SlideShare una empresa de Scribd logo

WEBINAR - A New Era in HR Security for SAP

UL Transaction Security
UL Transaction Security

The HR landscape is changing. Sensitive personnel information is at high risk and proper security measure need to be taken to protect the information in SAP. Secure your HR data on premise, and in the cloud. Watch the full length webinar here - http://goo.gl/LG4av3

Reclutamiento y RR. HH.Tecnología
1 de 22
Descargar para leer sin conexión
A NEW ERA IN HR SECURITY Presenters: MHP: Jason Sanders – Speaker SECUDE: Anne Marie Colombo – Speaker SECUDE: Michael Kummer – Panelist SECUDE: Aparna Jue – Moderator 2/26/14 SECUDE - MHP 2014 1
Objective How to Secure HR Data on Premise and in the Cloud Agenda •  The Landscape: Understanding the Environment •  The Issue: HR Data Security •  Mitigating the Risk: What Can You Do •  Demo •  Q&A Session 2/26/14 SECUDE - MHP 2014 2
THE HR LANDSCAPE Jason Sanders 2/26/14 SECUDE - MHP 2014 3
The Landscape •  SAP’s HCM Module •  Data is stored on-premise •  Accessible by everyone with access to the server •  Success Factors •  Data is stored in the cloud •  Data can be shared and manipulated by anyone – no tracking •  Hybrid •  Data is stored both on-premise and in the cloud •  Data moves between the two with no protection 2/26/14 SECUDE - MHP 2014 4
2/26/14 SECUDE - MHP 2014 5 The Right Mix
Risks & Regulations HR Data •  Payroll data •  Social Security Numbers •  State-Issued Identification •  Government forms (I-9, W2, etc.) Compliance Regulations •  HIPPA •  SOX •  Safe Harbour 2/26/14 SECUDE - MHP 2014 6
HR DATA SECURITY ISSUES Anne Marie Colombo 2/26/14 SECUDE - MHP 2014 7
Data Breaches •  90% experienced leakage /loss of sensitive documents over 12 months •  In 2013, the average cost of data breach in USA was over $5.4 million •  Most states have “breach laws” •  Cover specific data, such as SSN, drivers license and credit card numbers 2/26/14 8 2013 The Risk of Insider Fraud Study, Ponemon Institute •  743 Individuals •  CIO/CSO or direct report •  10 avg experience SECUDE - MHP 2014 37 39 24 Cause of Data Breach Malicious Attack Negligence System Glitch Cost of Data Breach Report | Ponemon Institute 2013
The Risk is Real 2/26/14 SECUDE - MHP 2014 9 Virginia Tech Job Application Server Hacked Personal Data Exposed August 2013, - Virginia Tech University server in thehuman resources department was illegally accessed.Hackers got into a database, containing a decede’sworth of applicants data, from 2003 to 2013. Personaldata of 114,963 individuals was exposed. Phoenix-Based Waste Management Company Suffers HR Data Breach August 2013, - An unencrypted laptop was stolen from a Republic Services’ employee’s home. The laptop contained names and social security numbers of current and former employees. 82,160 individuals could have been affected. US Department of Energy Hack Disclosed Employee Data February 2013, - The U.S. Department of Energy saidthat personal information about 14,000 employees andcontractors was stolen in a mid-January hack. Hackershad gained access to personal information, includingSocial Security numbers
HR Data is Constantly on the Move 2/26/14 SECUDE - MHP 2014 10 HR Data is exported from SAP •  Reporting •  Data crunching •  Analysis Cloud & Mobility •  Explosion of cloud services and providers •  BYOD: are you losing track of your data?
Where is the data? Competitor Partner Employees File Server 2/26/14 SECUDE - MHP 2014 11
MITIGATING THE RISK Jason Sanders Michael Kummer 2/26/14 SECUDE - MHP 2014 12
Protecting Hybrid Environment •  Access on premise by establishing a secured tunnel using SAP Cloud Connector (SCC) •  Delegation to a central service (IdP) enables Single Sign-On (SSO) between multiple Cloud applications •  Mature and proven security standards for integration with IdP •  Enable federated authentication supporting the following methods: ü  SAP ID Service – “out-of-the-box” IdP in the Cloud ü  Your own IdP (e.g. in the corporate network) •  Consume data services based on rest API’s or gateway services (oDATA) Non-SAP System ERP SAP NetWeaver Gateway 13
Protecting SAP NetWeaver Protect data inside of SAP •  Roles & Authorizations •  Check HCM Authorizations in new and existing roles •  Review PLOG in existing roles •  Restrict OTYPE •  Check P_ABAP in existing roles Extend protection to data leaving SAP •  Authorizations need to be extended to wherever the data goes 2/26/14 SECUDE - MHP 2014 14
Existing Technologies •  Network •  Data Leakage Prevention (DLP) •  Firewalls •  Virtual Private Network (VPN) •  Storage •  Full Disk Encryption (FDE) •  Database Encryption •  File •  Pretty Good Privacy (PGP) •  Information Rights Management (IRM) 2/26/14 SECUDE - MHP 2014 File Encryption Storage Network
Microsoft AD RMS Built on industry leading Microsoft Rights Management technology Access Control Encryption Policy Enforcement Unauthorized User Trusted Partner 2/26/14 SECUDE - MHP 2014 16
Protecting Data that Leaves SAP 2/26/14 SECUDE - MHP 2014 17
Demo: Protecting HR Data Leaving SAP 2/26/14 18SECUDE - MHP 2014
Where to start? 2/26/14 SECUDE - MHP 2014 19 SECUDE Data Export Auditor for SAP •  Free tool to monitor all data leaving SAP •  Each and every download is tracked •  Intelligent classification •  Download http://www.secude.com/solutions/halocore-data-export-auditor-for-sap/
Potential Next Steps •  Download Data Export Auditor •  Win a free 30 minute consulting session with MHP to help analyze your HR landscape 2/26/14 SECUDE - MHP 2014 20
Questions 2/26/14 SECUDE - MHP 2014 21
Thank you for your attention! Jason Sanders Practice Leader – HR & Emerging Technologies Jason.sanders@mhp.com 404-789-8981 Anne Marie Colombo SECUDE IT Security Anne.colombo@usa.secude.com (404) 915-9687 22

