted towards these areas. The SSP
component presents currently a low TRL (3) and it is expected to evolve until TRL 4 or 5 at the end
of the project, and be integrated in the project demonstrators as a proof-of-concept.
The Protection Orchestrator is a shared development with Atos. Its design will be based on Open
Source available developments and will be as generic as possible, so that it can be used in any
WITDOM-based architecture and ease the development of WITDOM-based applications and
services. Due to its dependence with the protection components, it cannot be individually exploited,
so its exploitation will be always tied to the exploitation of the accompanying WITDOM
components.
For the Broker commercial exploitation UVIGO expects to integrate the results in other research
projects to provide full-stack solutions in order to solve detected issues in the hybrid cloud scope.
Among these issues is the multi-cloud orchestration of services with distributed data in different
locations or branch offices, the control access to confidential and sensible information in hybrid
environments or load balancing with the last tendencies in container virtualization. It will also be
studied the added value of the broker against similar approaches so it can be compared quantitatively.
Broker can be a great solution for the market of big enterprises with hybrid cloud orchestration. Only
this kind of organizations has the required complexity to need this solution. The broker capabilities
will be shown in commercial demonstrations in order to obtain feedback to evolve new features and
to adapt it to new use cases. It will be also considered the possibility of releasing the broker code as
open source code and then UVIGO will support the production deployments through a spin-off start-
up.
Besides the mentioned commercial exploitation actions, UVIGO will also consider exploiting the
non-commercial aspects of the developed technologies, such as reusing the acquired know-how with
forthcoming research initiatives (e.g. H2020).
4.2.3 KU Leuven
The WITDOM project is allowing the KU Leuven to expand its knowledge and expertise on secure
data processing in Cloud computing. The prime interest of KU Leuven as an academic partner is to
publish research results in high ranking international conferences and to earn reputation and
publication credit points with our conference contributions. An intended impact of these scientific
publications is that they will attract interested industry stakeholders and follow-up projects are likely
to happen.
For KU Leven–COSIC, the research and technology development work carried out in WITDOM
further develops its experience and the competences of the researchers as well as increases the
visibility reached by scientific publications. Our work in WITDOM is useful to improve education
and teaching of students, allowing courses and seminars to be taught with current technology and
research results.
Specifically, the secure computation component currently under development involves both software
and hardware production. We aim to publish all research advances in high ranking conferences but
also to use this tool to demonstrate to industry and academia what is currently possible to be done for
secure computation using homomorphic techniques. The development of a dedicated hardware
component will further enable us to demonstrate to industry the feasibility of performing secure
computation in the cloud, potentially attracting companies interested in commercially or individually
D7.10 – Initial Exploitation Plan
Page 54
exploiting our results. Lastly, all our research outcomes can potentially be subject to standardisation
activities as new standards or parts of existing, currently underway standardisation efforts.
For KU Leuven–CiTiP it is an excellent opportunity to gain international acknowledgment and
renown as a leading centre with expertise on the legal aspects of data processing. Within WITDOM,
CiTiP places specific focus on the legal constraints and privacy issues arising from the processing
and storing of personal data in untrusted environments and the application of the current European
Data Protection Directive (95/46/EC). In view of the regulatory reform and the expected adoption of
the General Data Protection Regulation mid-2016, CiTiP will look to assess the newfound
requirements and obligations and clarify these. A selected number of privacy issues such as defining
the applicable law in cloud computing environments and obtaining valid (informed) consent, are
being focused on. CiTiP - K.U.Leuven intends to ensure that the solutions developed by WITDOM
are socially acceptable in terms of civil liberties and the fundamental right to privacy. CiTiP-
K.U.Leuven interests lies with the analysis of the role of the law in the definition of technical
requirements and the translation of (evolving) legal obligations/requirements into technical solutions.
To that effect, the research will result in recommendations for the design of the system but also for
the further development of legislation and policy in this area. WITDOMs results will be disseminated
towards society by publishing in (scientific) journals and contributing to conferences.
