SlideShare a Scribd company logo

Security in the Context of Business Processes: Thoughts from a System Vendor's Perspective

Achim D. Brucker
Achim D. Brucker

Enterprise systems in general and process aware systems in particular are storing and processing the most critical assets of a company. To protect these assets, such systems need to implement a multitude of security properties. Moreover, such systems need often to comply to various compliance regulations. In this keynote, we present process-level security requirements as well as discuss the gap between the ideal world of process-aware information systems and the real world. We conclude our presentation by discussing several research challenges in the area of verifiable secure process aware information systems.

TechnologyBusiness
1 of 28
Download to read offline
Security in the Context of Business Processes Thoughts from a System Vendor’s Perspective Achim D. Brucker achim.brucker@sap.com SAP AG, Vincenz-Priessnitz-Str. 1, 76131 Karlsruhe, Germany Dagstuhl Seminar 13211: “Verifiably Secure Process-Aware Information Systems” http://www.dagstuhl.de/13341 18.08.2013 – 23.08.2013
Abstract Enterprise systems in general and process aware systems in particular are storing and processing the most critical assets of a company. To protect these assets, such systems need to implement a multitude of security properties. Moreover, such systems need often to comply to various compliance regulations. In this keynote, we present process-level security requirements as well as discuss the gap between the ideal world of process-aware information systems and the real world. We conclude our presentation by discussing several research challenges in the area of verifiable secure process aware information systems. © 2013 SAP AG. All Rights Reserved. Page 2 of 25
Agenda 1 Security, Trust, and Compliance of Business Processes 2 Process-aware Information Systems 3 Research Directions and Challenges 4 Conclusion © 2013 SAP AG. All Rights Reserved. Page 3 of 25
Point of View Overall: • Vendor process-aware systems • More than 25 industries • 63% of the world’s transaction revenue touches an SAP system • 64 422 employees worldwide Personal Background: • Researcher (SE, FM, Security) • Security Expert: supporting all phases of a SDLC © 2013 SAP AG. All Rights Reserved. Page 4 of 25
Agenda 1 Security, Trust, and Compliance of Business Processes 2 Process-aware Information Systems 3 Research Directions and Challenges 4 Conclusion © 2013 SAP AG. All Rights Reserved. Page 5 of 25
Security in Business Processes: An Example © 2013 SAP AG. All Rights Reserved. Page 6 of 25
Access Control Goal: • Control access to Tasks, Resources (Data), . . . The core: • Usually: Users, Roles, Access Rights, . . . • In special cases: Data labeling On top: • Separation of Duty • Binding of Duty • Delegation © 2013 SAP AG. All Rights Reserved. Page 7 of 25
Protecting Data (and Goods) Goal: • Ensure • confidentiality • integrity (safety) of data (and goods) The core: • Need-to-Know • Fingerprints • Encryption • Sensors © 2013 SAP AG. All Rights Reserved. Page 8 of 25
Compliance and Additional Requirements Many regulated markets • Basel II/III, SoX, PCI • HIPAA Many customer-specific regulations • Own governance to mitigate risks • Own business code of conduct • Fraud detection/prevention • Non-observability Customers are individually audited • No “one certificate fits all” solution Security should not hinder business © 2013 SAP AG. All Rights Reserved. Page 9 of 25
Agenda 1 Security, Trust, and Compliance of Business Processes 2 Process-aware Information Systems 3 Research Directions and Challenges 4 Conclusion © 2013 SAP AG. All Rights Reserved. Page 10 of 25
Ideal World: Modeling © 2013 SAP AG. All Rights Reserved. Page 11 of 25
Ideal World: Deployment and Execution © 2013 SAP AG. All Rights Reserved. Page 12 of 25
Real World: Modeling Process Models: • BPMN/BPEL • Configurable transactions • Custom Coding • Legacy Systems • External services Security: • Each system (OS, DB, IS) • own security infrastructure • own logging infrastructure • Management solutions try to bridge this gap © 2013 SAP AG. All Rights Reserved. Page 13 of 25
Real World: Deployment and Execution Backend: • AS Java, AS ABAP • Business Process Engine • Legacy Systems • External services • Sensors and product lines Frontend: • Desktop clients • Web-based clients • Mobile clients • Client side compositions (e.g., mash-ups) © 2013 SAP AG. All Rights Reserved. Page 14 of 25
How the Future Might Look Like Human Resources (z.B. SuccessFactors) CRM (z.B. Salesforce) Kostenverwaltung (z.B. Concur) Log Log Log Customer On Premise Log © 2013 SAP AG. All Rights Reserved. Page 15 of 25
Evolution of Source Code • Increase in • code size • code complexity • number of products • product versions © 2013 SAP AG. All Rights Reserved. Page 16 of 25
Support Lifecycle (Maintenance) © 2013 SAP AG. All Rights Reserved. Page 17 of 25
Support Lifecycle (Maintenance) 0 20.000 40.000 60.000 80.000 100.000 120.000 1998 2004 2012 No. of Systems No. of Customers © 2013 SAP AG. All Rights Reserved. Page 17 of 25
Support Lifecycle (Maintenance) 0 20.000 40.000 60.000 80.000 100.000 120.000 140.000 1998 2004 2012 No. of Systems No. of Customers Example (Maintenance Cycles) Produkt Release EOL ext. EOL Windows XP 2001 2009 2014 Windows 8 2012 2018 2023 Red Hat Ent. Linux 2012 2020 2023 SAP ERP 2004 2020 > 2024 Maintenance fees: typical 20% of the original price © 2013 SAP AG. All Rights Reserved. Page 17 of 25
Agenda 1 Security, Trust, and Compliance of Business Processes 2 Process-aware Information Systems 3 Research Directions and Challenges 4 Conclusion © 2013 SAP AG. All Rights Reserved. Page 18 of 25
Our Research Over the Last Decade Access Control for Processes • RBAC-like models • Delegation models • Break-(the)-glass models Model-driven Security • Modeling of Security • Generation of implementation, configuration • Monitoring based on models Process-level Verification • Compliance to security spec. • Consistency of security configurations Implementation-level Verification • Compliance of implementation to process level security req. © 2013 SAP AG. All Rights Reserved. Page 19 of 25
Research Challenges Adaptability: • How to extend systems safely • Integration of legacy systems Auditability: • Coherent audit across providers/systems • Reduction of audit costs Cloud (SaaS): • How to manage decentralized systems • How to capture behavior of the composition • Who is the attacker Process level vs. technical levels: • Security is more than CIA • Ensuring secure implementation © 2013 SAP AG. All Rights Reserved. Page 20 of 25
Agenda 1 Security, Trust, and Compliance of Business Processes 2 Process-aware Information Systems 3 Research Directions and Challenges 4 Conclusion © 2013 SAP AG. All Rights Reserved. Page 21 of 25
Conclusion “ The most interesting challenges are still ahead of us! • Real systems are large and complex: • many programming languages or frameworks • many security technologies • highly distributed • implement business processes in many different ways • Many research is done on the process level • We now need to bring the • process level • implementation level closer together to provide end-to-end security • Cloud solutions create new challenges: • data protection across different providers • new attacker models © 2013 SAP AG. All Rights Reserved. Page 22 of 25
Thank you!
Bibliography I Wihem Arsac, Luca Compagna, Giancarlo Pellegrino, and Serena Elisa Ponta. Security validation of business processes via model-checking. In Úlfar Erlingsson, Roel Wieringa, and Nicola Zannone, editors, ESSoS, volume 6542 of Lecture Notes in Computer Science, pages 29–42, Heidelberg, 2011. Springer-Verlag. Achim D. Brucker and Isabelle Hang. Secure and compliant implementation of business process-driven systems. In Marcello La Rosa and Pnina Soffer, editors, Joint Workshop on Security in Business Processes (sbp), volume 132 of Lecture Notes in Business Information Processing (lnbip), pages 662–674. Springer-Verlag, 2012. Achim D. Brucker, Isabelle Hang, Gero Lückemeyer, and Raj Ruparel. SecureBPMN: Modeling and enforcing access control requirements in business processes. In ACM symposium on access control models and technologies (SACMAT), pages 123–126. acm Press, 2012. © 2013 SAP AG. All Rights Reserved. Page 24 of 25
Bibliography II Luca Compagna, Pierre Guilleminot, and Achim D. Brucker. Business process compliance via security validation as a service. In Manuel Oriol and John Penix, editors, Testing Tools Track of International Conference on Software Testing, Verification, and Validation (Tools@icst). ieee Computer Society, 2013. Christian Wolter, Andreas Schaad, and Christoph Meinel. Deriving XACML policies from business process models. In Mathias Weske, Mohand-Said Hacid, and Claude Godart, editors, WISE Workshops, volume 4832 of Lecture Notes in Computer Science, pages 142–153. Springer-Verlag, 2007. © 2013 SAP AG. All Rights Reserved. Page 25 of 25
© 2013 SAP AG. All rights reserved No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. Microsoft, Windows, Excel, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation. IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5, System x, System z, System z10, System z9, z10, z9, iSeries, pSeries, xSeries, zSeries, eServer, z/VM, z/OS, i5/OS, S/390, OS/390, OS/400, AS/400, S/390 Parallel Enterprise Server, PowerVM, Power Architecture, POWER6+, POWER6, POWER5+, POWER5, POWER, OpenPower, PowerPC, BatchPipes, BladeCenter, System Storage, GPFS, HACMP, RETAIN, DB2 Connect, RACF, Redbooks, OS/2, Parallel Sysplex, MVS/ESA, AIX, Intelligent Miner, WebSphere, Netfinity, Tivoli and Informix are trademarks or registered trademarks of IBM Corporation. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries. Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of Adobe Systems Incorporated in the United States and/or other countries. Oracle is a registered trademark of Oracle Corporation. UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group. Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc. HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C®, World Wide Web Consortium, Massachusetts Institute of Technology. Java is a registered trademark of Sun Microsystems, Inc. JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape. SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP BusinessObjects Explorer, StreamWork, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries. Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions, Web Intelligence, Xcelsius, and other Business Objects products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Business Objects Software Ltd. Business Objects is an SAP company. Sybase and Adaptive Server, iAnywhere, Sybase 365, SQL Anywhere, and other Sybase products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Sybase, Inc. Sybase is an SAP company. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary. The information in this document is proprietary to SAP. No part of this document may be reproduced, copied, or transmitted in any form or for any purpose without the express prior written permission of SAP AG. This document is a preliminary version and not subject to your license agreement or any other agreement with SAP. This document contains only intended strategies, developments, and functionalities of the SAP® product and is not intended to be binding upon SAP to any particular course of business, product strategy, and/or development. Please note that this document is subject to change and may be changed by SAP at any time without notice. SAP assumes no responsibility for errors or omissions in this document. SAP does not warrant the accuracy or completeness of the information, text, graphics, links, or other items contained within this material. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or non-infringement. SAP shall have no liability for damages of any kind including without limitation direct, special, indirect, or consequential damages that may result from the use of these materials. This limitation shall not apply in cases of intent or gross negligence. The statutory liability for personal injury and defective products is not affected. SAP has no control over the information that you may access through the use of hot links contained in these materials and does not endorse your use of third-party Web pages nor provide any warranty whatsoever relating to third-party Web pages. © 2013 SAP AG. All Rights Reserved. Page 26 of 25

