B2B Confidentiality Agreement

Document Sample
B2B Confidentiality Agreement Powered By Docstoc
					    ZERO-KNOWLEDGE                PRIVACY BY DESIGN CONFERENCE




R




    Trust
    The foundation for value in B2B e-marketplaces
    The business case for privacy in B2B e-marketplaces



    Alex Todd
    Senior Trust Solutions Consultant
    Global Trust Acceleration Center
    IBM Global Services
    atodd@ca.ibm.com
    atodd@ca.ibm.com
    416- 410-
    416-410-4754
This presentation will show how privacy
enables trust, which is critical for B2B e-                       R


marketplaces to achieve business objectives

! Trust is strategic to achieving business objectives
! Establishing trust is more valuable than ensuring trust
! Trust can be maximized using a structured approach
! Specialized trust enabling services are required to establish
  and ensure trust
! Privacy is a critical prerequisite to establishing trust




    ZERO-KNOWLEDGE      PRIVACY BY DESIGN CONFERENCE
A B2B e-marketplace is a trusted electronic
facilitator of commercial activity                     R




!   Safe
!   Convenient
!   Valued




    ZERO-KNOWLEDGE      PRIVACY BY DESIGN CONFERENCE
All participants' objectives can be satisfied
with either an e-marketplace stickiness or                                        R


liquidity strategy

! Stickiness protects ASSETS                ! Liquidity enables DECISIONS
    ! quickly collaborate and                  ! provide a new, collaborative
      communicate throughout the                 mechanism for forming and
      supply chain and quickly replenish         growing supply chain
      directly to the store shelf;               relationships on the Internet;
    ! access inventory levels and              ! make informed available-to-
      supplier capacity;                         promise commitments;
    ! facilitate the replacement of paper      ! leverage diversion,
      for office supplies purchases;             postponement, and optimization
    ! gain operational efficiencies by           techniques across the supply
      streamlining business processes;           chain;
    ! optimize inventory positions;            ! maximize assortments of local
    ! obtain cost savings on purchased           execution; and
      goods and services;                      ! improve merchandise planning &
    ! reduce administrative costs; and           execution.
    ! optimize production capacity.




   ZERO-KNOWLEDGE             PRIVACY BY DESIGN CONFERENCE
Liquidity strategies open the possibilities for
maximizing B2B e-marketplace value                                                 R




!   Stickiness strategies save costs      !   Liquidity strategies grow business
    savings 10% - 15%                         value 100% - 150%
!   Signs of a Stickiness                 !   Signs of Liquidity
     !   efficiency                            !   effectiveness
     !   cost reduction                        !   business growth
     !   automation                            !   decision support
     !   private markets                       !   public/open markets
     !   consortiums                           !   pure play markets
     !   seller-centric strategy
         seller-                               !   buyer-
                                                   buyer-centric strategy




    ZERO-KNOWLEDGE                 PRIVACY BY DESIGN CONFERENCE
Security and Trust enable B2B e-marketplace
Stickiness and Liquidity                                                R




Security protects                      Trust empowers
    !   Mitigates risk                    !   Enhances value
    !   Loss of trust                     !   Pooling of trust
    !   Limits choice                     !   Encourages diversity
    !   Objective reliability             !   Accurate predictability
    ! Enables Stickiness                  ! Enables Liquidity




  ZERO-KNOWLEDGE                PRIVACY BY DESIGN CONFERENCE
All trust decisions can be facilitated by
applying a Trust Framework to establish and                                                                                                                                 R


ensure trust

                                                Verification
                                                  Decision Initiation
                                                                                                                   Ide
                                                                                                                         ntit
                                           s                                                                                     y
                                    e   die
                                m
                              Re




                                                                                                                                       Co
                                                                                                                                         nte
                                                                                                                                            xt
                                                             Risk Refinement

                                                                               Trust Refinement
            Infrastructure
              Security &




                               Ensure                                                                     Establish
                               Trust                                                                      Trust




                                                                                                                                                 n  tio
                                                                                                                                             lifica
                                                                                                                                         Qua
                                                                                                           Time

                                                                                              Context                Time


                             Ris
                                   kM                                                   Distance                         Trust




                                        an                                                        Trust              Trust

                                           a   ge                                                          Trust


                                                                                                                           on
                                                  m   en                                                           re gati
                                                         t                                                Agg


                                                                                                                                         Gerck,
                                                                                                                                     (Ed Gerck, Internet security expert)