4.2.4 FSCR
Figure 12. FSCR exploitation lines
e-Services for Life and Health is the ICT research and innovation unit of Fondazione Centro San
Raffaele (FCSR) and its third party the San Raffaele Hospital (OSR). Business model of this unit is
based on the translation of hospital and market’s demand into innovative services through research
projects in order to build strength prototypes (TRL4 to TRL7) able to be exploited in different
context. Main outputs of a research project should be described as:
Knowledge and know how: able to generate revenues through consultancy activity and able to
support and stimulate the production of new proposal for other EU grants
Assets and patents: In the WITDOM case, the main asset will be the prototype of the
Laboratory Information Management System specialized in genomic application.
This software will be able to exploit the WITDOM platform in order to solve the issues related to
storage and computing, using public cloud as a secure and privacy compliant infrastructure. In order
D7.10 – Initial Exploitation Plan
Page 55
to transform the prototype into a product an engineering activity will be planned after the end of the
project, exploiting FCSR’s ecosystem in order to deploy this new software into the OSR’s genomic
laboratory and understand how is possible to port it other similar laboratories.
Thanks to the WITDOM project, e-Services for Life and Health, during this first year of the project,
was able to improve their requirements elicitation methodology, adding privacy-by-design techniques
and enhancing its coCreation process. This result, called SPACE process is the output of the
collaboration with other partners, ATOS in particular, which represent the industrial side, and can
guarantee the business attractiveness of this methodology.
4.2.5 IBM
IBM Research – Zurich, the European branch of IBM Research, focuses on developing cutting-edge
research in the area of information technology. IBM’s previous participation in EU projects have
substantially influenced its projects and services. Within WITDOM, IBM is advancing the state-of-
the art in privacy-enhancing data storage and computation, and verifiability of integrity and
consistency of data stored in untrusted domains, such as the Cloud. IBM expects the technology
developed in WITDOM to widely influence its products. In more details, the envisioned exploitation
plans of IBM include the following:
Enhancing its products and services. Among other types of institutions, IBM does business
with car manufactures and banks. These institutions very often need to outsource data to non-
production environments in order to perform some data analysis and computation. They do so
in order to reduce costs and avoid the necessity of an in-house computation infrastructure that
deals with large amounts of data. IBM will be able to use the results of WITDOM, more
specifically the outcomes of the Data Masking and the Integrity and Consistency Verification
component, to offer better products and services to these customers, and at the same time,
being compliant with EU data protection regulations. In other words, IBM expects to turn
research prototypes into actual solutions that can be used for its business.
Advance in cloud technologies and cognitive computing. IBM will incorporate results of
WITDOM in these areas in order to provide better products and services for customers with
high security requirements. In particular, IBM as cloud provider will be able to offer secure
cloud services and transfer expertise to other related open source projects, such as OpenStack
or Open Blockchain.
Protecting valuable results through patenting or copyrights.
Collaborating with other EU projects as a mean of technology sharing.
Technology transfer by means of transferring the technology to other industries and academia.
Apart from post-docs and regular researchers, IBM also counts with PhD students working in
EU projects, allowing them to gain valuable knowledge working on a European project. By
working in WITDOM, IBM maintains close collaboration with academia and makes
industrial research more attractive for young researchers.
Disseminating research. IBM plans to continue disseminating the progress of the project via
its own channels, social media websites, and workshops. IBM is currently co-organizing a
WITDOM workshop at ARES, which will be a good vehicle for technology transfer. We
expect the workshop to bring fruitful discussions in the state-of-the art in secure and storage
computation in non-production environments. Furthermore, another way of technology
transfer used by IBM is the publication of scientific papers at relevant conferences. As said
before, IBM in not only an industry partner, but also a research partner, which contributes to
the scientific community in the area.
Making sure that relevant cryptographic standards are used in the project’s prototypes.
D7.10 – Initial Exploitation Plan
Page 56
4.2.6 XLAB
XLAB’s exploitation plan is presented in in two parts: an exploitation plan as an individual
organization, and in the second section we present an exploitation plan as part of the WITDOM
consortium.