Recommended

Sidif Del Caribe
Sidif Del Caribe Sidif Del Caribe
Sidif Del Caribe Estefania Santiago
 
Security and privacy of cloud data: what you need to know (Interop)
Security and privacy of cloud data: what you need to know (Interop)Security and privacy of cloud data: what you need to know (Interop)
Security and privacy of cloud data: what you need to know (Interop)Druva
 
Smart Manufacturing
Smart ManufacturingSmart Manufacturing
Smart ManufacturingLukas Ott
 
2018 ISPE Tieghi OT/ICS CyberSecurity per Pharma 4.0
2018 ISPE Tieghi OT/ICS CyberSecurity per Pharma 4.02018 ISPE Tieghi OT/ICS CyberSecurity per Pharma 4.0
2018 ISPE Tieghi OT/ICS CyberSecurity per Pharma 4.0Enzo M. Tieghi
 
Alan Southall, SVP of Engineering, Head of IoT Predictive Maintenance, SAP
Alan Southall, SVP of Engineering, Head of IoT Predictive Maintenance, SAPAlan Southall, SVP of Engineering, Head of IoT Predictive Maintenance, SAP
Alan Southall, SVP of Engineering, Head of IoT Predictive Maintenance, SAPMIT Enterprise Forum Cambridge
 
Data Science in the Enterprise
Data Science in the EnterpriseData Science in the Enterprise
Data Science in the EnterpriseThe Hive
 
Mobile Workstations & Pharma 4.0 - Wai Wong, VP Validation, Pharmatech Associ...
Mobile Workstations & Pharma 4.0 - Wai Wong, VP Validation, Pharmatech Associ...Mobile Workstations & Pharma 4.0 - Wai Wong, VP Validation, Pharmatech Associ...
Mobile Workstations & Pharma 4.0 - Wai Wong, VP Validation, Pharmatech Associ...SIPRI
 
MT108 On the Edge of Eminence:When Will Services Transform the System?
MT108 On the Edge of Eminence:When Will Services Transform the System?MT108 On the Edge of Eminence:When Will Services Transform the System?
MT108 On the Edge of Eminence:When Will Services Transform the System?Dell EMC World
 

Recommended

Sidif Del Caribe
Sidif Del Caribe Sidif Del Caribe
Sidif Del Caribe Estefania Santiago
 