Recomendados

Data Classification Presentation
Data Classification PresentationData Classification Presentation
Data Classification PresentationDerroylo
 
Information classification
Information classificationInformation classification
Information classificationHoward Diesel (CDMP BI, DW, DBA, Msc Elec Eng)
 
Security&Governance
Security&GovernanceSecurity&Governance
Security&GovernanceDatio Big Data
 
Oracle Modern Information Management Platform - v1.0
Oracle Modern Information Management Platform - v1.0Oracle Modern Information Management Platform - v1.0
Oracle Modern Information Management Platform - v1.0Bratamay Majumder
 
Data classification-policy
Data classification-policyData classification-policy
Data classification-policyCoi Xay
 
Data Governance, Compliance and Security in Hadoop with Cloudera
Data Governance, Compliance and Security in Hadoop with ClouderaData Governance, Compliance and Security in Hadoop with Cloudera
Data Governance, Compliance and Security in Hadoop with ClouderaCaserta
 
Data Governance Initiative
Data Governance InitiativeData Governance Initiative
Data Governance InitiativeDataWorks Summit
 
Top 10 Best Practices for Implementing Data Classification
Top 10 Best Practices for Implementing Data ClassificationTop 10 Best Practices for Implementing Data Classification
Top 10 Best Practices for Implementing Data ClassificationWatchful Software
 

Recomendados

Data Classification Presentation
Data Classification PresentationData Classification Presentation
Data Classification PresentationDerroylo
 
Information classification
Information classificationInformation classification
Information classificationHoward Diesel (CDMP BI, DW, DBA, Msc Elec Eng)
 
Security&Governance
Security&GovernanceSecurity&Governance
Security&GovernanceDatio Big Data
 
Oracle Modern Information Management Platform - v1.0
Oracle Modern Information Management Platform - v1.0Oracle Modern Information Management Platform - v1.0
Oracle Modern Information Management Platform - v1.0Bratamay Majumder
 
Data classification-policy
Data classification-policyData classification-policy
Data classification-policyCoi Xay
 
Data Governance, Compliance and Security in Hadoop with Cloudera
Data Governance, Compliance and Security in Hadoop with ClouderaData Governance, Compliance and Security in Hadoop with Cloudera
Data Governance, Compliance and Security in Hadoop with ClouderaCaserta
 
