PaaSword-Business Cases

www.paasword.eu

Business Cases

Dr. Simone Braun

CAS Software AG

PaaSword CS-IFG WorkshopNov 10, 2016, Athens, Greece

Business Validation & Use Cases

Five industry-driven pilots in different business application areas

Data Protection in a Multi-tenant xRM Platform (CAS)

Secure Sensor Data Fusion and Analytics (SIEMENS)

Protection of Sensitive Enterprise Information in a Multi-tenant ERP Environment (Singular Logic)

Encrypted Persistency as PaaS/IaaS Service (SixSq)

Qualified e-Delivery Service (UBITECH)

PaaSword10/11/2016 2

BUSINESS CASE: DATA PROTECTION IN A MULTI-TENANT XRM PLATFORM

Simone Braun & Sebastian Schork – CAS


CRM / xRM Domain Security Challenges

CRM / xRM solutions store, link and process large amount of personal and customer data as well as sensitive enterprise data

Huge variety of data types with varying need for security

Availability everywhere and at any time

CRM / xRM developers are non-security experts


Benefits from PaaSword

Secure Key Management ensures maximum control over data usage

Context-aware access control and encryption for specific highly sensitive data and business operations

Perfectly fitting customers’ security requirements

Security-by-design approach enables non-security experts to implement security-aware CRM / xRM solutions


BUSINESS CASE: SECURE SENSOR DATA FUSION AND ANALYTICS

George Moldovan – SIEMENS


Internet of Things, Industrial Monitoring, Smart X Domain Security Challenges

Industrial and governmental clients, services assume being able to process data on site or central

Deficiencies in the (custom) applications operating on the data can expose unrelated clients or the underlying infrastructure and resources to security threats

Joint collaboration on specific topics requiring flexibility in defining access to the required resources, as well as non-repudiation regarding actions taken

Deploying/customizing applications running on the Siemens infrastructure should require validation/checking mechanisms in order to ensure a minimum compliance regarding privacy and security



Flexible policy models and per-instance (deployment/client) specific changes – configurable by the end-clients

allowing the more control over how and where the data can be accessed

Transparency in provided security and privacy-related mechanisms offloading time and resources from the (normal, not security-professional) developers and their related entities through the use of annotation

Proactive, contextual anomaly detection


BUSINESS CASE: PROTECTION OFSENSITIVE ENTERPRISE INFORMATION IN A MULTI-TENANT ERP ENVIRONMENT

Giannis Ledakis – Singular Logic


ERP Domain Security Challenges

ERPs usually store information that can be confidential and sensitive

Data protection is of high importance for any ERP and sensitive data should be encrypted

Multi-tenancy is supported by running one-schema-per-tenant in the same installation

Exposure of the data of a tenant to other tenants or to a third party is the main security consideration

Access management mechanism is important for protecting user accounts

PaaSword11/18/2016 10


Support for a searchable encryption of the database

Distribution of database to increase data level security

Providing context-aware access control to protect user accounts

Easy enablement of security aspects through annotations on code level

Increasing the provided security to the customers

PaaSword11/18/2016 11

BUSINESS CASE: ENCRYPTED PERSISTENCY AS PAAS/IAAS SERVICE

Charles Loomis - SixSq

PaaSword10/11/2016 12

PaaS Providers

Data protection and security for cloud applications are concerns for nearly all developers/operators.

In the spirit of PaaS providers exposing high-level services to developers/operator, PaaSword components can be made available through the PaaS

Benefits:Less costly than developing components “in house”

Faster “time-to-market” for new applications

More confidence in using validated framework

Additional flexibility from policy-based authorization

PaaSword11/18/2016 13

BUSINESS CASE: QUALIFIED E-DELIVERY SERVICE

Panagiotis Gouvas – UBITECH Ltd

PaaSword10/11/2016 14

eDelivery Security Challenges

Context

e-Delivery refers to the qualified electronic delivery of data (e.g. documents and invoices) between two organizations

Qualified e-Delivery requires specific guarantees

e-Signing, e-Timestamping, e-Sealing of all steps

Challenges

Dominant model of e-Delivery Platform is SaaS

Increased need for encrypting e-delivery payloads

Compliance is very strict

GPDR has tremendous impact on SaaS providers

PaaSword10/11/2016 15


Transparent searchable encryption of e-Delivery metadata

Dynamic update of Policies and Models with zero downtime

Acceleration to compliance (GDPR)

PaaSword10/11/2016 16

ASSISTING THE EU GENERAL DATA PROTECTION REGULATION (GDPR)

PaaSword10/11/2016 17

Motivation

The new data protection regulation (GDPR) will enter into force on 25 May 2018

be valid for public and private sector

Directly effective in Member States without the need for implementing legislation

The GDPR will apply to organizations (data processors or data controllers) which have EU “establishments”,

where personal data are processed “in the context of the activities” of such an establishment,

irrespective of whether the actual data processing takes place in the EU or not

Non-compliance can lead to a high administrative fineup to either €20 Mio. or 4% of global annual turnover (the higher one)

09/2016 PaaSword 18

New Concepts

Personal Data Breach – a new security breach communication law

Data protection by design and accountability – organizations have to demonstrate their GDPR compliance

Enhanced rights – including the right to be forgotten, data portability rights and the right to object to automated decision making

Supervisory authorities and the EDPB – introduction of a new single point of reference for multi-national groups

09/2016 PaaSword 19

Assisting GDPR Adoption

How PaaSword contributes in the acceleration of GDPR adoption?Data Security and Processing

Data Breach communication by the data processor

Data protection by design / default and accountability

Right of Informedness

Right to be forgotten

PaaSword10/11/2016 20

How PaaSword Helps

Data Security and Processing: PaaSword Key Management, DB Encryption and Context-aware Access Control provide measures to ensure data security and prevent processing that violates the GDPR

Data Breach communication by the data processor:PaaSword Encryption as appropriate technical and organizational protection measures

PaaSword10/11/2016 21

How PaaSword Helps

Data protection by design / default and accountability:Privacy by default with PaaSword Key Management and Encryption

Privacy by design with PaaSword code and data model annotations and their enforcement through the framework middleware

PaaSword Pilot Demonstrators as best practices and demonstrations of compliance

Framework as a basis to fulfill certification requirements

PaaSword10/11/2016 22

How PaaSword Helps

Right of informednessAnnotated data model can be automatically analyzed to identify contained personally identifiable information

Increased transparency, also regarding data processing by applications

Right to be forgottenShared key ownership allows every owning party to make information inaccessible by deleting the owned key part (“erase”)

PaaSword10/11/2016 23

Conclusion

Higher privacy with distributed searchable encryption at DB layer

Increased user control and less dependency on cloud provider with tenant-controlled Key Management

Appropriate access control with context-awareness and flexible Policy Management

Easier development of secure cloud applications for non-security experts with comprehensive Annotation Framework

Making cloud solutions more attractive and ready for the EU General Data Protection Regulation

10/11/2016 24

10/11/2016 25

Questions?

Visit us:

www.paasword.euAcknowledgements:This project has received funding from the

European Union’s Horizon 2020 research and innovation programme under grant

agreement No 644814.

PaaSword

PaaSword-Business Cases

Software

Transcript of PaaSword-Business Cases