Security and privacy of cloud data: what you need to know (Interop)
Security and privacy of cloud data: what you need to know (Interop)Security and privacy of cloud data: what you need to know (Interop)
Security and privacy of cloud data: what you need to know (Interop)Druva
 
Smart Manufacturing
Smart ManufacturingSmart Manufacturing
Smart ManufacturingLukas Ott
 
2018 ISPE Tieghi OT/ICS CyberSecurity per Pharma 4.0
2018 ISPE Tieghi OT/ICS CyberSecurity per Pharma 4.02018 ISPE Tieghi OT/ICS CyberSecurity per Pharma 4.0
2018 ISPE Tieghi OT/ICS CyberSecurity per Pharma 4.0Enzo M. Tieghi
 
Alan Southall, SVP of Engineering, Head of IoT Predictive Maintenance, SAP
Alan Southall, SVP of Engineering, Head of IoT Predictive Maintenance, SAPAlan Southall, SVP of Engineering, Head of IoT Predictive Maintenance, SAP
Alan Southall, SVP of Engineering, Head of IoT Predictive Maintenance, SAPMIT Enterprise Forum Cambridge
 
Data Science in the Enterprise
Data Science in the EnterpriseData Science in the Enterprise
Data Science in the EnterpriseThe Hive
 
Mobile Workstations & Pharma 4.0 - Wai Wong, VP Validation, Pharmatech Associ...
Mobile Workstations & Pharma 4.0 - Wai Wong, VP Validation, Pharmatech Associ...Mobile Workstations & Pharma 4.0 - Wai Wong, VP Validation, Pharmatech Associ...
Mobile Workstations & Pharma 4.0 - Wai Wong, VP Validation, Pharmatech Associ...SIPRI
 
MT108 On the Edge of Eminence:When Will Services Transform the System?
MT108 On the Edge of Eminence:When Will Services Transform the System?MT108 On the Edge of Eminence:When Will Services Transform the System?
MT108 On the Edge of Eminence:When Will Services Transform the System?Dell EMC World
 
Seeberger
Seeberger Seeberger
Seeberger Cisco Case Studies
 
Delta g ric_consulting_presentation_erpscan_2015
Delta g ric_consulting_presentation_erpscan_2015Delta g ric_consulting_presentation_erpscan_2015
Delta g ric_consulting_presentation_erpscan_2015Tunde Ogunkoya
 
Chrome Summary
Chrome SummaryChrome Summary
Chrome SummaryTony Chadwick
 
Pistoia Alliance Debates: PhUSE Framework for the Adoption of Cloud Technolog...
Pistoia Alliance Debates: PhUSE Framework for the Adoption of Cloud Technolog...Pistoia Alliance Debates: PhUSE Framework for the Adoption of Cloud Technolog...
Pistoia Alliance Debates: PhUSE Framework for the Adoption of Cloud Technolog...Pistoia Alliance
 
MT155 Analytics and Cloud Native Apps – Your Business Game Changer
MT155 Analytics and Cloud Native Apps – Your Business Game ChangerMT155 Analytics and Cloud Native Apps – Your Business Game Changer
MT155 Analytics and Cloud Native Apps – Your Business Game ChangerDell EMC World
 
ePlus Managed Security Services
ePlus Managed Security ServicesePlus Managed Security Services
ePlus Managed Security ServicesePlus
 
IHS KNOWLEDGE COLLECTIONS - Solve Engineering Problems Faster with Technical ...
IHS KNOWLEDGE COLLECTIONS - Solve Engineering Problems Faster with Technical ...IHS KNOWLEDGE COLLECTIONS - Solve Engineering Problems Faster with Technical ...
IHS KNOWLEDGE COLLECTIONS - Solve Engineering Problems Faster with Technical ...SCA - Hygiene and Forest Products Company
 
VSD Istanbul 2018
VSD Istanbul 2018VSD Istanbul 2018
VSD Istanbul 2018Veritas Technologies LLC
 
VSD Paris 2018 - Présentation Finale
VSD Paris 2018 - Présentation FinaleVSD Paris 2018 - Présentation Finale
VSD Paris 2018 - Présentation FinaleVeritas Technologies LLC
 
MT82 IoT Security Starts at Edge
MT82 IoT Security Starts at EdgeMT82 IoT Security Starts at Edge
MT82 IoT Security Starts at EdgeDell EMC World
 
Resume of ng ten seng
Resume of ng ten sengResume of ng ten seng
Resume of ng ten sengTen Seng Ng
 
Integrating Application Security into a Software Development Process
Integrating Application Security into a Software Development ProcessIntegrating Application Security into a Software Development Process
Integrating Application Security into a Software Development ProcessAchim D. Brucker
 
Building Elastic into security operations
Building Elastic into security operationsBuilding Elastic into security operations
Building Elastic into security operationsElasticsearch
 
Improve Data Protection and Compliance with UI-Level Logging and Masking
Improve Data Protection and Compliance with UI-Level Logging and MaskingImprove Data Protection and Compliance with UI-Level Logging and Masking
Improve Data Protection and Compliance with UI-Level Logging and MaskingPatric Dahse
 
Leveraging The Power Of The Cloud For Your Business
Leveraging The Power Of The Cloud For Your BusinessLeveraging The Power Of The Cloud For Your Business
Leveraging The Power Of The Cloud For Your BusinessJoel Katz
 
¿Cómo las manufacturas están evolucionando hacia la Industria 4.0 con la virt...
¿Cómo las manufacturas están evolucionando hacia la Industria 4.0 con la virt...¿Cómo las manufacturas están evolucionando hacia la Industria 4.0 con la virt...
¿Cómo las manufacturas están evolucionando hacia la Industria 4.0 con la virt...Denodo
 
Industrial Challenges of Secure Software Development
Industrial Challenges of Secure Software DevelopmentIndustrial Challenges of Secure Software Development
Industrial Challenges of Secure Software DevelopmentAchim D. Brucker
 
Mark Sage (AREA): Fulfilling the Potential of AR for Enterprise
Mark Sage (AREA): Fulfilling the Potential of AR for EnterpriseMark Sage (AREA): Fulfilling the Potential of AR for Enterprise
Mark Sage (AREA): Fulfilling the Potential of AR for EnterpriseAugmentedWorldExpo
 
When SAP alone is not enough
When SAP alone is not enoughWhen SAP alone is not enough
When SAP alone is not enoughCloudera, Inc.
 
