BPM & Security

The BPMInstitute.org have done a study about the Processes .. and they found that over 50% of the planned BPM projects will have processes that extend the firewall (as hey call it); and they mean that more than 50% of the processes will be executed in a non-trusted environment such as partners', suppliers' or customer's network.

and as the figure above shows 40% of the processes will include company confidential information.

T is another strong reason to include security requirements in BPM, if process include sensitive information and would be executed in a non-safe environment, information confidentiality, integrity and other security requirements need to be satisfied.

The BPMInstitute.org believes that the most important security aspects are:
- Protecting content from unauthorized access (Confidentiality).
- Assuring that the content came from the stated author (Authentication).
- Detecting unintentional or malicious altering of content (Integrity).
- Maintaining the document security throughout the execution of the process (Continuity).

CSI/FBI Computer Crime and Security survey shows that 33% of the 700 participating enterprise suffered from unauthorized access, and 3% from information theft. These 2 types of violations were ranked 2nd and 3rd only behind viruses, and they totaled a lose of $62.1 million out of the total cost of 13 different violation type was $130.1 million.


Resource:
BPM & Security, BPMInstitute.org. 2006.