  ZERO-KNOWLEDGE                               PRIVACY BY DESIGN CONFERENCE
An example of how the Trust Framework can
be applied to making trust decisions for a                                                                                                                                                                R


transaction, such as a purchase order
                                                                                                                                                          Privacy



                                                                                 Enforce                                                                                  Identify
                                                                                  (Who's liable?)
                                                                                  (Who's liable?)                                                                            (Who)
                                                                                                                                                                             (Who)
        Disputability                                   Verification
                                                          Decision Initiation
                                                                                                                                                                                            Secrecy
                                                                                                                        Ide
                                                                                                                           ntit
                                                                                                                                     y
                                               i   es
                                            ed
                                           m
                                        Re




                                                                                                                                          Co
                                                                                                                                            n te
                                                                                                                                                xt
                                                               Risk Refinement

                                                                                 Trust Refinement
                            Security




                                          Ensure                                                              Establish

               Rely                       Trust                                                               Trust




                                                                                                                                                     n
                                                                                                                                               icatio
                                                                                                                                                                                         Signify
                                                                                                                                               lif
                                                                                                                                            Qua
                                                                                                                Time




               (Why not?)
               (Why not?)              Ris
                                          k   Ma
                                                                                                    Context




                                                                                            Distanc e
                                                                                                                          Time




                                                                                                                             Trust




                                                na
                                                  ge
                                                                                                     Trust

                                                                                                                Trust
                                                                                                                          Trust




                                                                                                                                     on
                                                                                                                                                                                          (What)
                                                                                                                                                                                          (What)
                                                    me                                                                ati
                                                      nt                                                          reg
                                                                                                              Agg




       Acceptability
                                                                                                                                                                                           Refutability

                                                            Fortify                                                                                                    Verify
                                                                                 (Why)
                                                                                 (Why)                                                                                (Where/When/How)
                                                                                                                                                                      (Where/When/How)



                                                                                                                                                     Accountability




  ZERO-KNOWLEDGE                                                                                              PRIVACY BY DESIGN CONFERENCE
E-marketplaces can maximize their value by
acting as a “benevolent node” that also                                                                                                                              R


provides services for establishing trust

! Trust Ensuring Services                                                                                    ! Trust Establishing Services
    !   Governance                                                                                                                   !   Witness Related Services
    !   Assurance                                                                                                                    !   Expert/Authority Services
    !   Risk Mitigation and                                                                                                          !   Introduction Services
        Infrastructure

                                                          Verification
                                                           Decision Initiation
                                                                                                                            Ide
                                                                                                                                ntit
                                                    ies                                                                              y
                                                 ed
                                             m
                                           Re




                                                                                                                                          Co
                                                                                                                                             nte
                                                                                                                                                xt
                                                                                   Trust Refinement
                                                                 Risk Refinement
                         Infrastructure
                           Security &




                                            Ensure                                                                 Establish
                                             Trust                                                                  Trust




                                                                                                                                                tion
                                                                                                                                              lifica
                                                                                                                                            Qua
                                                                                                                    Time

                                                                                                         Context             Time



                                          Ri
                                            sk                                                        Distance                  Trust



                                               Ma
                                                  na                                                      Trust              Trust




                                                     ge                                                                     ion
                                                                                                                    Trust




                                                       me                                                                gat
                                                         nt                                                        Agg re




  ZERO-KNOWLEDGE                           PRIVACY BY DESIGN CONFERENCE
Many organizations are starting to provide
trust enablement solutions                                                                                                                                                                                                                R




Trust Ensuring Services                                                                                                                                                     Trust Establishing Services
! Governance                                                                                                                                                                                            ! Witness Related
     ! of the e-marketplace
              e-
                                                                                                                                                                                                            ! Witness/Verification
         ! FTC
                                                                                                                                                                                                                ! Bureau Veritas, SGS
                                                                                                                                                                                                                            Veritas,
     ! by the e-marketplace
              e-
                                                                                                                                                                                                            ! Decision Support
         ! SquareTrade
                                                                                                                                                                                                                ! InfoRay
!   Assurance
     ! Agreement management                                                                                                                                                                             ! Expert/Authority
         ! Menerva                                                                                                                                                                                          ! Quality Assurance
     ! Underwriting                                                                                                                                                                                             ! Verisign, E&Y, TRUSTe
         ! AIG                                                                                                                                                                                              ! Awareness
     ! Risk Sharing                                                                                                                                                                                             ! PNLTV.com
!   Risk Mitigation and Infrastructure                                                                                                                                                                      ! Context/Relevance
     ! Security                                                                                                                                                                                                 ! Gartner, Forrester
                                                                                                                                                                                                                    Gartner,
         ! IBM, ZeroKnowledge
                                                                                                                                                                                                        ! Introduction services
     ! Infrastructure
                                                                                    Verification


