Introduction
Data is the essence of all business operations. Be it Human Resource, Financial documentation, Materials Management or Planning, the commonality between all these departments is that they share data.Enterprise Resource Planning (ERP) platforms enable various departments to talk to each other and exchange data between each other and authorized outsiders to drive operations. While this helps drive operations, on the flip side, there is the need to keep data secure at all times and in all hands.Nowadays, organizations and their leadership are giving ‘due importance’ to data security. Unfortunately, they assume, often incorrectly, that traditional IT security practices of firewall, anti-virus along with password-protection practices would suffice.Nothing could be farther from the truth. It is well known that amongst the greatest threat to data is not from hackers and malware, but by trusted ‘insiders’ who may be at any level in the corporate from employees to the leadership. Securing data from theft and misuse is, naturally, a growing concern of CIOs and CISOs.
Here are five popular use cases of how data is secured in across departments in an SAP environment
1. Human Resources Department – 50 UsersBusiness Challenges:
Ever–changing HR compliance laws such as OSHA and FSLA leave the company constantly at risk of violation due to lack of time and resources devoted to the growing challenges.Previous hacker attempt proves systems are susceptible to attacks and breaches.Unidentified employees regularly download and move compliance-regulated HR data from SAP without approval for unknown purposes on unprotected, unapproved systems, programs, and apps.No budget for third-party risk assessment team to identify and remedy vulnerable points in HR systems.Business Objectives:
Eliminate risks of compliance violations by ensuring the protection of all SAP HR systems data from external attacks, internal data leaks, and potential accidents.Track and monitor employee activities surrounding compliance regulated HR data.Solution & Result:The organization installed HALOCORE. This allowed IT and HR managers to identify which employees are downloading information, what information is being downloaded, how often it is being done, where it came from and where it is going.Through enhanced auditing and logging features, the company now tracks movement and access to compliance sensitive HR data exported from SAP to adhere to state, federal and international regulatory and auditing requirements.
2. Finance Department – 1000 users
Business Challenges:
Network attack occurred where transactional information and confidential customer financial data was retrieved, copied, and publicized on the Internet.In direct violation of FDIC regulations, an employee accidentally shared confidential records to the wrong partner, exposing private customer data without proper notification to the customers.Due to a rise in intern groups uploading reports containing sensitive customer information to a cloud sharing drive for collaboration, company is at risk of violating SEC regulations.Business Objectives:
Ensure that confidential financial and customer data is protected at all times at all stages, no matter where it is stored or in use.Bring company wide awareness to governance, risk, and compliance issues and regulations thatneed to be addressed in day-to-day activities.Monitor all employee activity regarding sensitive data downloaded from SAP.Solution and results:
In the event of a future network breach or cyber attack, all sensitive financial information will be protected with HALOCORE encryption. Unauthorized users cannot access the sensitive data regardless of where it is stolen from.GRC extension was installed in addition to implementing a comprehensive GRC framework to mitigate risk, bring risk and compliance to the attention of employees, and maintain a high level of risk awareness throughout the company from the executive level down to middle management.The Auditing feature of HALOCORE solution was used to gain full visibility into the download activities and data movement of employees. With the managers will be able to view what information is being extracted from SAP and where it is being sent and stored.3. Materials Management – 400 Users
Business Challenges:
Access to complex and sensitive material data was unregulated based on the quoting procedures, exports of this information frequent.Recently hired 20 new SAP users to manage inventory, purchase orders, and consumption-based planning elements.Business Objectives:
Monitor and control the exported data from the Materials department.Develop a method to teach employees to properly secure confidential materials information.Show upper management a visual on progress made in securing materials information.Solution and Results:
HALOCORE uses data classification and policies to limit who has access to what types of data. Materials Management data downloaded from SAP can automatically be classified for specific personnel eyes only, allowing quote requests to go only to the vendor responsible. Expiration timers can also control how long that information is accessible by the recipient.HALOCORE’s user-friendly UI, allows employees to reinforce the best classification and protection selection or choose their own. The choice is logged for managerial auditing.BO/BI Visuals Extension was used to creating a dashboard demonstrating how many materials downloads were protected vs. unprotected and this was tracked over the course of a time period to prove the efficacy of the security policy.4. Product Planning – 125 UsersBusiness Challenges: Competitor possesses great knowledge of current product specs that are still in R&D.Company’s competitive edge has been revealed and information is being leaked regularly.Business Objectives:
Identify the download activity specifically related to R&D to assess what needs to be carefully regulated.Limit what information can be pulled from the PP module based on the transaction code used.Work with a classification schema that tags highly confidential R&D information for a downstream management tool to secure.Solution and Results:
The Auditing Log feature within HALOCORE captures the attributes necessary to identify high-risk downloads of R&D material.Some of the attributes monitored includes files downloaded and the path, terminal, and IP address of the recipient, transaction code, table viewed, timestamp and so on.Filtering this to view only PP related transaction codes allowed for the customer to build a tagging schema that would classify high-risk data.Using the native DLP functionality via a BAdl, the company was able to block the download of material using transaction codes they deemed highly sensitive from the auditing log. This was step one in their DLP plan.Step 2 was to use a simple classification schema that tagged files at the point of download from SAP. With the classification in the metadata, the company was able to use its third-party security solution to manage classified files.5. SAP Crystal reports – 50 Users
Business Challenges:
Small government contractor business utilizing the cost-effective Business Intelligence solution cannot afford to hire a CR developer.Security settings must be modified per report, per person, by a CR developer, and reset for every change that is made, increasing the risk of security loopholes, gaps, and mistakes.Business Objectives:
Secure sensitive data analysis and exports from CR for protected and compliant collaboration.Gain full visibility into sensitive data activity within Business Intelligence.Solution and Results:
HALOCORE was installed to apply context-aware, data–centric protection to all data and documents as they leave SAP. HALOCORE’s auditing log fully integrates with SAP Business Intelligence solutions and Crystal Reports, allowing users to create interactive dashboards for complete visualization of extracted sensitive data, as well as providing the audit trail necessary for compliance, showing that sensitive data is being controlled and regulated within the enterprise and within national and international compliance guidelines.With HALOCORE, users can utilize data from activity logs to build Crystal reports, and upon export, HALOCORE can audit and block the exports if it is not within the set security parameters for the user, thus reducing the risk of unwanted information disclosure.Conclusion:For organizations using SAP as their core ERP platform, SAP data security is critical since SAP is the repository where critical, sensitive, and confidential data across different business functions is stored.Organizations must ensure securing SAP data from data theft and misuse by implementing stringent data protection strategies and policies in place.With HALOCORE organizations will realize end-to-end data-centric protection to all their critical data and documents, be it in rest or motion as they leave SAP.To know how SECUDE can protect your critical data, be it financial, IP, operations, customer or even about your employees, visit our HALOCORE pageHALOCORE was also used in applying persistent protection to HR data to keep in compliance with OSHA and FSLA regulations.HALOCORE protection is based on Microsoft RMS policy and applies encryption directly to the data itself. HR specified policies are applied at every download so private data cannot be accessed by anyone except for authorized employees. It does not interfere with productivity or workflow as it is integrated into SAP.HALOCORE was installed to apply data–centric protection to all data and documents as they leave SAP. All data is protected wherever it goes, whether in motion, in storage, on a laptop or mobile phone.In the event of a future network breach or cyber attack, all sensitive financial information will be protected with HALOCORE encryption. Unauthorized users cannot access the sensitive data regardless of where it is stolen from.