4.2.6.1 Exploitation as an individual organisation
XLAB wishes to exploit WITDOM’s results in various ways: by expanding a set of products and
services that currently has and operates (e.g. private cloud installations offered to external clients);
with new security offerings in security and privacy field in the Balkans region; by using the network
of partners from WITDOM to gain new opportunities for innovating projects within H2020
perspective; last but not least - by and extending the business network and obtaining new business
opportunities. Listed exploitation activities have already begun; for example, WITDOM was
presented in ISACA conference in Slovenia where attendees were interested into current state and
results of the WITDOM project. Moreover, ISL Online (XLAB’s brand) has just started a partnership
with AVG Solutions and security is utmost important in the communication solutions (ISL Online is
interested into embedding end-to-end encryption techniques for data transfer/storage). Single
components of the WITDOM platform are expected to be used in enhancing the security and privacy
features of different XLAB’s products. Besides the aforementioned ISL Online, Koofr’s [48]
distributed storage can provide further services for encrypted data manipulation based on
WITDOM’s results, while Sentinel’s [49] sensor information that is been currently aggregated for the
purposes of weather and sea conditions report among other, could be anonymized to prevent any
abuse of information.
WITDOM’s results will be also offered to other existing clients that are interested in adding security
and privacy to their already existing services, such as Alanta’s CloudAnalytics [50] , or Olaii’s [51]
payment systems. The know-how and WITDOM results, being it just a single component or the
entire platform, will increase XLAB’s potential for supporting new clients in delivering their
solutions, being by consulting, platform and infrastructure deployment, or the development of a
secure-centric solution from its requirements or existing application.
Finally, a not direct exploitation results from XLAB’s participation of the WITDOM research project
is the added experience and reputation obtained to the existing research projects XLAB has
participated, and which have proved to be critical for approaching new collaborations.
4.2.6.2 Exploitation plan as being part of WITDOM
XLAB is planning to evolve offerings within WITDOM to be ready to integrate within end-customer
services. The offered toolkit and the platform will be easy to integrate and use within interested
parties. The plan is that XLAB will provide a testbed of WITDOM services to the most possible
extend (use of internal private cloud based on OpenStack). If XLAB sees an opportunity to open and
extend the offerings to external partners, XLAB will consider and look into the possibility of
collaborating with other project’s partners to provide privacy enhancing services as a PaaS offering.
Since XLAB is already a technology provider and integrator of private cloud deployments based on
OpenStack, XLAB will extend its offering with possible deployments of dedicated branded toolkit
consisting of WITDOM services to both existing and new clients.
4.2.7 BBVA
BBVA is planning to use the WITDOM outcomes as a final user. Our Main goal is transfer workload
to public clouds with the guarantee that the privacy and security requirements are fulfilled. Another
target is allowing the automatization of the authorization processes in the load transfers to public
clouds.
D7.10 – Initial Exploitation Plan
Page 57
These goals apply to our vertical, financial services, where we are searching for OpenStack toolkits
with the WITDOM services or other solutions that allow perform some data analysis and
computation in cloud environments in order to reduce cost and avoid the necessity of an in-house
computation infrastructure.
D7.10 – Initial Exploitation Plan
Page 58
5 Conclusions and next steps
WITDOM is an end-to-end security framework that protects sensitive data to be outsourced to
untrusted environments (mainly the public cloud) by means of some effective protection mechanisms
and in compliance with the EU regulation framework.
Since the technical results of the project (components, platform) are still in a preliminary stage, the
objective of this deliverable is to provide a reference to ensure that the technical dimension is
oriented to the future market opportunities and to prepare an effective launch upon completion of the
project.
Demand for cloud-based security has increased with the change of pace in IT security towards the
cloud and the realisation of the importance of protecting sensitive data transferred to untrusted
environments. The strongest interest is in encryption products from cloud security brokers. The
market is attending a flood of tools, with several vendors emerging as leaders. WITDOM enters a
market with high growth prospects, which represents a good opportunity to new entrants to have a
share before concurrence intensifies. Existing competitors are well known and probably they leverage
some vendor-locking situations. In this situation WITDOM can compete by providing a differentiated
solution, which is built on its advanced and effective protection mechanisms. It will be also important
for WITDOM to establish alliances or partnerships, especially with regard to the delivery channels,
which will help to reach a wider audience.
The deliverable D7.10 has outlined the main exploitation activities of the WITDOM project to be
carried out until the end of the project in December 2016, considering both the commercial and non-
commercial use of the project results. According to the exploitation methodology defined in section
1.2., D7.10 has covered the steps of identifying the project exploitable items, the market analysis, and
outlined the exploitation strategy to be enforced until December 2017 (M36). Each WITDOM partner
identified its exploitation strategy for the next years. The future deliverable D7.11 (due in December
2017) will supersede this deliverable D7.10, by refining the proposition here made and elaborating
the business case based on the known business canvas model.
