Technologiebeiträge zu Sicherheit und Compliance im Business WebVolkmar LotzPractice Lead Security&Trust, SAP Research
The Business WebA New Platform to Support Service Driven Business Ecosystems
© 2011 SAP AG. All rights reserved. 3
A Shift in the App / Service Market
Number of Apps
Num
ber
of C
lient
s / R
even
ue p
er A
pp
New Apps & Services with
different Characteristics and
new Business Model
New Apps & Services with
different Characteristics and
new Business Model
Traditional Apps and Business
Model
Traditional Apps and Business
Model
© 2011 SAP AG. All rights reserved. 4
Networked Business in the Internet of Services and the Cloud
Consumer In Store
Service Delivery Platformover the Cloud
ConsumerIn Transit Consumer
Online
Product Sales Rep
Retailer
CustomsProduct Supplier Logistics
Provider
© 2011 SAP AG. All rights reserved. 5
The Business Web
Compliance Challenges for the Business Web
© 2011 SAP AG. All rights reserved. 7
Compliance principles trade-off with Business Web Principles?
Compliance Principles
• Control
• Transparency
• Auditability
• Responsibility
Business Web Principles
• (Limited) Trust
• Virtualisation
• Distribution
• Collaboration
• Exposure
• Flexibility
© 2011 SAP AG. All rights reserved. 8
Security and Compliance Characteristics of the Business Web
Sharing & Collaboration
Access Control Usage Control
Data Owners’ policies vs. data processors’ policies
Limited Trust
Assure Trustworthiness
From local to global enforcement
From system-centric view to data-centric view
Support Compliance through Technology Drivers:
• How to impose control
• How to collaborate in limited trust environments
Technology Drivers for Compliance in the Business Web
© 2011 SAP AG. All rights reserved. 10
Data-centric Security: Sticky Security and Privacy Policies Travel with Data and Keep the Data Owner in Control
SPACESPACE
AppApp
Policy EditorPolicy Editor
Obligations Enforcement
Engine
Obligations Enforcement
Engine
PPL Engine
PPL Engine
Action HandlerAction
Handler
App-on-SPACEApp-on-SPACEPrivacy-Catalog
Category Mapping
Privacy-Catalog Category Mapping
Consumer Privacy Choice
Consumer Privacy Choice
JDBC Wrapper
JDBC Wrapper
JDBCSQL
Limitation: Need to own / trust the platform provider
Sticky Policy and Access Control Engine (SPACE) Architecture
© 2011 SAP AG. All rights reserved. 11
Privacy-Preserving Computing: Secure Benchmarking –Compute without Disclosing your Sensitive KPIs
© 2011 SAP AG. All rights reserved. 12
Degree of Enforcement: Technical View
© SAP 2007 /
Service Consumer
ServiceProvider
& Infrastructure
ServiceProvider
ServiceInfrastructure
1 2
Control
ServiceProvider
3
(V)TCB
Thank You!