Data Governance Initiative
Data Governance InitiativeData Governance Initiative
Data Governance InitiativeDataWorks Summit
 
Top 10 Best Practices for Implementing Data Classification
Top 10 Best Practices for Implementing Data ClassificationTop 10 Best Practices for Implementing Data Classification
Top 10 Best Practices for Implementing Data ClassificationWatchful Software
 
OnRamp Customer Case Study - analyticsMD
OnRamp Customer Case Study - analyticsMDOnRamp Customer Case Study - analyticsMD
OnRamp Customer Case Study - analyticsMDJoshua Berman
 
Data Discovery & Lineage in Enterprise Hadoop
Data Discovery & Lineage in Enterprise HadoopData Discovery & Lineage in Enterprise Hadoop
Data Discovery & Lineage in Enterprise HadoopDataWorks Summit
 
A Tale of Two Regulations: Cross-Border Data Protection For Big Data Under GD...
A Tale of Two Regulations: Cross-Border Data Protection For Big Data Under GD...A Tale of Two Regulations: Cross-Border Data Protection For Big Data Under GD...
A Tale of Two Regulations: Cross-Border Data Protection For Big Data Under GD...DataWorks Summit/Hadoop Summit
 
Enterprise Archiving with Apache Hadoop Featuring the 2015 Gartner Magic Quad...
Enterprise Archiving with Apache Hadoop Featuring the 2015 Gartner Magic Quad...Enterprise Archiving with Apache Hadoop Featuring the 2015 Gartner Magic Quad...
Enterprise Archiving with Apache Hadoop Featuring the 2015 Gartner Magic Quad...LindaWatson19
 
Bringing Trus and Visibility to Apache Hadoop
Bringing Trus and Visibility to Apache HadoopBringing Trus and Visibility to Apache Hadoop
Bringing Trus and Visibility to Apache HadoopDataWorks Summit
 
JOSA TechTalk: Metadata Management
in Big Data
JOSA TechTalk: Metadata Management
in Big DataJOSA TechTalk: Metadata Management
in Big Data
JOSA TechTalk: Metadata Management
in Big DataJordan Open Source Association
 
Csa presentation november 2016 sloane ghx
Csa presentation november 2016 sloane ghxCsa presentation november 2016 sloane ghx
Csa presentation november 2016 sloane ghxTrish McGinity, CCSK
 
Perspectives on Ethical Big Data Governance
Perspectives on Ethical Big Data GovernancePerspectives on Ethical Big Data Governance
Perspectives on Ethical Big Data GovernanceCloudera, Inc.
 
Sensitive data
Sensitive dataSensitive data
Sensitive dataS.M. Towhidul Islam
 
Data Security
Data SecurityData Security
Data Securityankita_kashyap
 
Hadoop and Financial Services
Hadoop and Financial ServicesHadoop and Financial Services
Hadoop and Financial ServicesCloudera, Inc.
 
Webinar: Practical Technology Playbook for the GDPR
Webinar: Practical Technology Playbook for the GDPRWebinar: Practical Technology Playbook for the GDPR
Webinar: Practical Technology Playbook for the GDPRIndex Engines Inc.
 
HR Outsourced Services
HR Outsourced Services HR Outsourced Services
HR Outsourced Services Gregory Guilford
 
Hans Henseler - Intelligent data analysis for improving public security - Da...
Hans Henseler - Intelligent data analysis for improving public security - Da...Hans Henseler - Intelligent data analysis for improving public security - Da...
Hans Henseler - Intelligent data analysis for improving public security - Da...DataValueTalk
 
Smarter Application and Data Security in PeopleSoft
Smarter Application and Data Security in PeopleSoftSmarter Application and Data Security in PeopleSoft
Smarter Application and Data Security in PeopleSoftSmart ERP Solutions, Inc.
 
