Towards Efficient and Secure Data Storage in Multi-Tenant Cloud-Based CRM Solutions
-
Upload
paasword-eu-project -
Category
Science
-
view
201 -
download
0
Transcript of Towards Efficient and Secure Data Storage in Multi-Tenant Cloud-Based CRM Solutions
Towards Efficient and Secure Data
CloudSPD 2015 Workshop | 09/12/2015
Dr. Simone Braun, Dr. Julia Vuong
Storage in Multi-Tenant
Cloud-Based CRM Solutions
Copyright ©2015 | All rights reserved. 2
CAS Software AG
The leading German provider of CRM solutions for SMEs
Dr. Simone Braun | CAS Software AG
Copyright ©2015 | All rights reserved. 3
Multi-Tenant Cloud-Based CRM Solution CAS PIA
Requirements for a User-Context-Specific Data Security
Concept
Data Encryption and Physical Distribution: A Roadmap
Conclusions
Agenda
Dr. Simone Braun | CAS Software AG
Copyright ©2015 | All rights reserved. 4
Key objective:
Streamline business processes and increase sales with an
integrated CRM system
Storing customer data centrally in a company
All areas and departments can access information (depending
on individual rights)
360 degree view of all customer's information
appointments, tasks, telephone notes, correspondence, sales
opportunities, complaints, orders, delivery notes, projects and
more
CAS PIA
Multi-Tenant Cloud-Based CRM Solution
Dr. Simone Braun | CAS Software AG
Copyright ©2015 | All rights reserved. 5
CAS PIA
Customer Dossier with Latest Customer Information
Dr. Simone Braun | CAS Software AG
Copyright ©2015 | All rights reserved. 6
CAS PIA Database Model
Dealing with a Huge Variety of Data Types
Dr. Simone Braun | CAS Software AG
Copyright ©2015 | All rights reserved. 7
CAS PIA built on top of CAS Open – a PaaS for building xRM
enterprise software
Persistence layer implements a relational database abstraction
layer and a proprietary SQL dialect, the CAS SQL
“One tenant per database” enforced by CAS SQL parser
All data types are dynamic
Extensions through adding new attributes
Any data type includes permission attribute
CAS PIA Technical Details
Data in Multi-Tenant Cloud-Based CRM Solution
Dr. Simone Braun | CAS Software AG
Copyright ©2015 | All rights reserved. 8
CAS PIA Permission System
For Specific Dataset
Dr. Simone Braun | CAS Software AG
Copyright ©2015 | All rights reserved. 9
Multi-Tenant Nature
Level of security depending on nature and type of data E-mail address/phone number vs. salary in Germany
Availability everywhere and at any time Usability on Different Devices and any Popular Operational Systems
User context
Efficiency aspect
Currently no sophisticated solution for data encryption and distribution that supports CAS easily compromise of securing confidential data and limiting the performance impact
Safe & Secured CRM Data Sharing
A Security Concept Taking into Account
Dr. Simone Braun | CAS Software AG
Copyright ©2015 | All rights reserved. 11
Data security according to user needs
Encrypting a huge amount of data causes significant loss of
performance and enlarges the computational cost
Only data marked as sensitive by end-user itself or policies
pretended by company rules should be protected
Automatic interpretation and application of security
mechanism corresponding to chosen data privacy level
Encryption and physical distribution of data
Goal
User-Driven Level of Data Privacy and Security
Dr. Simone Braun | CAS Software AG
Copyright ©2015 | All rights reserved. 12
1. Secure Data and Application Lifecycle Management
2. Secure Key Management
3. Context-Aware Access Control
4. Developer Support
Requirements for User-Context-Specific
Data Security Concept
Dr. Simone Braun | CAS Software AG
Copyright ©2015 | All rights reserved. 13
Secure Data and Application Lifecycle Management
Security within the whole data lifecycle
Backup data stay encrypted
Ensure usability in case of regular key change
Include backup data in re-encryption process if key is
compromised
Include Application Lifecycle Management to ensure to close
security leaks in used third party libraries
Requirements for User-Context-Specific
Data Security Concept
Dr. Simone Braun | CAS Software AG
Copyright ©2015 | All rights reserved. 14
Secure Key Management
Cryptographic Keys can be Entry Point to protected sensitive
data
Include configurable secured key management to satisfy
companies security requirements
Context-Aware Access Control
Restrict data access to user context
Access control mechanism taking into account context
information
Requirements for User-Context-Specific
Data Security Concept
Dr. Simone Braun | CAS Software AG
Copyright ©2015 | All rights reserved. 15
Developer Support
CRM developers are non-security experts
CRM solution needs to secured
Available documentation and guidelines of security features
necessary
IDE plug-in available
Validation check of applied security mechanisms
Requirements for User-Context-Specific
Data Security Concept
Dr. Simone Braun | CAS Software AG
Copyright ©2015 | All rights reserved. 16
Data Security using Searchable Encryption
Native Approach: Download, decrypt data, working on, re-
encrypt, upload
Loss of efficiency
Better: Application of Searchable Encryption
Avoid that cloud service provider retain information about
stored data due to search words
Hide search keywords
Store encrypted data physically distributed
Efficiency with respect to different computation capabilities
and resources on different devices
Data Encryption and Physical Distribution
Roadmap
Dr. Simone Braun | CAS Software AG
Copyright ©2015 | All rights reserved. 17
Encrypted Persistency Framework
Cryptographic capabilities directly integrated at code level
no further configuration necessary
Non-static key management by transparent data encryption
immune to partial key exploitation
no statically stored key inside the application
Extensible DAO annotation scheme translated during runtime
Policy enforcement of authenticated and authorized users
Included as IDE plug-in
Data Encryption and Physical Distribution
Roadmap
Dr. Simone Braun | CAS Software AG
Copyright ©2015 | All rights reserved. 18
Context-Aware Security Model and Policies
Model and Access Policies with fine-grained attributes
User context including dynamically changing parameters as IP
address, location, type of device or browser, user’s position and
role in the company
Detect anomalies in user’s context evaluation
prevent unauthorized access to sensitive data
Data Encryption and Physical Distribution
Roadmap
Dr. Simone Braun | CAS Software AG
Copyright ©2015 | All rights reserved. 19
A Roadmap for a Holistic Data Privacy and Security Preserving Framework including
Physical distributed storage of encrypted data
Secured data and application lifecycle management
Secured key management
Developer support
User-driven data encryption
Realized by searchable encryption and encrypted persistency framework
User-defined data access policies by code annotations in combination with suitable context model
To be implemented and integrated into CAS PIA for efficient and secure data storage
Conclusions
Dr. Simone Braun | CAS Software AG
Thank you for your attention.
We‘re looking forward to your questions!
Dr. Simone Braun Dr. Julia Vuong
[email protected] [email protected]
This project has received funding from the European Union’s
Horizon 2020 research and innovation programme under grant
agreement No 644814.