By definition SAP data is subject to a high security standard – at least as long as it is within the SAP system. But is this the general rule or an exception? The fact is that thousands of confidential data are exported every day by unaware users, malicious insiders or through automated exchange with external satellite systems. This increases the risk of data misuse, makes compliance with the new EU Data Protection Code (GDPR) increasingly difficult, threatening the subsistence of any company.
According to a recent IDC study regarding mobile security in Germany, 52% of IT executives believe that the greatest security risk lies with the users themselves. Accidental disclosure of information by employees as well as cybercriminal insider attacks play a role. According to another report by RedOwl and IntSights, recently published by Computerwoche, the number of insiders who offer sensitive company data for sale in the Dark Web went up by almost 50% from 2015 to 2016.
Control data exports
One of the most common target environments of data exports is Microsoft Office. The risk in doing this is enormous: by inserting data into a Microsoft PowerPoint document or by forwarding a Microsoft Excel spreadsheet by e-mail, structured SAP data quickly and unintentionally becomes unstructured Microsoft Office documents, which can be distributed across the digital world without any control. And this is only the beginning of digital transformation.
With the increasing IT networks and the introduction of the new S/4 Hana platform, the number of interfaces will also increase significantly. Whoever wants to protect his IT in the future should already think about ways to effectively safeguard and control new security gaps.
Secure data across applications
Secude’s IT security solution Halocore is the only solution that integrates security concepts of SAP and Microsoft and provides process- and application-wide protection of sensitive data. Integrated into the SAP digital core, the solution audits all SAP data exports, which leave the system using standard functions or by copy & paste. Intelligent context-specific classification automatically detects the protection requirements of the data and applies them to the export files.
Before the files reach a device, they are encrypted and protected using Microsoft Azure Information Protection (AIP). Only those users who are authorized will be given access to the protected documents.
The solution also blocks files that are not allowed to egress from the SAP system. It also enables automated monitoring of the background data exchange, for example via RFC, IDoc or web service, between SAP and Microsoft applications.