D7.10 – Initial Exploitation Plan
Page 59
6 References
[1] European Commission. Directorate General for Communications Networks, Content and Technology.
Grant Agreement for Research and Innovation action. “empoWering prIvacy and securiTy in non-
trusteD envirOnMents (WITDOM)”. No. 644371 H2020-ICT-2014/H2020-ICT-2014-1
[2] WITDOM consortium. “D1.4 – First project workplan”. January 2015.
[3] WITDOM consortium. “D2.1 Requirements analysis for un-trusted environments”. June 2015.
[4] WITDOM consortium. “D3.1. – Formalized technological requirements”. December 2015.
[5] WITDOM consortium. “D4.1 – Specification of an end-to-end architecture”. December 2015
[6] WITDOM consortium. “D7.2 – “Dissemination Plan”. June 2015.
[7] Cloudify. Homepage. http://getcloudify.org/ , retrieved on 2016-03-30
[8] European Union Intellectual Property Office (EUIPO). Homepage.
https://euipo.europa.eu/ohimportal/en/ , retrieved on 2016-03-30
[9] Szczepański, M. Briefing: "A Digital Single Market Strategy for Europe". Tracking European
Commission priority initiatives in 2015 – Number 3. September 2015.
http://www.europarl.europa.eu/RegData/etudes/BRIE/2015/568325/EPRS_BRI(2015)568325_EN.pdf
, retrieved on 2016-03-30
[10] European Commission. "Priority: Digital Single Market". https://ec.europa.eu/priorities/digital-single-
market_en , retrieved on 2016-03-30
[11] European Commission. Digital Single Market. "Public consultation on Geo-Blocking and other
geographically based restrictions when shopping and accessing information in the EU". September
2015. https://ec.europa.eu/digital-agenda/en/news/public-consultation-geo-blocking-and-other-
geographically-based-restrictions-when-shopping-and , retrieved on 2016-03-30
[12] European Commission - Press release: "Agreement on Commission's EU data protection reform will
boost Digital Single Market". December 2015. http://europa.eu/rapid/press-release_IP-15-
6321_en.htm , retrieved on 2016-03-30
[13] Eur-Lex. "Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on
the protection of individuals with regard to the processing of personal data and on the free movement
of such data". Official Journal L 281 , 23/11/1995 P. 0031 - 0050. November 1995. http://eur-
lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML , retrieved on 2016-03-
30
[14] European Commission. Press release: "EU Commission and United States agree on new framework
for transatlantic data flows: EU-US Privacy Shield". February 2016. http://europa.eu/rapid/press-
release_IP-16-216_en.htm , retrieved on 2016-03-30
[15] Eur-Lex. Communication from the Commission to the European Parliament, the Council, the
European Economic and Social Committee and the Committee of the Regions. "Unleashing the
Potential of Cloud Computing in Europe". September 2012. http://eur-
lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2012:0529:FIN:EN:PDF , retrieved on 2016-03-
30
[16] Eur-Lex. "Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE
COUNCIL on a Common European Sales Law /* COM/2011/0635 final - 2011/0284 (COD) */ "
http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52011PC0635 , retrieved on 2016-
03-30
[17] European Commission. Digital Single Market. "European Cloud Partnership".
https://ec.europa.eu/digital-agenda/en/european-cloud-partnership , retrieved on 2016-03-30
D7.10 – Initial Exploitation Plan
Page 60
[18] The Guardian. "Inside the FBI's encryption battle with Apple". February 2016.
http://www.theguardian.com/technology/2016/feb/17/inside-the-fbis-encryption-battle-with-apple ,
retrieved on 2016-03-30
[19] Focus Economics. “Economic Snapshot for the Euro Area”. March 2016. http://www.focus-
economics.com/regions/euro-area, retrieved on 2016-03-30
[20] Industrial Research Institute. "2016 Global R&D Funding Forecast". R&D Magazine.
https://www.iriweb.org/sites/default/files/2016GlobalR%26DFundingForecast_2.pdf, retrieved on
2016-03-30
[21] BGR. "Why the FBI has already lost its encryption battle with Apple". February 2016.
http://bgr.com/2016/02/25/fbi-apple-encryption-iphone/ , retrieved on 2016-03-30
[22] TRUSTe/NCSA Consumer Privacy Index (Infographic) – US, 2016.