Big Data: Myths and Realities
Big Data: Myths and RealitiesBig Data: Myths and Realities
Big Data: Myths and RealitiesToronto-Oracle-Users-Group
 
Microsoft Power Platform Governance with Runpipe
Microsoft Power Platform Governance with RunpipeMicrosoft Power Platform Governance with Runpipe
Microsoft Power Platform Governance with RunpipeRunpipe
 
Google Technical Webinar - Building Mashups with Google Apps and SAP, using S...
Google Technical Webinar - Building Mashups with Google Apps and SAP, using S...Google Technical Webinar - Building Mashups with Google Apps and SAP, using S...
Google Technical Webinar - Building Mashups with Google Apps and SAP, using S...SAP PartnerEdge program for Application Development
 

More Related Content

What's hot

Delta g ric_consulting_presentation_erpscan_2015
Delta g ric_consulting_presentation_erpscan_2015Delta g ric_consulting_presentation_erpscan_2015
Delta g ric_consulting_presentation_erpscan_2015Tunde Ogunkoya
 
Pistoia Alliance Debates: PhUSE Framework for the Adoption of Cloud Technolog...
Pistoia Alliance Debates: PhUSE Framework for the Adoption of Cloud Technolog...Pistoia Alliance Debates: PhUSE Framework for the Adoption of Cloud Technolog...
Pistoia Alliance Debates: PhUSE Framework for the Adoption of Cloud Technolog...Pistoia Alliance
 
MT155 Analytics and Cloud Native Apps – Your Business Game Changer
MT155 Analytics and Cloud Native Apps – Your Business Game ChangerMT155 Analytics and Cloud Native Apps – Your Business Game Changer
MT155 Analytics and Cloud Native Apps – Your Business Game ChangerDell EMC World
 
ePlus Managed Security Services
ePlus Managed Security ServicesePlus Managed Security Services
ePlus Managed Security ServicesePlus
 
IHS KNOWLEDGE COLLECTIONS - Solve Engineering Problems Faster with Technical ...
IHS KNOWLEDGE COLLECTIONS - Solve Engineering Problems Faster with Technical ...IHS KNOWLEDGE COLLECTIONS - Solve Engineering Problems Faster with Technical ...
IHS KNOWLEDGE COLLECTIONS - Solve Engineering Problems Faster with Technical ...SCA - Hygiene and Forest Products Company
 
MT82 IoT Security Starts at Edge
MT82 IoT Security Starts at EdgeMT82 IoT Security Starts at Edge
MT82 IoT Security Starts at EdgeDell EMC World
 
Resume of ng ten seng
Resume of ng ten sengResume of ng ten seng
Resume of ng ten sengTen Seng Ng
 

What's hot (11)

Seeberger
Seeberger Seeberger
Seeberger
 
Delta g ric_consulting_presentation_erpscan_2015
Delta g ric_consulting_presentation_erpscan_2015Delta g ric_consulting_presentation_erpscan_2015
Delta g ric_consulting_presentation_erpscan_2015
 
Chrome Summary
Chrome SummaryChrome Summary
Chrome Summary
 
Pistoia Alliance Debates: PhUSE Framework for the Adoption of Cloud Technolog...
Pistoia Alliance Debates: PhUSE Framework for the Adoption of Cloud Technolog...Pistoia Alliance Debates: PhUSE Framework for the Adoption of Cloud Technolog...
Pistoia Alliance Debates: PhUSE Framework for the Adoption of Cloud Technolog...
 
MT155 Analytics and Cloud Native Apps – Your Business Game Changer
MT155 Analytics and Cloud Native Apps – Your Business Game ChangerMT155 Analytics and Cloud Native Apps – Your Business Game Changer
MT155 Analytics and Cloud Native Apps – Your Business Game Changer
 
ePlus Managed Security Services
ePlus Managed Security ServicesePlus Managed Security Services
ePlus Managed Security Services
 
IHS KNOWLEDGE COLLECTIONS - Solve Engineering Problems Faster with Technical ...
IHS KNOWLEDGE COLLECTIONS - Solve Engineering Problems Faster with Technical ...IHS KNOWLEDGE COLLECTIONS - Solve Engineering Problems Faster with Technical ...
IHS KNOWLEDGE COLLECTIONS - Solve Engineering Problems Faster with Technical ...
 
VSD Istanbul 2018
VSD Istanbul 2018VSD Istanbul 2018
VSD Istanbul 2018
 
VSD Paris 2018 - Présentation Finale
VSD Paris 2018 - Présentation FinaleVSD Paris 2018 - Présentation Finale
VSD Paris 2018 - Présentation Finale
 
MT82 IoT Security Starts at Edge
MT82 IoT Security Starts at EdgeMT82 IoT Security Starts at Edge
MT82 IoT Security Starts at Edge
 
Resume of ng ten seng
Resume of ng ten sengResume of ng ten seng
Resume of ng ten seng
 

Similar to Security in the Context of Business Processes: Thoughts from a System Vendor's Perspective

Integrating Application Security into a Software Development Process
Integrating Application Security into a Software Development ProcessIntegrating Application Security into a Software Development Process
Integrating Application Security into a Software Development ProcessAchim D. Brucker
 
Building Elastic into security operations
Building Elastic into security operationsBuilding Elastic into security operations
Building Elastic into security operationsElasticsearch
 
Improve Data Protection and Compliance with UI-Level Logging and Masking
Improve Data Protection and Compliance with UI-Level Logging and MaskingImprove Data Protection and Compliance with UI-Level Logging and Masking
Improve Data Protection and Compliance with UI-Level Logging and MaskingPatric Dahse
 
Leveraging The Power Of The Cloud For Your Business
Leveraging The Power Of The Cloud For Your BusinessLeveraging The Power Of The Cloud For Your Business
Leveraging The Power Of The Cloud For Your BusinessJoel Katz
 
¿Cómo las manufacturas están evolucionando hacia la Industria 4.0 con la virt...
¿Cómo las manufacturas están evolucionando hacia la Industria 4.0 con la virt...¿Cómo las manufacturas están evolucionando hacia la Industria 4.0 con la virt...
¿Cómo las manufacturas están evolucionando hacia la Industria 4.0 con la virt...Denodo
 
Industrial Challenges of Secure Software Development
Industrial Challenges of Secure Software DevelopmentIndustrial Challenges of Secure Software Development
Industrial Challenges of Secure Software DevelopmentAchim D. Brucker
 
Mark Sage (AREA): Fulfilling the Potential of AR for Enterprise
Mark Sage (AREA): Fulfilling the Potential of AR for EnterpriseMark Sage (AREA): Fulfilling the Potential of AR for Enterprise
Mark Sage (AREA): Fulfilling the Potential of AR for EnterpriseAugmentedWorldExpo
 
When SAP alone is not enough
When SAP alone is not enoughWhen SAP alone is not enough
When SAP alone is not enoughCloudera, Inc.
 