People soft profile management 9 1
People soft profile management 9 1People soft profile management 9 1
People soft profile management 9 1Nagaraj K P
 
Security in HR... How secure are your files, really?
Security in HR... How secure are your files, really?Security in HR... How secure are your files, really?
Security in HR... How secure are your files, really?Chapelle Ryon
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
 
HR Security in SAP: Securing Data Beyond HCM Authorizations
HR Security in SAP: Securing Data Beyond HCM AuthorizationsHR Security in SAP: Securing Data Beyond HCM Authorizations
HR Security in SAP: Securing Data Beyond HCM AuthorizationsUL Transaction Security
 
Security & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoftSecurity & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoftSmart ERP Solutions, Inc.
 
Hadoop and Data Access Security
Hadoop and Data Access SecurityHadoop and Data Access Security
Hadoop and Data Access SecurityCloudera, Inc.
 
Roadmap to IT Security Best Practices
Roadmap to IT Security Best PracticesRoadmap to IT Security Best Practices
Roadmap to IT Security Best PracticesGreenway Health
 

Más contenido relacionado

La actualidad más candente

OnRamp Customer Case Study - analyticsMD
OnRamp Customer Case Study - analyticsMDOnRamp Customer Case Study - analyticsMD
OnRamp Customer Case Study - analyticsMDJoshua Berman
 
Data Discovery & Lineage in Enterprise Hadoop
Data Discovery & Lineage in Enterprise HadoopData Discovery & Lineage in Enterprise Hadoop
Data Discovery & Lineage in Enterprise HadoopDataWorks Summit
 
A Tale of Two Regulations: Cross-Border Data Protection For Big Data Under GD...
A Tale of Two Regulations: Cross-Border Data Protection For Big Data Under GD...A Tale of Two Regulations: Cross-Border Data Protection For Big Data Under GD...
A Tale of Two Regulations: Cross-Border Data Protection For Big Data Under GD...DataWorks Summit/Hadoop Summit
 
Enterprise Archiving with Apache Hadoop Featuring the 2015 Gartner Magic Quad...
Enterprise Archiving with Apache Hadoop Featuring the 2015 Gartner Magic Quad...Enterprise Archiving with Apache Hadoop Featuring the 2015 Gartner Magic Quad...
Enterprise Archiving with Apache Hadoop Featuring the 2015 Gartner Magic Quad...LindaWatson19
 
Bringing Trus and Visibility to Apache Hadoop
Bringing Trus and Visibility to Apache HadoopBringing Trus and Visibility to Apache Hadoop
Bringing Trus and Visibility to Apache HadoopDataWorks Summit
 
Csa presentation november 2016 sloane ghx
Csa presentation november 2016 sloane ghxCsa presentation november 2016 sloane ghx
Csa presentation november 2016 sloane ghxTrish McGinity, CCSK
 
Perspectives on Ethical Big Data Governance
Perspectives on Ethical Big Data GovernancePerspectives on Ethical Big Data Governance
Perspectives on Ethical Big Data GovernanceCloudera, Inc.
 
Hadoop and Financial Services
Hadoop and Financial ServicesHadoop and Financial Services
Hadoop and Financial ServicesCloudera, Inc.
 
Webinar: Practical Technology Playbook for the GDPR
Webinar: Practical Technology Playbook for the GDPRWebinar: Practical Technology Playbook for the GDPR
Webinar: Practical Technology Playbook for the GDPRIndex Engines Inc.
 

La actualidad más candente (12)

OnRamp Customer Case Study - analyticsMD
OnRamp Customer Case Study - analyticsMDOnRamp Customer Case Study - analyticsMD
OnRamp Customer Case Study - analyticsMD
 
Data Discovery & Lineage in Enterprise Hadoop
Data Discovery & Lineage in Enterprise HadoopData Discovery & Lineage in Enterprise Hadoop
Data Discovery & Lineage in Enterprise Hadoop
 
A Tale of Two Regulations: Cross-Border Data Protection For Big Data Under GD...
A Tale of Two Regulations: Cross-Border Data Protection For Big Data Under GD...A Tale of Two Regulations: Cross-Border Data Protection For Big Data Under GD...
A Tale of Two Regulations: Cross-Border Data Protection For Big Data Under GD...
 
Enterprise Archiving with Apache Hadoop Featuring the 2015 Gartner Magic Quad...
Enterprise Archiving with Apache Hadoop Featuring the 2015 Gartner Magic Quad...Enterprise Archiving with Apache Hadoop Featuring the 2015 Gartner Magic Quad...
Enterprise Archiving with Apache Hadoop Featuring the 2015 Gartner Magic Quad...
 
