Enterprise security pattern: A model-driven architecture instance

To secure their information assets, organizations should seek support from enterprise security architectures. Security patterns are a good way to build and test new security mechanisms, but they have some limitations related to their usability. In previous work, we defined a new type of security pattern called Enterprise Security Pattern. The main objective of these patterns is to provide an instance of model-driven architecture, which offers a solution to recurring problems that have to do with information systems security. In recent years, the hiring of Software as a Service (SaaS) from cloud providers has become very popular. There seem to be many advantages of using these services, but organizations need to be aware of a variety of threats, as well as being prepared to handle them. In another work undertaken previously, we defined an enterprise security pattern called Secure Software as a Service (Secure SaaS), which the organizations could apply to protect their information assets when using SaaS. In this paper, we present different instances of the solution models of the enterprise security pattern Secure SaaS, aiming to verify the risks that an organization would assume if each of the instances were deployed. With this approach, we intend to show how the design decisions adopted when performing the transformations between the solution models can have a direct impact on the security provided by the pattern.