Microsoft Power Platform Governance with Runpipe
Microsoft Power Platform Governance with RunpipeMicrosoft Power Platform Governance with Runpipe
Microsoft Power Platform Governance with RunpipeRunpipe
 
Capgemini Leap Data Transformation Framework with Cloudera
Capgemini Leap Data Transformation Framework with ClouderaCapgemini Leap Data Transformation Framework with Cloudera
Capgemini Leap Data Transformation Framework with ClouderaCapgemini
 
Radical Optimization: How the Internet of Things, 3D Printing and Innovative ...
Radical Optimization: How the Internet of Things, 3D Printing and Innovative ...Radical Optimization: How the Internet of Things, 3D Printing and Innovative ...
Radical Optimization: How the Internet of Things, 3D Printing and Innovative ...Sustainable Brands
 
Big data oracle_introduccion
Big data oracle_introduccionBig data oracle_introduccion
Big data oracle_introduccionFran Navarro
 
Digital Transformation: How to Run Best-in-Class IT Operations in a World of ...
Digital Transformation: How to Run Best-in-Class IT Operations in a World of ...Digital Transformation: How to Run Best-in-Class IT Operations in a World of ...
Digital Transformation: How to Run Best-in-Class IT Operations in a World of ...Precisely
 
Embedded-ml(ai)applications - Bjoern Staender
Embedded-ml(ai)applications - Bjoern StaenderEmbedded-ml(ai)applications - Bjoern Staender
Embedded-ml(ai)applications - Bjoern StaenderDataconomy Media
 
Sap ilm detailed presentation
Sap ilm detailed presentationSap ilm detailed presentation
Sap ilm detailed presentationyusufcetin_sap
 
Digital Transformation and Process Optimization in Manufacturing
Digital Transformation and Process Optimization in ManufacturingDigital Transformation and Process Optimization in Manufacturing
Digital Transformation and Process Optimization in ManufacturingBigML, Inc
 
110818 leitfaden datenschutz_englisch_final
110818 leitfaden datenschutz_englisch_final110818 leitfaden datenschutz_englisch_final
110818 leitfaden datenschutz_englisch_finalPhong Ho
 
Big data for cybersecurity - skilledfield slides - 25032021
Big data for cybersecurity - skilledfield slides - 25032021Big data for cybersecurity - skilledfield slides - 25032021
Big data for cybersecurity - skilledfield slides - 25032021Mouaz Alnouri
 

Similar to Security in the Context of Business Processes: Thoughts from a System Vendor's Perspective (20)

Integrating Application Security into a Software Development Process
Integrating Application Security into a Software Development ProcessIntegrating Application Security into a Software Development Process
Integrating Application Security into a Software Development Process
 
Building Elastic into security operations
Building Elastic into security operationsBuilding Elastic into security operations
Building Elastic into security operations
 
Improve Data Protection and Compliance with UI-Level Logging and Masking
Improve Data Protection and Compliance with UI-Level Logging and MaskingImprove Data Protection and Compliance with UI-Level Logging and Masking
Improve Data Protection and Compliance with UI-Level Logging and Masking
 
Leveraging The Power Of The Cloud For Your Business
Leveraging The Power Of The Cloud For Your BusinessLeveraging The Power Of The Cloud For Your Business
Leveraging The Power Of The Cloud For Your Business
 
¿Cómo las manufacturas están evolucionando hacia la Industria 4.0 con la virt...
¿Cómo las manufacturas están evolucionando hacia la Industria 4.0 con la virt...¿Cómo las manufacturas están evolucionando hacia la Industria 4.0 con la virt...
¿Cómo las manufacturas están evolucionando hacia la Industria 4.0 con la virt...
 
Industrial Challenges of Secure Software Development
Industrial Challenges of Secure Software DevelopmentIndustrial Challenges of Secure Software Development
Industrial Challenges of Secure Software Development
 
Mark Sage (AREA): Fulfilling the Potential of AR for Enterprise
Mark Sage (AREA): Fulfilling the Potential of AR for EnterpriseMark Sage (AREA): Fulfilling the Potential of AR for Enterprise
Mark Sage (AREA): Fulfilling the Potential of AR for Enterprise
 
When SAP alone is not enough
When SAP alone is not enoughWhen SAP alone is not enough
When SAP alone is not enough
 
Big Data: Myths and Realities
Big Data: Myths and RealitiesBig Data: Myths and Realities
Big Data: Myths and Realities
 
Microsoft Power Platform Governance with Runpipe
Microsoft Power Platform Governance with RunpipeMicrosoft Power Platform Governance with Runpipe
Microsoft Power Platform Governance with Runpipe
 
Google Technical Webinar - Building Mashups with Google Apps and SAP, using S...
Google Technical Webinar - Building Mashups with Google Apps and SAP, using S...Google Technical Webinar - Building Mashups with Google Apps and SAP, using S...
Google Technical Webinar - Building Mashups with Google Apps and SAP, using S...
 
Capgemini Leap Data Transformation Framework with Cloudera
Capgemini Leap Data Transformation Framework with ClouderaCapgemini Leap Data Transformation Framework with Cloudera
Capgemini Leap Data Transformation Framework with Cloudera
 
Radical Optimization: How the Internet of Things, 3D Printing and Innovative ...
Radical Optimization: How the Internet of Things, 3D Printing and Innovative ...Radical Optimization: How the Internet of Things, 3D Printing and Innovative ...
Radical Optimization: How the Internet of Things, 3D Printing and Innovative ...
 
Big data oracle_introduccion
Big data oracle_introduccionBig data oracle_introduccion
Big data oracle_introduccion
 
Digital Transformation: How to Run Best-in-Class IT Operations in a World of ...
Digital Transformation: How to Run Best-in-Class IT Operations in a World of ...Digital Transformation: How to Run Best-in-Class IT Operations in a World of ...
Digital Transformation: How to Run Best-in-Class IT Operations in a World of ...
 
Embedded-ml(ai)applications - Bjoern Staender
Embedded-ml(ai)applications - Bjoern StaenderEmbedded-ml(ai)applications - Bjoern Staender
Embedded-ml(ai)applications - Bjoern Staender
 
Sap ilm detailed presentation
Sap ilm detailed presentationSap ilm detailed presentation
Sap ilm detailed presentation
 
Digital Transformation and Process Optimization in Manufacturing
Digital Transformation and Process Optimization in ManufacturingDigital Transformation and Process Optimization in Manufacturing
Digital Transformation and Process Optimization in Manufacturing
 
110818 leitfaden datenschutz_englisch_final
110818 leitfaden datenschutz_englisch_final110818 leitfaden datenschutz_englisch_final
110818 leitfaden datenschutz_englisch_final
 
Big data for cybersecurity - skilledfield slides - 25032021
Big data for cybersecurity - skilledfield slides - 25032021Big data for cybersecurity - skilledfield slides - 25032021
Big data for cybersecurity - skilledfield slides - 25032021
 

More from Achim D. Brucker

Usable Security for Developers: A Nightmare
Usable Security for Developers: A NightmareUsable Security for Developers: A Nightmare
Usable Security for Developers: A NightmareAchim D. Brucker
 
Formalizing (Web) Standards: An Application of Test and Proof
Formalizing (Web) Standards: An Application of Test and ProofFormalizing (Web) Standards: An Application of Test and Proof
Formalizing (Web) Standards: An Application of Test and ProofAchim D. Brucker
 
