BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
PaaSword - No More Dark Clouds with PaaSword
1. www.paasword.eu
No More Dark Clouds with PaaSword
Dr. Simone Braun
CAS Software AG
PaaSword CS-IFG Workshop
Nov 10, 2016, Athens, Greece
2. PaaSword: An Innovative
Cloud Security-by-Design Framework
Address security and data privacy concerns in a holistic way:
Safeguard personal & business data in the cloud
Protect the data persistency layer and the database itself
Support cloud application developers
Thus,
Bolster trust of individuals & corporate customers
Accelerate adoption of cloud computing technologies
Accelerate a paradigm shift in European industry towards security and privacy
PaaSword10/11/2016 2
3. Cloud Paradigm Shift
Cloud paradigm has definitely prevailed in mass market
However, many companies are still cautious using Cloud
services due to security concerns
Applications and storage volumes often reside next to potentially
hostile virtual environments
Significant legal and financial consequences if data confidentiality
is breached
310/11/2016 PaaSword
4. Cloud Adoption Chasm Curve
Crossing the chasm for
Cloud adoption is still
relevant for
enterprises despite its
compelling benefits
<20% enterprise
applications run on the
Cloud [1]
41% report security
concerns as significant
challenge [1]
PaaSword10/11/2016 4
Mass
market
Cloud
Services
[1] RightScale, “State of the cloud report,” RightScale, 2015.
5. Security Challenges in the Cloud
Top threats identified (CSA, 2016) are:
Data Breaches
Weak Access Management
Insecure APIs
Account Hijacking
‘Raw data’ are the modern hacker’s holy grail
The responsibility for the protection of data has shifted to
the developer
510/11/2016 PaaSword
6. How shall we lower the barriers?
Security concerns
Protect confidential information
Control access
Trust cloud provider
Secure Cloud Applications
Data privacy
Secure storage
Encryption
Trustable Key Management
Control Access to data
PaaSword
10/11/2016
6
PaaSword
7. PaaSword Features
Create a security-by-design framework
which will allow developers to engineer
secure applications
Leverage the security and trust of data
that reside on outsourced infrastructure
Facilitate context-aware access to
encrypted and (even) physically
distributed datasets stored in the cloud
Prove applicability, usability,
effectiveness and value of our framework
in real-life Cloud infrastructures, services
and applications
10/11/2016 8
PaaS Provider
PaaSword API
DB with
Indexers on encrypted data
Queries using Searchable
Trusted IaaS Provider
Adversary
User
Developer
Publishes Application
Encryption Scheme
using PaaSword API
encrypted data
PaaSword
8. A Holistic Data Privacy and
Security-by-Design Framework
Higher privacy with distributed searchable encryption at DB
layer
Increased user control and less dependency on cloud
provider with tenant-controlled Key Management
Appropriate access control with context-awareness and
flexible Policy Management
Easier development of secure cloud applications for non-
security experts with comprehensive Annotation Framework
Making cloud solutions more attractive and ready for the EU
General Data Protection Regulation
10/11/2016 9