Bringing Trus and Visibility to Apache Hadoop
Bringing Trus and Visibility to Apache HadoopBringing Trus and Visibility to Apache Hadoop
Bringing Trus and Visibility to Apache Hadoop
 
JOSA TechTalk: Metadata Management
in Big Data
JOSA TechTalk: Metadata Management
in Big DataJOSA TechTalk: Metadata Management
in Big Data
JOSA TechTalk: Metadata Management
in Big Data
 
Csa presentation november 2016 sloane ghx
Csa presentation november 2016 sloane ghxCsa presentation november 2016 sloane ghx
Csa presentation november 2016 sloane ghx
 
Perspectives on Ethical Big Data Governance
Perspectives on Ethical Big Data GovernancePerspectives on Ethical Big Data Governance
Perspectives on Ethical Big Data Governance
 
Sensitive data
Sensitive dataSensitive data
Sensitive data
 
Data Security
Data SecurityData Security
Data Security
 
Hadoop and Financial Services
Hadoop and Financial ServicesHadoop and Financial Services
Hadoop and Financial Services
 
Webinar: Practical Technology Playbook for the GDPR
Webinar: Practical Technology Playbook for the GDPRWebinar: Practical Technology Playbook for the GDPR
Webinar: Practical Technology Playbook for the GDPR
 

Destacado

Hans Henseler - Intelligent data analysis for improving public security - Da...
Hans Henseler - Intelligent data analysis for improving public security - Da...Hans Henseler - Intelligent data analysis for improving public security - Da...
Hans Henseler - Intelligent data analysis for improving public security - Da...DataValueTalk
 
Smarter Application and Data Security in PeopleSoft
Smarter Application and Data Security in PeopleSoftSmarter Application and Data Security in PeopleSoft
Smarter Application and Data Security in PeopleSoftSmart ERP Solutions, Inc.
 
People soft profile management 9 1
People soft profile management 9 1People soft profile management 9 1
People soft profile management 9 1Nagaraj K P
 
Security in HR... How secure are your files, really?
Security in HR... How secure are your files, really?Security in HR... How secure are your files, really?
Security in HR... How secure are your files, really?Chapelle Ryon
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
 
HR Security in SAP: Securing Data Beyond HCM Authorizations
HR Security in SAP: Securing Data Beyond HCM AuthorizationsHR Security in SAP: Securing Data Beyond HCM Authorizations
HR Security in SAP: Securing Data Beyond HCM AuthorizationsUL Transaction Security
 
Security & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoftSecurity & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoftSmart ERP Solutions, Inc.
 
Hadoop and Data Access Security
Hadoop and Data Access SecurityHadoop and Data Access Security
Hadoop and Data Access SecurityCloudera, Inc.
 
Roadmap to IT Security Best Practices
Roadmap to IT Security Best PracticesRoadmap to IT Security Best Practices
Roadmap to IT Security Best PracticesGreenway Health
 
HR Risk Management
HR Risk ManagementHR Risk Management
HR Risk ManagementRoy Prasad
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015Capgemini
 
Sap Hr Presentation 08052002
Sap Hr Presentation 08052002Sap Hr Presentation 08052002
Sap Hr Presentation 08052002Anand Shanmugam
 
Security Analysis and Data Visualization
Security Analysis and Data VisualizationSecurity Analysis and Data Visualization
Security Analysis and Data VisualizationOluseyi Akindeinde
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security StrategyAndrew Byers
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security RoadmapElliott Franklin
 

Destacado (18)

HR Outsourced Services
HR Outsourced Services HR Outsourced Services
HR Outsourced Services
 
Hans Henseler - Intelligent data analysis for improving public security - Da...
Hans Henseler - Intelligent data analysis for improving public security - Da...Hans Henseler - Intelligent data analysis for improving public security - Da...
Hans Henseler - Intelligent data analysis for improving public security - Da...
 
