De-perimeterisation as a cycle: tearing down and rebuilding security perimeters

If an organisation wants to secure its IT assets, where should the security mechanisms be placed? The traditional view is the hard-shell model, where an organisation secures all its assets using a fixed security border: What is inside the security perimeter is more or less trusted, what is outside is not. Due to changes in technologies, business processes and their legal environments this approach is not adequate anymore.\ud This paper examines this process, which was coined de-perimeterisation by the Jericho Forum.\ud In this paper we analyse and define the concepts of perimeter and de-perimeterisation, and show that there is a long term trend in which de-perimeterisation is iteratively accelerated and decelerated. In times of accelerated de-perimeterisation, technical and organisational changes take place by which connectivity between organisations and their environment scales up significantly. In times of deceleration, technical and organisational security measures are taken to decrease the security risks that come with de-perimeterisation, a movement that we call re-perimeterisation. We identify the technical and organisational mechanisms that facilitate de-perimeterisation and re-perimeterisation, and discuss the forces that cause organisations to alternate between these two movements

Knowledge-Intensive Processes: Characteristics, Requirements and Analysis of Contemporary Approaches

Engineering of knowledge-intensive processes (KiPs) is far from being mastered, since they are genuinely knowledge- and data-centric, and require substantial flexibility, at both design- and run-time. In this work, starting from a scientific literature analysis in the area of KiPs and from three real-world domains and application scenarios, we provide a precise characterization of KiPs. Furthermore, we devise some general requirements related to KiPs management and execution. Such requirements contribute to the definition of an evaluation framework to assess current system support for KiPs. To this end, we present a critical analysis on a number of existing process-oriented approaches by discussing their efficacy against the requirements

Rethinking De-Perimeterisation: Problem Analysis And Solutions

For businesses, the traditional security approach is the hard-shell model: an organisation secures all its assets using a fixed security border, trusting the inside, and distrusting the outside. However, as technologies and business processes change, this model looses its attractiveness. In a networked world, “inside” and “outside” can no longer be clearly distinguished. The Jericho Forum - an industry consortium part of the Open Group – coined this process deperimeterisation and suggested an approach aimed at securing data rather than complete systems and infrastructures. We do not question the reality of de-perimeterisation; however, we believe that the existing analysis of the exact problem, as well as the usefulness of the proposed solutions have fallen short: first, there is no linear process of blurring boundaries, in which security mechanisms are placed at lower and lower levels, until they only surround data. To the contrary, we experience a cyclic process of connecting and disconnecting of systems. As conditions change, the basic trade-off between accountability and business opportunities is made (and should be made) every time again. Apart from that, data level security has several limitations to start with, and there is a big potential for solving security problems differently: by rearranging the responsibilities between businesses and individuals. The results of this analysis can be useful for security professionals who need to trade off different security mechanisms for their organisations and their information systems

A Declarative Framework for Specifying and Enforcing Purpose-aware Policies

Purpose is crucial for privacy protection as it makes users confident that their personal data are processed as intended. Available proposals for the specification and enforcement of purpose-aware policies are unsatisfactory for their ambiguous semantics of purposes and/or lack of support to the run-time enforcement of policies. In this paper, we propose a declarative framework based on a first-order temporal logic that allows us to give a precise semantics to purpose-aware policies and to reuse algorithms for the design of a run-time monitor enforcing purpose-aware policies. We also show the complexity of the generation and use of the monitor which, to the best of our knowledge, is the first such a result in literature on purpose-aware policies.Comment: Extended version of the paper accepted at the 11th International Workshop on Security and Trust Management (STM 2015

Business process management tools as a measure of customer-centric maturity

In application of business process management (BPM) tools in European commercial sectors, this paper examines current maturity of customer centricity construct (CC) as an emerging dimension of competition and as a potential strategic management direction for the future of business. Processes are one of the key components of transformation in the CC roadmap. Particular departments are more customer orientated than others, and processes, customer-centric expertise, and approach can be built and utilized starting from them. Positive items within a current business process that only involve minor modification could be the basis for that. The evidence of movement on the customer-centric roadmap is found. BPM in European telecommunications, banking, utility and retail sector supports roadmap towards customer-centricity in process view, process alignment and process optimization. However, the movement is partial and not flawless, as BPM hasn’t been inquired for supporting many of customer-centric dimensions

Organizational Primacy after the Demise of the Organizational Career: Employment Conflict in a Post-Standard Contract World

[Excerpt] There is a contradiction at the heart of dispute resolution in the contemporary workplace. The locus of determination of the terms and conditions of employment, including processes for the resolution of disputes concerning these terms and conditions, has become increasingly decentralized to the organizational level, at the same time that long term attachment of employee careers to these same organizations has been diminishing. The result is a disconnect between the nature of current employment disputes, which increasingly involve issues relating to entry to and exit from relationships with organizations, including questions of the formation and content of employment contracts, and dispute resolution procedures that assume membership within an organizational community and acceptance of its rules and norms. In this paper, I examine these two trends in employment dispute resolution and explore the tensions between them. I begin by discussing the increase in organizational ordering of terms and conditions of employment and how it is reflected in the development of organizationally focused dispute resolution mechanisms. Then I turn to examining examples of types of growing employment conflicts that revolve around issues relating to the formation and termination of employment relationships. Following this, I conclude by discussing how dispute resolution procedures and systems might be re-envisioned to better fit a world in which standard long-term employment contracts with a single organization are no longer the paradigmatic model

Data in Business Process Models. A Preliminary Empirical Study

Traditional activity-centric process modeling languages treat data as simple black boxes acting as input or output for activities. Many alternate and emerging process modeling paradigms, such as case handling and artifact-centric process modeling, give data a more central role. This is achieved by introducing lifecycles and states for data objects, which is beneficial when modeling data-or knowledge-intensive processes. We assume that traditional activity-centric process modeling languages lack the capabilities to adequately capture the complexity of such processes. To verify this assumption we conducted an online interview among BPM experts. The results not only allow us to identify various profiles of persons modeling business processes, but also the problems that exist in contemporary modeling languages w.r.t. The modeling of business data. Overall, this preliminary empirical study confirms the necessity of data-awareness in process modeling notations in general

SDN/NFV-enabled satellite communications networks: opportunities, scenarios and challenges

In the context of next generation 5G networks, the satellite industry is clearly committed to revisit and revamp the role of satellite communications. As major drivers in the evolution of (terrestrial) fixed and mobile networks, Software Defined Networking (SDN) and Network Function Virtualisation (NFV) technologies are also being positioned as central technology enablers towards improved and more flexible integration of satellite and terrestrial segments, providing satellite network further service innovation and business agility by advanced network resources management techniques. Through the analysis of scenarios and use cases, this paper provides a description of the benefits that SDN/NFV technologies can bring into satellite communications towards 5G. Three scenarios are presented and analysed to delineate different potential improvement areas pursued through the introduction of SDN/NFV technologies in the satellite ground segment domain. Within each scenario, a number of use cases are developed to gain further insight into specific capabilities and to identify the technical challenges stemming from them.Peer ReviewedPostprint (author's final draft