Your (not so) smart TV is currently busy with taking down the Internet
Your (not so) smart TV is currently busy with taking down the InternetYour (not so) smart TV is currently busy with taking down the Internet
Your (not so) smart TV is currently busy with taking down the InternetAchim D. Brucker
 
Combining the Security Risks of Native and Web Development: Hybrid Apps
Combining the Security Risks of Native and Web Development: Hybrid AppsCombining the Security Risks of Native and Web Development: Hybrid Apps
Combining the Security Risks of Native and Web Development: Hybrid AppsAchim D. Brucker
 
The Evil Friend in Your Browser
The Evil Friend in Your BrowserThe Evil Friend in Your Browser
The Evil Friend in Your BrowserAchim D. Brucker
 
How to Enable Developers to Deliver Secure Code
How to Enable Developers to Deliver Secure CodeHow to Enable Developers to Deliver Secure Code
How to Enable Developers to Deliver Secure CodeAchim D. Brucker
 
Developing Secure Software: Experiences From an International Software Vendor
Developing Secure Software: Experiences From an International Software VendorDeveloping Secure Software: Experiences From an International Software Vendor
Developing Secure Software: Experiences From an International Software VendorAchim D. Brucker
 
Using Third Party Components for Building an Application Might be More Danger...
Using Third Party Components for Building an Application Might be More Danger...Using Third Party Components for Building an Application Might be More Danger...
Using Third Party Components for Building an Application Might be More Danger...Achim D. Brucker
 
On the Static Analysis of Hybrid Mobile Apps: A Report on the State of Apache...
On the Static Analysis of Hybrid Mobile Apps: A Report on the State of Apache...On the Static Analysis of Hybrid Mobile Apps: A Report on the State of Apache...
On the Static Analysis of Hybrid Mobile Apps: A Report on the State of Apache...Achim D. Brucker
 
Isabelle: Not Only a Proof Assistant
Isabelle: Not Only a Proof AssistantIsabelle: Not Only a Proof Assistant
Isabelle: Not Only a Proof AssistantAchim D. Brucker
 
Agile Secure Software Development in a Large Software Development Organisatio...
Agile Secure Software Development in a Large Software Development Organisatio...Agile Secure Software Development in a Large Software Development Organisatio...
Agile Secure Software Development in a Large Software Development Organisatio...Achim D. Brucker
 
Bringing Security Testing to Development: How to Enable Developers to Act as ...
Bringing Security Testing to Development: How to Enable Developers to Act as ...Bringing Security Testing to Development: How to Enable Developers to Act as ...
Bringing Security Testing to Development: How to Enable Developers to Act as ...Achim D. Brucker
 
Security Testing: Myths, Challenges, and Opportunities - Experiences in Integ...
Security Testing: Myths, Challenges, and Opportunities - Experiences in Integ...Security Testing: Myths, Challenges, and Opportunities - Experiences in Integ...
Security Testing: Myths, Challenges, and Opportunities - Experiences in Integ...Achim D. Brucker
 
SAST for JavaScript: A Brief Overview of Commercial Tools
SAST for JavaScript: A Brief Overview of Commercial ToolsSAST for JavaScript: A Brief Overview of Commercial Tools
SAST for JavaScript: A Brief Overview of Commercial ToolsAchim D. Brucker
 
A Collection of Real World (JavaScript) Security Problems: Examples from 2 1/...
A Collection of Real World (JavaScript) Security Problems: Examples from 2 1/...A Collection of Real World (JavaScript) Security Problems: Examples from 2 1/...
A Collection of Real World (JavaScript) Security Problems: Examples from 2 1/...Achim D. Brucker
 
Deploying Static Application Security Testing on a Large Scale
Deploying Static Application Security Testing on a Large ScaleDeploying Static Application Security Testing on a Large Scale
Deploying Static Application Security Testing on a Large ScaleAchim D. Brucker
 
Model-based Conformance Testing of Security Properties
Model-based Conformance Testing of Security PropertiesModel-based Conformance Testing of Security Properties
Model-based Conformance Testing of Security PropertiesAchim D. Brucker
 
Service Compositions: Curse or Blessing for Security?
Service Compositions: Curse or Blessing for Security?Service Compositions: Curse or Blessing for Security?
Service Compositions: Curse or Blessing for Security?Achim D. Brucker
 
Encoding Object-oriented Datatypes in HOL: Extensible Records Revisited
Encoding Object-oriented Datatypes in HOL: Extensible Records RevisitedEncoding Object-oriented Datatypes in HOL: Extensible Records Revisited
Encoding Object-oriented Datatypes in HOL: Extensible Records RevisitedAchim D. Brucker
 
A Framework for Secure Service Composition
A Framework for Secure Service CompositionA Framework for Secure Service Composition
A Framework for Secure Service CompositionAchim D. Brucker
 

More from Achim D. Brucker (20)

Usable Security for Developers: A Nightmare
Usable Security for Developers: A NightmareUsable Security for Developers: A Nightmare
Usable Security for Developers: A Nightmare
 
Formalizing (Web) Standards: An Application of Test and Proof
Formalizing (Web) Standards: An Application of Test and ProofFormalizing (Web) Standards: An Application of Test and Proof
Formalizing (Web) Standards: An Application of Test and Proof
 
Your (not so) smart TV is currently busy with taking down the Internet
Your (not so) smart TV is currently busy with taking down the InternetYour (not so) smart TV is currently busy with taking down the Internet
Your (not so) smart TV is currently busy with taking down the Internet
 
Combining the Security Risks of Native and Web Development: Hybrid Apps
Combining the Security Risks of Native and Web Development: Hybrid AppsCombining the Security Risks of Native and Web Development: Hybrid Apps
Combining the Security Risks of Native and Web Development: Hybrid Apps
 
The Evil Friend in Your Browser
The Evil Friend in Your BrowserThe Evil Friend in Your Browser
The Evil Friend in Your Browser
 
How to Enable Developers to Deliver Secure Code
How to Enable Developers to Deliver Secure CodeHow to Enable Developers to Deliver Secure Code
How to Enable Developers to Deliver Secure Code
 
Developing Secure Software: Experiences From an International Software Vendor
Developing Secure Software: Experiences From an International Software VendorDeveloping Secure Software: Experiences From an International Software Vendor
Developing Secure Software: Experiences From an International Software Vendor
 
Using Third Party Components for Building an Application Might be More Danger...
Using Third Party Components for Building an Application Might be More Danger...Using Third Party Components for Building an Application Might be More Danger...
Using Third Party Components for Building an Application Might be More Danger...
 
On the Static Analysis of Hybrid Mobile Apps: A Report on the State of Apache...
On the Static Analysis of Hybrid Mobile Apps: A Report on the State of Apache...On the Static Analysis of Hybrid Mobile Apps: A Report on the State of Apache...
On the Static Analysis of Hybrid Mobile Apps: A Report on the State of Apache...
 