https://www.truste.com/resources/privacy-research/ncsa-consumer-privacy-index-us/ , retrieved on
2016-03-30
[23] Forrester. "Predictions 2016: The Trust Imperative For Security & Risk Pros". November 2015.
https://www.forrester.com/report/Predictions+2016+The+Trust+Imperative+For+Security+Risk+Pros/
-/E-RES117436 , retrieved on 2016-03-30 , retrieved on 2016-03-30
[24] Cloud Security Alliance. "How Cloud is beign used in the Financial Sector: survey report". March
2015. https://cloudsecurityalliance.org/group/financial-services/#_downloads
[25] ENISA. "Secure Use of Cloud Computing in the Finance Sector Good practices and
recommendations". December 2015. https://www.enisa.europa.eu/activities/Resilience-and-
CIIP/cloud-computing/cloud-in-finance/at_download/fullReport
[26] Eurostat. "ICT specialists in employment". December 2015. http://ec.europa.eu/eurostat/statistics-
explained/index.php/ICT_specialists_in_employment , retrieved on 2016-03-30
[27] Rightscale. "Cloud Computing Trends: 2016 State of the Cloud Survey". February 2016.
http://www.rightscale.com/blog/cloud-industry-insights/cloud-computing-trends-2016-state-cloud-
survey#security
[28] Thales eSecurity. "2016 Global Encryption Trends Study". https://www.thales-
esecurity.com/knowledge-base/analyst-reports/global-encryption-trends-study , retrieved on 2016-03-
30
[29] Gartner. "Market Trends: Cloud-Based Security Services Market, Worldwide, 2014".
https://www.gartner.com/doc/2607617/market-trends-cloudbased-security-services , retrieved on
2016-03-30
[30] CipherCloud. http://www.ciphercloud.com/ , retrieved on 2016-03-30
[31] CloudLock: CASB and Cloud Cybersecurity Solutions. https://www.cloudlock.com/ , retrieved on
2016-03-30
[32] HP. Security Voltage. http://www8.hp.com/es/es/software-solutions/voltage-data-encryption-security/
, retrieved on 2016-03-30
[33] Perspecsys: Cloud Security Software, Cloud Data Encryption. http://perspecsys.com/ , retrieved on
2016-03-30
[34] Protegity. http://www.protegrity.com/ , retrieved on 2016-03-30
[35] Vaultive Encryption Platform for Cloud Security. http://vaultive.com/ , retrieved on 2016-03-30
[36] Vormetric. http://es.vormetric.com/ , retrieved on 2016-03-30
[37] The OpenPGP Alliance Home Page. http://www.openpgp.org/ , retrieved on 2016-03-30
[38] Cornell Anonymization Toolkit. https://sourceforge.net/projects/anony-toolkit/ , retrieved on 2016-03-
30
D7.10 – Initial Exploitation Plan
Page 61
[39] ARx. http://www.arx.com/ , retrieved on 2016-03-30
[40] McSherry, F. "An Extensible Platform for Privacy-Preserving Data Analysis".
http://research.microsoft.com/pubs/80218/sigmod115-mcsherry.pdf , retrieved on 2016-03-30
[41] Project PRIPARE. http://pripareproject.eu/ , retrieved on 2016-03-30
[42] Project PRISMACLOUD. https://prismacloud.eu/ , retrieved on 2016-03-30
[43] Project TREDISEC. http://www.tredisec.eu/ , retrieved on 2016-03-30
[44] Project CLARUS. http://www.clarussecure.eu/project-vision , retrieved on 2016-03-30
[45] Project HEAT. https://heat-project.eu/ , retrieved on 2016-03-30
[46] Project CREDENTIAL. https://credential.eu/ , retrieved on 2016-03-30
[47] ARX – Powerful Data Anonymization. http://arx.deidentifier.org/ , retrieved on 2016-03-30
[48] Koofr. Homepage. http://koofr.eu/ , retrieved on 2016-03-30
[49] Sentinel Marine Solutions. Homepage. http://www.sentinelmarine.net/ , retrieved on 2016-03-30
[50] Alanta. CloudAnalytics. http://alanta.si/cloudanalytics.html , retrieved on 2016-03-30
[51] Olaii. https://cashless.olaii.com , retrieved on 2016-03-30