         ! webMethods                                                     m
                                                                           ed
                                                                             ies
                                                                                      Decision Initiation
                                                                                                                                                        Ide
                                                                                                                                                           ntity


                                                                       Re
                                                                                                                                                                      Co




         ! TradeCard
                                                                                                                                                                         nte
                                                                                                                                                                          xt
                                                                                             Risk Refinement

                                                                                                               Trust Refinement
                                                           Security




                                                                         Ensure                                                               Establish
     ! Trust Introduction                                                Trust                                                                Trust
                                                                                                                                                                               ation
                                                                                                                                                                             lific
                                                                                                                                                                         Qua




                                                                                                                                                Ti me

                                                                                                                                  Cont ext                Ti me



                                                                      Ris
                                                                          k   Ma
                                                                                                                          Dist a nc e                         Trust




                                                                                na                                                 Trust                  Trust




                                                                                  ge                                                                          on
                                                                                                                                                Trust




                                                                                     me                                                           re      gati
                                 Critical Risk
                                                                                        nt                                                    Agg                                     Critical Trust
                                 Risk = Cost of maintaining a given level of risk                                                            Opportunity = Cost of maintaining a given level of trust




    ZERO-KNOWLEDGE                 PRIVACY BY DESIGN CONFERENCE
To establish trust in the information being
relied upon, Extrinsic and/or Intrinsic sources                                  R


of trust are required


           Trust
           Trust




                                Intrinsic sources
                               (witness or verifier)

                                Extrinsic Sources
                               (authority or expert)

                                                Time
                                             Studio Archetype and Cheskin Research

   ZERO-KNOWLEDGE       PRIVACY BY DESIGN CONFERENCE
Privacy must be protected before sufficient
information will be shared with witnesses and                                                                                                                                                         R


verifiers to fuel the trust introduction process
                                                                          Participants
                                                                          Participants

                                            er                                                                                                       Sell
                                        Buy                                                                                                              er
                                                                      Transactions
                                                                      Transactions
                                                                            IIden
                                                                              dent
                                                        t ve
                                                      ctiiv e                     tiity//A
                                                                                     ty An
                                                 orre c
                                                  orre                                     nony
                                                C
                                                C
                                                                              Pr            onym
             Bod ning
                                                                 Trust Services
                                                                 Trust Services                 miity
                                                                                                   ty




                                                                                                                                                                                       App ovider
                                                                                 iva
                y




                                                                                                                                                                                         Pr
              ver



                                                                                     cy




                                                                                                                                                                                          lica
                                                              Trust Framework
                                                              Trust Framework




                                                                                                                                                                       Cre
                                                                                                                                                                       Cre
                                                                                                         Privacy
            Go




                                  on
                               tiion
                        Resi spu e
                        Res sputte




                                                                                                                                                                                               tion
                                                                                                                                                                           den
                                                                                                                                                                           den
                           ollu t
                                                                                                                            Ide
                           ou
                                                             Enforce




                                                                                                                                         Co
                                                                                                                               ntity
                                                                                                                                        Identify




                                                                                                                                           nte




                                                                                                                                                                               tiial
                                                                                                                                                                               t al
                                                             ies




                                                                                                                                              xt
                                                                                                                   Refinement
                                                                         Verification                                                       (Who)
                                                           ed (Who's liable?)
                          Di




                                                                               Security
                                                          m
                          D



                                        Disputability   Re                 Decision Initiation
                                                                                                                                                        Secrecy




                                               Rely                                                                                                   Signify
                                              (Why                              Break                                            Make
                                              not?)                             Trust                                            Trust                 (What)




                                                                  Refinement




                                                                                                                           ion
                                                               Ris
                        Dec pport
                        Dec port




                                                                   k




                                                                                                                   lific at
                                                                          As
                                                                             s




                                                                                                                                                                                 g
                                                                                          es
                         Sup




                                                                                                                                                                               ng
                         Su




                                                                                             s   me




                                                                                                                Qua




                                                                                                                                                                                                ser
                                                                                                   nt




                                                                                                                                                                           ckiin
            Ser ider




                                                                                                                   n
                           iisiio




                                       Acceptability                                                           atio
                                                                                                           reg




                                                                                                                                                                           ck
            Pro




                             s on




                                                                                                        Agg                                             Refutability




                                                                                                                                                                                              er U
                                                                                                                                                                       Tra
                                                          Fortify                                                                      Verify