Isabelle: Not Only a Proof Assistant
Isabelle: Not Only a Proof AssistantIsabelle: Not Only a Proof Assistant
Isabelle: Not Only a Proof Assistant
 
Agile Secure Software Development in a Large Software Development Organisatio...
Agile Secure Software Development in a Large Software Development Organisatio...Agile Secure Software Development in a Large Software Development Organisatio...
Agile Secure Software Development in a Large Software Development Organisatio...
 
Bringing Security Testing to Development: How to Enable Developers to Act as ...
Bringing Security Testing to Development: How to Enable Developers to Act as ...Bringing Security Testing to Development: How to Enable Developers to Act as ...
Bringing Security Testing to Development: How to Enable Developers to Act as ...
 
Security Testing: Myths, Challenges, and Opportunities - Experiences in Integ...
Security Testing: Myths, Challenges, and Opportunities - Experiences in Integ...Security Testing: Myths, Challenges, and Opportunities - Experiences in Integ...
Security Testing: Myths, Challenges, and Opportunities - Experiences in Integ...
 
SAST for JavaScript: A Brief Overview of Commercial Tools
SAST for JavaScript: A Brief Overview of Commercial ToolsSAST for JavaScript: A Brief Overview of Commercial Tools
SAST for JavaScript: A Brief Overview of Commercial Tools
 
A Collection of Real World (JavaScript) Security Problems: Examples from 2 1/...
A Collection of Real World (JavaScript) Security Problems: Examples from 2 1/...A Collection of Real World (JavaScript) Security Problems: Examples from 2 1/...
A Collection of Real World (JavaScript) Security Problems: Examples from 2 1/...
 
Deploying Static Application Security Testing on a Large Scale
Deploying Static Application Security Testing on a Large ScaleDeploying Static Application Security Testing on a Large Scale
Deploying Static Application Security Testing on a Large Scale
 
Model-based Conformance Testing of Security Properties
Model-based Conformance Testing of Security PropertiesModel-based Conformance Testing of Security Properties
Model-based Conformance Testing of Security Properties
 
Service Compositions: Curse or Blessing for Security?
Service Compositions: Curse or Blessing for Security?Service Compositions: Curse or Blessing for Security?
Service Compositions: Curse or Blessing for Security?
 
Encoding Object-oriented Datatypes in HOL: Extensible Records Revisited
Encoding Object-oriented Datatypes in HOL: Extensible Records RevisitedEncoding Object-oriented Datatypes in HOL: Extensible Records Revisited
Encoding Object-oriented Datatypes in HOL: Extensible Records Revisited
 
A Framework for Secure Service Composition
A Framework for Secure Service CompositionA Framework for Secure Service Composition
A Framework for Secure Service Composition
 

Recently uploaded

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 

Recently uploaded (20)

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 

Security in the Context of Business Processes: Thoughts from a System Vendor's Perspective

