Why are business processes not secure?

Security is simple to understand but hard to ensure. In the times of Internet, this task has been becoming harder every day. To date, computer science has not solved how to prevent the misuse of business processes. While data objects can be protected, a process cannot. The reason is the security of a process depends not only on its individual accesses and can only be accessed upon the process' termination or when cast into the context of other processes. Many unbelievable scandals encompassing sophisticated and powerful players, from Microsoft to Sony and credit card operators, from leakages in governments to cyber crime and war attacks could not be prevented despite heavy investment in security. The claim here is that the way in which computer science deals with security does not apply to processes. The key discipline in security is cryptography, where the laureate Prof. Buchmann got his distinction from. This paper is about how cryptography can be applied as a basis to automate security and give participants in a market an equal position and prevent fraud. To complicate the issue, the goal is security in business processes. The reason is obvious. If one makes mistakes or vulnerabilities are left uncovered, huge fraud incidents might happen, the stockowners rebel, the government complains and employees are, in the worst case, deprived from their pension. This is a real, sensitive issue, with unclear solutions, ambivalent in nature, but rigorous in punishment. The issue is not just to protect, but also to deter bad things, such as criminal intents. The option to judge people's intentions is not an option for mankind; it is not an option though for computer science. We need to automate security and establish procedures that, upon the event of misuse, ascertain accountability. © Springer-Verlag Berlin Heidelberg 2013.