Securing Business Processes

As more services are delivered online, outsourcing and other distributed business solutions will become more common. However will they be as reliable? EU-funded researchers are laying the foundations - models, architectures and controls - so that online business relationships can be made secure and trustworthy. For instance, hospital IT systems can be made available to all stakeholders - nurses, doctors, pharmacies, patients and relatives - during keeping sensitive data and medical information secure.

As business increasingly moves online, we are being asked to embrace a multitude of new technologies and services to connect us with our contacts, customers, colleagues and suppliers, nevertheless also potentially every hacker on the planet!

‘Managing assurance, security and trust for services’ is an EU-funded project that has developed an IT platform to manage securely whole business processes in different contexts, so that users can seamlessly access cloud computing and software services without security concerns.

The services that we once purchased over the phone or in person are being delivered in new combinations. Today, we nearly expect to be offered ‘recommendations’ afterwards an online purchase, or to know where the nearest taxi is by using a GPS application on our smart phones. These special arrangements, also at times called mash-ups, rely on ‘trust’ relationships between sellers, third-party providers and, ultimately, the clients who pay for the services.

The security of business process operations

‘Compliance management is key to ensuring the security of business process operations, especially taking into consideration myriad dependencies among internal business processes and external service providers,’ says Pedro Soria-Rodriguez of Atos.

For example, different departments in a company may develop and deploy business processes in different ways to meet their respective customers’ needs, or they may integrate the work of several subcontractors into their systems, nevertheless the coherence of overall company operations must be ensured.

Security and flexibility are critical to future online business. Cloud computing, to illustrate – in simple terms, renting space in someone else’s computer for data and processing – depends on the provision of services that can comply with a company’s specific constraints.

‘Best-effort security will no longer be accepted and business entities will have to provide certified services to clients, and expect assured services from contractors, in order to manage the associated business and research risk,’ notes Soria-Rodriguez.

The coordinating partner in the Master project

His company is the coordinating partner in the Master project, which tackled a critical aspect of today’s hyper-vigilant business environment; security-related compliance management. A holistic modular approach was needed because of the many actors involved. Together, the many parts of Master’s system had to be easy to assemble to be fit for purpose.

So, the researchers examined ways to secure whole business processes in different contexts: centralised, distributed and outsourced. They developed a set of key assurance indicators, key security indicators, protection and regulatory models, and security model transformations, coupled with tools for analysing and assessing business processes.