PaaSword-Business Cases
-
Upload
paasword-eu-project -
Category
Software
-
view
44 -
download
0
Transcript of PaaSword-Business Cases
www.paasword.eu
Business Cases
Dr. Simone Braun
CAS Software AG
PaaSword CS-IFG WorkshopNov 10, 2016, Athens, Greece
Business Validation & Use Cases
Five industry-driven pilots in different business application areas
Data Protection in a Multi-tenant xRM Platform (CAS)
Secure Sensor Data Fusion and Analytics (SIEMENS)
Protection of Sensitive Enterprise Information in a Multi-tenant ERP Environment (Singular Logic)
Encrypted Persistency as PaaS/IaaS Service (SixSq)
Qualified e-Delivery Service (UBITECH)
PaaSword10/11/2016 2
BUSINESS CASE: DATA PROTECTION IN A MULTI-TENANT XRM PLATFORM
Simone Braun & Sebastian Schork – CAS
PaaSword10/11/2016 3
CRM / xRM Domain Security Challenges
CRM / xRM solutions store, link and process large amount of personal and customer data as well as sensitive enterprise data
Huge variety of data types with varying need for security
Availability everywhere and at any time
CRM / xRM developers are non-security experts
PaaSword10/11/2016 4
Benefits from PaaSword
Secure Key Management ensures maximum control over data usage
Context-aware access control and encryption for specific highly sensitive data and business operations
Perfectly fitting customers’ security requirements
Security-by-design approach enables non-security experts to implement security-aware CRM / xRM solutions
PaaSword10/11/2016 5
BUSINESS CASE: SECURE SENSOR DATA FUSION AND ANALYTICS
George Moldovan – SIEMENS
PaaSword10/11/2016 6
Internet of Things, Industrial Monitoring, Smart X Domain Security Challenges
Industrial and governmental clients, services assume being able to process data on site or central
Deficiencies in the (custom) applications operating on the data can expose unrelated clients or the underlying infrastructure and resources to security threats
Joint collaboration on specific topics requiring flexibility in defining access to the required resources, as well as non-repudiation regarding actions taken
Deploying/customizing applications running on the Siemens infrastructure should require validation/checking mechanisms in order to ensure a minimum compliance regarding privacy and security
PaaSword18/11/2016 7
Benefits from PaaSword
Flexible policy models and per-instance (deployment/client) specific changes – configurable by the end-clients
allowing the more control over how and where the data can be accessed
Transparency in provided security and privacy-related mechanisms offloading time and resources from the (normal, not security-professional) developers and their related entities through the use of annotation
Proactive, contextual anomaly detection
PaaSword18/11/2016 8
BUSINESS CASE: PROTECTION OFSENSITIVE ENTERPRISE INFORMATION IN A MULTI-TENANT ERP ENVIRONMENT
Giannis Ledakis – Singular Logic
PaaSword10/11/2016 9
ERP Domain Security Challenges
ERPs usually store information that can be confidential and sensitive
Data protection is of high importance for any ERP and sensitive data should be encrypted
Multi-tenancy is supported by running one-schema-per-tenant in the same installation
Exposure of the data of a tenant to other tenants or to a third party is the main security consideration
Access management mechanism is important for protecting user accounts
PaaSword11/18/2016 10
Benefits from PaaSword
Support for a searchable encryption of the database
Distribution of database to increase data level security
Providing context-aware access control to protect user accounts
Easy enablement of security aspects through annotations on code level
Increasing the provided security to the customers
PaaSword11/18/2016 11
BUSINESS CASE: ENCRYPTED PERSISTENCY AS PAAS/IAAS SERVICE
Charles Loomis - SixSq
PaaSword10/11/2016 12
PaaS Providers
Data protection and security for cloud applications are concerns for nearly all developers/operators.
In the spirit of PaaS providers exposing high-level services to developers/operator, PaaSword components can be made available through the PaaS
Benefits:Less costly than developing components “in house”
Faster “time-to-market” for new applications
More confidence in using validated framework
Additional flexibility from policy-based authorization
PaaSword11/18/2016 13
BUSINESS CASE: QUALIFIED E-DELIVERY SERVICE
Panagiotis Gouvas – UBITECH Ltd
PaaSword10/11/2016 14
eDelivery Security Challenges
Context
e-Delivery refers to the qualified electronic delivery of data (e.g. documents and invoices) between two organizations
Qualified e-Delivery requires specific guarantees
e-Signing, e-Timestamping, e-Sealing of all steps
Challenges
Dominant model of e-Delivery Platform is SaaS
Increased need for encrypting e-delivery payloads
Compliance is very strict
GPDR has tremendous impact on SaaS providers
PaaSword10/11/2016 15
Benefits from PaaSword
Transparent searchable encryption of e-Delivery metadata
Dynamic update of Policies and Models with zero downtime
Acceleration to compliance (GDPR)
PaaSword10/11/2016 16
ASSISTING THE EU GENERAL DATA PROTECTION REGULATION (GDPR)
PaaSword10/11/2016 17
Motivation
The new data protection regulation (GDPR) will enter into force on 25 May 2018
be valid for public and private sector
Directly effective in Member States without the need for implementing legislation
The GDPR will apply to organizations (data processors or data controllers) which have EU “establishments”,
where personal data are processed “in the context of the activities” of such an establishment,
irrespective of whether the actual data processing takes place in the EU or not
Non-compliance can lead to a high administrative fineup to either €20 Mio. or 4% of global annual turnover (the higher one)
09/2016 PaaSword 18
New Concepts
Personal Data Breach – a new security breach communication law
Data protection by design and accountability – organizations have to demonstrate their GDPR compliance
Enhanced rights – including the right to be forgotten, data portability rights and the right to object to automated decision making
Supervisory authorities and the EDPB – introduction of a new single point of reference for multi-national groups
09/2016 PaaSword 19
Assisting GDPR Adoption
How PaaSword contributes in the acceleration of GDPR adoption?Data Security and Processing
Data Breach communication by the data processor
Data protection by design / default and accountability
Right of Informedness
Right to be forgotten
PaaSword10/11/2016 20
How PaaSword Helps
Data Security and Processing: PaaSword Key Management, DB Encryption and Context-aware Access Control provide measures to ensure data security and prevent processing that violates the GDPR
Data Breach communication by the data processor:PaaSword Encryption as appropriate technical and organizational protection measures
PaaSword10/11/2016 21
How PaaSword Helps
Data protection by design / default and accountability:Privacy by default with PaaSword Key Management and Encryption
Privacy by design with PaaSword code and data model annotations and their enforcement through the framework middleware
PaaSword Pilot Demonstrators as best practices and demonstrations of compliance
Framework as a basis to fulfill certification requirements
PaaSword10/11/2016 22
How PaaSword Helps
Right of informednessAnnotated data model can be automatically analyzed to identify contained personally identifiable information
Increased transparency, also regarding data processing by applications
Right to be forgottenShared key ownership allows every owning party to make information inaccessible by deleting the owned key part (“erase”)
PaaSword10/11/2016 23
Conclusion
Higher privacy with distributed searchable encryption at DB layer
Increased user control and less dependency on cloud provider with tenant-controlled Key Management
Appropriate access control with context-awareness and flexible Policy Management
Easier development of secure cloud applications for non-security experts with comprehensive Annotation Framework
Making cloud solutions more attractive and ready for the EU General Data Protection Regulation
10/11/2016 24
10/11/2016 25
Questions?
Visit us:
www.paasword.euAcknowledgements:This project has received funding from the
European Union’s Horizon 2020 research and innovation programme under grant
agreement No 644814.
PaaSword