Creating Customer Portals with Sensitive Personal Data without Compromising Security

  • TYPE: Combined Session DATE: Wednesday, May 15, 2013 TIME: 11:30-12:30 LOCATION: AMMERSEE 2


This is a real life case study about how CSS implemented the security for a customer and sales portal using a Federated Identity Provider, 2 factor SSO with SAML, and attribute based access control on the SOA mediator between portal and backend using XACML.

CSS has a well established SOA backend with Role Based Access Control: Employees are assigned to one or more roles, based upon which access to varying levels of customer data is granted. However, when opening up such an IT system to customers via an online portal, access control becomes a more delicate issue. If customers are to gain access to only their and their dependent family´s data, a new layer of security is required to protect sensitive data in the backend.

You´ll gain insight in to some of the implementation issues we had along the way and how we overcame them.


For organizations that deal with sensitive information on a daily basis, and work with people and organizations located around the world, preventing information leaks is a top priority. There are many ways that sensitive data can leak from organizations, however the insider threat remains the hardest to quantify and resolve.

G4S discovered that before they could improve their data loss prevention efforts and effectively protect sensitive information, they needed to be able to answer other significant questions about the data itself, including:

  • What data needs to be protected?
  • Who can best identify the sensitivity of the data?
  • Where is our most important data residing?
  • Where is our data going? Should our data be going there?

In this session, Boris Goncharov, CISO and CTO with G4S Bulgaria and TITUS Chief Technology Officer Stephane Charbonneau will discuss specific ways in which organizations can improve their DLP practices in order to help prevent both accidental and malicious losses of sensitive information.


Stephane Charbonneau serves as Chief Technology Officer for TITUS. His background as an IT Security Architect helps bridge the gap between customer requirements and the product suites offered by the organization. Steph has significant experience in working with large international organizations...

IT & Information Security Manager of G4S Bulgaria with more than 12 years in the Information Security, Risk Management and IT Governance areas. Experienced in Information Security strategic planning, developing corporate security programs, Corporate & Information Risk Management,...

Log in to download the presentation:  


Session Links


European Identity & Cloud Conference 2013

Registration fee:
€1980.00 $2475.00 S$3168.00 21780.00 kr
Mastercard Visa American Express PayPal INVOICE
Contact person:

Mr. Levent Kara
+49 211 23707710
  • May 14 - 17, 2013 Munich/Germany