The development of collaborative service ecosystem relies mostly on software services spanning multiple organisations so to provide agile support for business applications, extending the IT Cloud paradigm to the business level. Nevertheless, a lack of trust on such cloud organisation and the rather poor adaptability level of the current security policies are often seen as braking forces to such XaaS economy development. Removing this impediment involves re-thinking the security policy according to “due usage” requirements and setting security enforcement and regulations according to both the due usage and the runtime environment. To reach this goal, we propose a multidimensional resource protection framework depending on a policy model to manage “due usage” control in service/information aggregation, which provides compendious but comprehensive security governance for collaborative enterprise.