Smarter Application and Data Security in PeopleSoft
Smarter Application and Data Security in PeopleSoftSmarter Application and Data Security in PeopleSoft
Smarter Application and Data Security in PeopleSoft
 
People soft profile management 9 1
People soft profile management 9 1People soft profile management 9 1
People soft profile management 9 1
 
Security in HR... How secure are your files, really?
Security in HR... How secure are your files, really?Security in HR... How secure are your files, really?
Security in HR... How secure are your files, really?
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
 
HR Security in SAP: Securing Data Beyond HCM Authorizations
HR Security in SAP: Securing Data Beyond HCM AuthorizationsHR Security in SAP: Securing Data Beyond HCM Authorizations
HR Security in SAP: Securing Data Beyond HCM Authorizations
 
Security & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoftSecurity & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoft
 
Hadoop and Data Access Security
Hadoop and Data Access SecurityHadoop and Data Access Security
Hadoop and Data Access Security
 
Roadmap to IT Security Best Practices
Roadmap to IT Security Best PracticesRoadmap to IT Security Best Practices
Roadmap to IT Security Best Practices
 
HR Risk Management
HR Risk ManagementHR Risk Management
HR Risk Management
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015
 
Sap Hr Presentation 08052002
Sap Hr Presentation 08052002Sap Hr Presentation 08052002
Sap Hr Presentation 08052002
 
Hris
HrisHris
Hris
 
Security Analysis and Data Visualization
Security Analysis and Data VisualizationSecurity Analysis and Data Visualization
Security Analysis and Data Visualization
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security Strategy
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security Roadmap
 
How to write a statement problem
How to write a statement problemHow to write a statement problem
How to write a statement problem
 

Similar a WEBINAR - A New Era in HR Security for SAP

Virtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - DeloitteVirtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - DeloitteSplunk
 
Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...
Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...
Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...BigDataEverywhere
 
Comprehensive Security for the Enterprise IV: Visibility Through a Single End...
Comprehensive Security for the Enterprise IV: Visibility Through a Single End...Comprehensive Security for the Enterprise IV: Visibility Through a Single End...
Comprehensive Security for the Enterprise IV: Visibility Through a Single End...Cloudera, Inc.
 
How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...
How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...
How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...Aggregage
 
Comprehensive Hadoop Security for the Enterprise | Part I | Compliance Ready ...
Comprehensive Hadoop Security for the Enterprise | Part I | Compliance Ready ...Comprehensive Hadoop Security for the Enterprise | Part I | Compliance Ready ...
Comprehensive Hadoop Security for the Enterprise | Part I | Compliance Ready ...Cloudera, Inc.
 
Data security in the cloud
Data security in the cloud Data security in the cloud
Data security in the cloud IBM Security
 
Turn Big Data into Big Value on Informatica and AWS
Turn Big Data into Big Value on Informatica and AWSTurn Big Data into Big Value on Informatica and AWS
Turn Big Data into Big Value on Informatica and AWSAmazon Web Services
 
Privacy Engineering: Enabling Mobility of Mental Health Services with Data Pr...
Privacy Engineering: Enabling Mobility of Mental Health Services with Data Pr...Privacy Engineering: Enabling Mobility of Mental Health Services with Data Pr...
Privacy Engineering: Enabling Mobility of Mental Health Services with Data Pr...CREST @ University of Adelaide
 
Is Your Company's Data Secure? Shelley Vinson Helfer
Is Your Company's Data Secure? Shelley Vinson HelferIs Your Company's Data Secure? Shelley Vinson Helfer
Is Your Company's Data Secure? Shelley Vinson HelferMAX Technical Training
 
Dataguise & MapR: Action Items for the Financial Industry
Dataguise & MapR: Action Items for the Financial IndustryDataguise & MapR: Action Items for the Financial Industry
Dataguise & MapR: Action Items for the Financial IndustryMapR Technologies
 
Webinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data StrategyWebinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data StrategyStorage Switzerland
 
GDPR: What Your Startup Should Know and Start Doing Now
GDPR: What Your Startup Should Know and Start Doing NowGDPR: What Your Startup Should Know and Start Doing Now
GDPR: What Your Startup Should Know and Start Doing NowAmazon Web Services
 
GDPR/CCPA Compliance and Data Governance in Hadoop
GDPR/CCPA Compliance and Data Governance in HadoopGDPR/CCPA Compliance and Data Governance in Hadoop
GDPR/CCPA Compliance and Data Governance in HadoopEyad Garelnabi
 
Trust in a Digital World
Trust in a Digital WorldTrust in a Digital World
Trust in a Digital Worlditnewsafrica
 
Generating actionable consumer insights from analytics - Telekom R&D
Generating actionable consumer insights from analytics - Telekom R&DGenerating actionable consumer insights from analytics - Telekom R&D
Generating actionable consumer insights from analytics - Telekom R&DMerlien Institute
 
Big data and the data quality imperative
Big data and the data quality imperativeBig data and the data quality imperative
Big data and the data quality imperativeTrillium Software
 

Similar a WEBINAR - A New Era in HR Security for SAP (20)

Virtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - DeloitteVirtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - Deloitte
 
Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...
Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...
Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...
 