  • 1. Security in the Context of Business Processes Thoughts from a System Vendor’s Perspective Achim D. Brucker achim.brucker@sap.com SAP AG, Vincenz-Priessnitz-Str. 1, 76131 Karlsruhe, Germany Dagstuhl Seminar 13211: “Verifiably Secure Process-Aware Information Systems” http://www.dagstuhl.de/13341 18.08.2013 – 23.08.2013
  • 2. Abstract Enterprise systems in general and process aware systems in particular are storing and processing the most critical assets of a company. To protect these assets, such systems need to implement a multitude of security properties. Moreover, such systems need often to comply to various compliance regulations. In this keynote, we present process-level security requirements as well as discuss the gap between the ideal world of process-aware information systems and the real world. We conclude our presentation by discussing several research challenges in the area of verifiable secure process aware information systems. © 2013 SAP AG. All Rights Reserved. Page 2 of 25
  • 3. Agenda 1 Security, Trust, and Compliance of Business Processes 2 Process-aware Information Systems 3 Research Directions and Challenges 4 Conclusion © 2013 SAP AG. All Rights Reserved. Page 3 of 25
  • 4. Point of View Overall: • Vendor process-aware systems • More than 25 industries • 63% of the world’s transaction revenue touches an SAP system • 64 422 employees worldwide Personal Background: • Researcher (SE, FM, Security) • Security Expert: supporting all phases of a SDLC © 2013 SAP AG. All Rights Reserved. Page 4 of 25
  • 5. Agenda 1 Security, Trust, and Compliance of Business Processes 2 Process-aware Information Systems 3 Research Directions and Challenges 4 Conclusion © 2013 SAP AG. All Rights Reserved. Page 5 of 25
  • 6. Security in Business Processes: An Example © 2013 SAP AG. All Rights Reserved. Page 6 of 25
  • 7. Access Control Goal: • Control access to Tasks, Resources (Data), . . . The core: • Usually: Users, Roles, Access Rights, . . . • In special cases: Data labeling On top: • Separation of Duty • Binding of Duty • Delegation © 2013 SAP AG. All Rights Reserved. Page 7 of 25
  • 8. Protecting Data (and Goods) Goal: • Ensure • confidentiality • integrity (safety) of data (and goods) The core: • Need-to-Know • Fingerprints • Encryption • Sensors © 2013 SAP AG. All Rights Reserved. Page 8 of 25
  • 9. Compliance and Additional Requirements Many regulated markets • Basel II/III, SoX, PCI • HIPAA Many customer-specific regulations • Own governance to mitigate risks • Own business code of conduct • Fraud detection/prevention • Non-observability Customers are individually audited • No “one certificate fits all” solution Security should not hinder business © 2013 SAP AG. All Rights Reserved. Page 9 of 25
  • 10. Agenda 1 Security, Trust, and Compliance of Business Processes 2 Process-aware Information Systems 3 Research Directions and Challenges 4 Conclusion © 2013 SAP AG. All Rights Reserved. Page 10 of 25
  • 11. Ideal World: Modeling © 2013 SAP AG. All Rights Reserved. Page 11 of 25
  • 12. Ideal World: Deployment and Execution © 2013 SAP AG. All Rights Reserved. Page 12 of 25
  • 13. Real World: Modeling Process Models: • BPMN/BPEL • Configurable transactions • Custom Coding • Legacy Systems • External services Security: • Each system (OS, DB, IS) • own security infrastructure • own logging infrastructure • Management solutions try to bridge this gap © 2013 SAP AG. All Rights Reserved. Page 13 of 25
  • 14. Real World: Deployment and Execution Backend: • AS Java, AS ABAP • Business Process Engine • Legacy Systems • External services • Sensors and product lines Frontend: • Desktop clients • Web-based clients • Mobile clients • Client side compositions (e.g., mash-ups) © 2013 SAP AG. All Rights Reserved. Page 14 of 25
  • 15. How the Future Might Look Like Human Resources (z.B. SuccessFactors) CRM (z.B. Salesforce) Kostenverwaltung (z.B. Concur) Log Log Log Customer On Premise Log © 2013 SAP AG. All Rights Reserved. Page 15 of 25
  • 16. Evolution of Source Code • Increase in • code size • code complexity • number of products • product versions © 2013 SAP AG. All Rights Reserved. Page 16 of 25
  • 17. Support Lifecycle (Maintenance) © 2013 SAP AG. All Rights Reserved. Page 17 of 25
  • 18. Support Lifecycle (Maintenance) 0 20.000 40.000 60.000 80.000 100.000 120.000 1998 2004 2012 No. of Systems No. of Customers © 2013 SAP AG. All Rights Reserved. Page 17 of 25
  • 19. Support Lifecycle (Maintenance) 0 20.000 40.000 60.000 80.000 100.000 120.000 140.000 1998 2004 2012 No. of Systems No. of Customers Example (Maintenance Cycles) Produkt Release EOL ext. EOL Windows XP 2001 2009 2014 Windows 8 2012 2018 2023 Red Hat Ent. Linux 2012 2020 2023 SAP ERP 2004 2020 > 2024 Maintenance fees: typical 20% of the original price © 2013 SAP AG. All Rights Reserved. Page 17 of 25
  • 20. Agenda 1 Security, Trust, and Compliance of Business Processes 2 Process-aware Information Systems 3 Research Directions and Challenges 4 Conclusion © 2013 SAP AG. All Rights Reserved. Page 18 of 25
  • 21. Our Research Over the Last Decade Access Control for Processes • RBAC-like models • Delegation models • Break-(the)-glass models Model-driven Security • Modeling of Security • Generation of implementation, configuration • Monitoring based on models Process-level Verification • Compliance to security spec. • Consistency of security configurations Implementation-level Verification • Compliance of implementation to process level security req. © 2013 SAP AG. All Rights Reserved. Page 19 of 25
  • 22. Research Challenges Adaptability: • How to extend systems safely • Integration of legacy systems Auditability: • Coherent audit across providers/systems • Reduction of audit costs Cloud (SaaS): • How to manage decentralized systems • How to capture behavior of the composition • Who is the attacker Process level vs. technical levels: • Security is more than CIA • Ensuring secure implementation © 2013 SAP AG. All Rights Reserved. Page 20 of 25
  • 23. Agenda 1 Security, Trust, and Compliance of Business Processes 2 Process-aware Information Systems 3 Research Directions and Challenges 4 Conclusion © 2013 SAP AG. All Rights Reserved. Page 21 of 25
  • 24. Conclusion “ The most interesting challenges are still ahead of us! • Real systems are large and complex: • many programming languages or frameworks • many security technologies • highly distributed • implement business processes in many different ways • Many research is done on the process level • We now need to bring the • process level • implementation level closer together to provide end-to-end security • Cloud solutions create new challenges: • data protection across different providers • new attacker models © 2013 SAP AG. All Rights Reserved. Page 22 of 25
  • 26. Bibliography I Wihem Arsac, Luca Compagna, Giancarlo Pellegrino, and Serena Elisa Ponta. Security validation of business processes via model-checking. In Úlfar Erlingsson, Roel Wieringa, and Nicola Zannone, editors, ESSoS, volume 6542 of Lecture Notes in Computer Science, pages 29–42, Heidelberg, 2011. Springer-Verlag. Achim D. Brucker and Isabelle Hang. Secure and compliant implementation of business process-driven systems. In Marcello La Rosa and Pnina Soffer, editors, Joint Workshop on Security in Business Processes (sbp), volume 132 of Lecture Notes in Business Information Processing (lnbip), pages 662–674. Springer-Verlag, 2012. Achim D. Brucker, Isabelle Hang, Gero Lückemeyer, and Raj Ruparel. SecureBPMN: Modeling and enforcing access control requirements in business processes. In ACM symposium on access control models and technologies (SACMAT), pages 123–126. acm Press, 2012. © 2013 SAP AG. All Rights Reserved. Page 24 of 25
  • 27. Bibliography II Luca Compagna, Pierre Guilleminot, and Achim D. Brucker. Business process compliance via security validation as a service. In Manuel Oriol and John Penix, editors, Testing Tools Track of International Conference on Software Testing, Verification, and Validation (Tools@icst). ieee Computer Society, 2013. Christian Wolter, Andreas Schaad, and Christoph Meinel. Deriving XACML policies from business process models. In Mathias Weske, Mohand-Said Hacid, and Claude Godart, editors, WISE Workshops, volume 4832 of Lecture Notes in Computer Science, pages 142–153. Springer-Verlag, 2007. © 2013 SAP AG. All Rights Reserved. Page 25 of 25
  • 28. © 2013 SAP AG. All rights reserved No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. Microsoft, Windows, Excel, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation. IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5, System x, System z, System z10, System z9, z10, z9, iSeries, pSeries, xSeries, zSeries, eServer, z/VM, z/OS, i5/OS, S/390, OS/390, OS/400, AS/400, S/390 Parallel Enterprise Server, PowerVM, Power Architecture, POWER6+, POWER6, POWER5+, POWER5, POWER, OpenPower, PowerPC, BatchPipes, BladeCenter, System Storage, GPFS, HACMP, RETAIN, DB2 Connect, RACF, Redbooks, OS/2, Parallel Sysplex, MVS/ESA, AIX, Intelligent Miner, WebSphere, Netfinity, Tivoli and Informix are trademarks or registered trademarks of IBM Corporation. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries. Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of Adobe Systems Incorporated in the United States and/or other countries. Oracle is a registered trademark of Oracle Corporation. UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group. Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc. HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C®, World Wide Web Consortium, Massachusetts Institute of Technology. Java is a registered trademark of Sun Microsystems, Inc. JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape. SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP BusinessObjects Explorer, StreamWork, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries. Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions, Web Intelligence, Xcelsius, and other Business Objects products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Business Objects Software Ltd. Business Objects is an SAP company. Sybase and Adaptive Server, iAnywhere, Sybase 365, SQL Anywhere, and other Sybase products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Sybase, Inc. Sybase is an SAP company. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary. The information in this document is proprietary to SAP. No part of this document may be reproduced, copied, or transmitted in any form or for any purpose without the express prior written permission of SAP AG. This document is a preliminary version and not subject to your license agreement or any other agreement with SAP. This document contains only intended strategies, developments, and functionalities of the SAP® product and is not intended to be binding upon SAP to any particular course of business, product strategy, and/or development. Please note that this document is subject to change and may be changed by SAP at any time without notice. SAP assumes no responsibility for errors or omissions in this document. SAP does not warrant the accuracy or completeness of the information, text, graphics, links, or other items contained within this material. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or non-infringement. SAP shall have no liability for damages of any kind including without limitation direct, special, indirect, or consequential damages that may result from the use of these materials. This limitation shall not apply in cases of intent or gross negligence. The statutory liability for personal injury and defective products is not affected. SAP has no control over the information that you may access through the use of hot links contained in these materials and does not endorse your use of third-party Web pages nor provide any warranty whatsoever relating to third-party Web pages. © 2013 SAP AG. All Rights Reserved. Page 26 of 25