                                                                                                                                                                       Tra
               vice



                                  n
                v




                                                             (Why)                                                                (Where/When/How)




                                                                                                                                                                                           Oth
                                                                                                  Accountability


                                          Man Riisk
                                          Man R sk                                                                                                ting
                                                                                                                                               dat i
                                                                                                                                                     ng
                                             age
                                             agem                                                                                         alliid a
                                                                                                                                         Va
                                                                                                                                         V
                                                  men
                                                    ent
                                                      t

                           Othe                                                                                                                               e
                               r Sta                                                                                                                     plac
                                    keho
                                                                                                                                                   Market
                                        ld              er



   ZERO-KNOWLEDGE                         PRIVACY BY DESIGN CONFERENCE
A reliable privacy infrastructure is a critical
prerequisite to becoming accepted as a                                  R


"benevolent node" within an e-marketplace

! Privacy
    ! the right of individuals to determine for themselves when, how,
      and to what extent information about them is used and
      communicated to others
! Protection
    ! Legislation for individuals
    ! Contracts for businesses
! OECD Principles
    !   Openness                       !   Accountability
    !   Disclosure                     !   Collection Limitations
    !   Use Limitations                !   Use Limitations
    !   Verification                   !   Participation
    !   Security



   ZERO-KNOWLEDGE         PRIVACY BY DESIGN CONFERENCE
Privacy policies and agreements cannot be
completely trusted without good security                 R




 ! Privacy
    ! Secondary purposes
    ! Unknown or unapproved use

                                     Privacy

 ! Information Security
    ! Confidentiality
    ! Integrity                   Information
    ! Availability
                                    Security
  ZERO-KNOWLEDGE          PRIVACY BY DESIGN CONFERENCE
A Public-key Infrastructure (PKI) protects parties
from impostors and transaction denials, and their                 R

information from unintended use and alteration




                                    PKI
                      Transaction Security


         Participant Credentials          Information Security
              !   Identity                    ! Confidentiality
              !   Authenticity                ! Integrity
              !   Authority
              !   Non-repudiation




   ZERO-KNOWLEDGE           PRIVACY BY DESIGN CONFERENCE
However, for protecting privacy, a PKI can be
a mixed blessing                                                 R




  Good News                         Bad News
! Confidentiality services       ! Identity authentication
  protect privacy                  services disclose behavior



 Privacy requires a PKI that protects the anonymity of content
          and thereby enforces collection limitations




  ZERO-KNOWLEDGE         PRIVACY BY DESIGN CONFERENCE
IBM is interested in helping e-marketplaces
and their participants to realize their                                                     R


stickiness and liquidity objectives

! Trading Networks Offerings
    ! e-Marketplace Visioning and Strategy Workshop
    ! Trading Networks Solution Outline
    ! e-Marketplace Implementation Quick Start
! Trust, Privacy, PKI and Security Services

           Assess         Plan                 Design       Implement           Run

         Trust      • Workshop            • Process Dev't   Prod Selection   Internet ERS
         Privacy       • Trust                • Privacy     and Product
         PKI           • Privacy              • PKI           Implementati   Managed
         Security      • PKI                  • Security      on             Firewall
                       • security         • Awareness &     • PKI
                    • Policy Definition     Training        • Security
                       • Privacy              • Privacy
                       • PKI                  • PKI
                       • Security         • Security
                                          • Architectures
                                            & Solution
                                            Design
                                              • Privacy
                                              • PKI
                                              • Security


  ZERO-KNOWLEDGE               PRIVACY BY DESIGN CONFERENCE
Privacy directly contributes to maximizing
the business value of B2B e-marketplaces                         R




! Stickiness and liquidity are the business objectives
! Security and trust enable stickiness and liquidity
! A Trust Framework provides a systematic approach to building
  trusted communities
! Trust enabling services implement the Trust Framework
! Privacy protection promotes information sharing with trust
  enabling services, thereby increasing their value
! Security is required to ensure privacy and PKI can help
! Security is the necessary starting point
! Trust is the destination




   ZERO-KNOWLEDGE       PRIVACY BY DESIGN CONFERENCE
Questions?                                           R




                         Alex Todd
             Senior Trust Solutions Consultant
             Global Trust Acceleration Center
                   IBM Global Services
                    atodd@ca.ibm.com
                       416-410-4754




  ZERO-KNOWLEDGE      PRIVACY BY DESIGN CONFERENCE

				
DOCUMENT INFO
Description: B2B Confidentiality Agreement document sample