Comprehensive Security for the Enterprise IV: Visibility Through a Single End...
Comprehensive Security for the Enterprise IV: Visibility Through a Single End...Comprehensive Security for the Enterprise IV: Visibility Through a Single End...
Comprehensive Security for the Enterprise IV: Visibility Through a Single End...
 
How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...
How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...
How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...
 
Practical Security for the Cloud
Practical Security for the CloudPractical Security for the Cloud
Practical Security for the Cloud
 
Cyber security
Cyber securityCyber security
Cyber security
 
Comprehensive Hadoop Security for the Enterprise | Part I | Compliance Ready ...
Comprehensive Hadoop Security for the Enterprise | Part I | Compliance Ready ...Comprehensive Hadoop Security for the Enterprise | Part I | Compliance Ready ...
Comprehensive Hadoop Security for the Enterprise | Part I | Compliance Ready ...
 
Data security in the cloud
Data security in the cloud Data security in the cloud
Data security in the cloud
 
Turn Big Data into Big Value on Informatica and AWS
Turn Big Data into Big Value on Informatica and AWSTurn Big Data into Big Value on Informatica and AWS
Turn Big Data into Big Value on Informatica and AWS
 
Privacy Engineering: Enabling Mobility of Mental Health Services with Data Pr...
Privacy Engineering: Enabling Mobility of Mental Health Services with Data Pr...Privacy Engineering: Enabling Mobility of Mental Health Services with Data Pr...
Privacy Engineering: Enabling Mobility of Mental Health Services with Data Pr...
 
Is Your Company's Data Secure? Shelley Vinson Helfer
Is Your Company's Data Secure? Shelley Vinson HelferIs Your Company's Data Secure? Shelley Vinson Helfer
Is Your Company's Data Secure? Shelley Vinson Helfer
 
Dataguise & MapR: Action Items for the Financial Industry
Dataguise & MapR: Action Items for the Financial IndustryDataguise & MapR: Action Items for the Financial Industry
Dataguise & MapR: Action Items for the Financial Industry
 
Sensitive Data Assesment
Sensitive Data AssesmentSensitive Data Assesment
Sensitive Data Assesment
 
Big Data Security and Governance
Big Data Security and GovernanceBig Data Security and Governance
Big Data Security and Governance
 
Webinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data StrategyWebinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
 
GDPR: What Your Startup Should Know and Start Doing Now
GDPR: What Your Startup Should Know and Start Doing NowGDPR: What Your Startup Should Know and Start Doing Now
GDPR: What Your Startup Should Know and Start Doing Now
 
GDPR/CCPA Compliance and Data Governance in Hadoop
GDPR/CCPA Compliance and Data Governance in HadoopGDPR/CCPA Compliance and Data Governance in Hadoop
GDPR/CCPA Compliance and Data Governance in Hadoop
 
Trust in a Digital World
Trust in a Digital WorldTrust in a Digital World
Trust in a Digital World
 
Generating actionable consumer insights from analytics - Telekom R&D
Generating actionable consumer insights from analytics - Telekom R&DGenerating actionable consumer insights from analytics - Telekom R&D
Generating actionable consumer insights from analytics - Telekom R&D
 
Big data and the data quality imperative
Big data and the data quality imperativeBig data and the data quality imperative
Big data and the data quality imperative
 

Más de UL Transaction Security

Webinar: Data Classification - Closing the Gap between Enterprise and SAP Data
Webinar: Data Classification - Closing the Gap between Enterprise and SAP DataWebinar: Data Classification - Closing the Gap between Enterprise and SAP Data
Webinar: Data Classification - Closing the Gap between Enterprise and SAP DataUL Transaction Security
 
Webinar: Eliminating Negative Impact on User Experience from Security Solutions
Webinar: Eliminating Negative Impact on User Experience from Security SolutionsWebinar: Eliminating Negative Impact on User Experience from Security Solutions
Webinar: Eliminating Negative Impact on User Experience from Security SolutionsUL Transaction Security
 
Solving Security, Collaboration, and Mobility Challenges in SAP With Microsof...
Solving Security, Collaboration, and Mobility Challenges in SAP With Microsof...Solving Security, Collaboration, and Mobility Challenges in SAP With Microsof...
Solving Security, Collaboration, and Mobility Challenges in SAP With Microsof...UL Transaction Security
 
BYOD Webinar for SAP: Securing Data in a Mobile World
BYOD Webinar for SAP: Securing Data in a Mobile WorldBYOD Webinar for SAP: Securing Data in a Mobile World
BYOD Webinar for SAP: Securing Data in a Mobile WorldUL Transaction Security
 
Mobility & BYOD: Leveraging Best Practices and Latest Technologies for Compre...
Mobility & BYOD: Leveraging Best Practices and Latest Technologies for Compre...Mobility & BYOD: Leveraging Best Practices and Latest Technologies for Compre...
Mobility & BYOD: Leveraging Best Practices and Latest Technologies for Compre...UL Transaction Security
 
What's New in Microsoft Rights Management Services
What's New in Microsoft Rights Management ServicesWhat's New in Microsoft Rights Management Services
What's New in Microsoft Rights Management ServicesUL Transaction Security
 

Más de UL Transaction Security (8)

Webinar: Data Classification - Closing the Gap between Enterprise and SAP Data
Webinar: Data Classification - Closing the Gap between Enterprise and SAP DataWebinar: Data Classification - Closing the Gap between Enterprise and SAP Data
Webinar: Data Classification - Closing the Gap between Enterprise and SAP Data
 
Webinar: Eliminating Negative Impact on User Experience from Security Solutions
Webinar: Eliminating Negative Impact on User Experience from Security SolutionsWebinar: Eliminating Negative Impact on User Experience from Security Solutions
Webinar: Eliminating Negative Impact on User Experience from Security Solutions
 
BREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAPBREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAP
 
Perimeter Security is Failing
Perimeter Security is FailingPerimeter Security is Failing
Perimeter Security is Failing
 
Solving Security, Collaboration, and Mobility Challenges in SAP With Microsof...
Solving Security, Collaboration, and Mobility Challenges in SAP With Microsof...Solving Security, Collaboration, and Mobility Challenges in SAP With Microsof...
Solving Security, Collaboration, and Mobility Challenges in SAP With Microsof...
 
BYOD Webinar for SAP: Securing Data in a Mobile World
BYOD Webinar for SAP: Securing Data in a Mobile WorldBYOD Webinar for SAP: Securing Data in a Mobile World
BYOD Webinar for SAP: Securing Data in a Mobile World
 
Mobility & BYOD: Leveraging Best Practices and Latest Technologies for Compre...
Mobility & BYOD: Leveraging Best Practices and Latest Technologies for Compre...Mobility & BYOD: Leveraging Best Practices and Latest Technologies for Compre...
Mobility & BYOD: Leveraging Best Practices and Latest Technologies for Compre...
 
What's New in Microsoft Rights Management Services
What's New in Microsoft Rights Management ServicesWhat's New in Microsoft Rights Management Services
What's New in Microsoft Rights Management Services
 

Último

Mastering Vendor Selection and Partnership Management
Mastering Vendor Selection and Partnership ManagementMastering Vendor Selection and Partnership Management
Mastering Vendor Selection and Partnership ManagementBoundless HQ
 
2k Shots ≽ 9205541914 ≼ Call Girls In Vinod Nagar East (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Vinod Nagar East (Delhi)2k Shots ≽ 9205541914 ≼ Call Girls In Vinod Nagar East (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Vinod Nagar East (Delhi)Delhi Call girls
 
100%Safe delivery(+971558539980)Abortion pills for sale..dubai sharjah, abu d...
100%Safe delivery(+971558539980)Abortion pills for sale..dubai sharjah, abu d...100%Safe delivery(+971558539980)Abortion pills for sale..dubai sharjah, abu d...
100%Safe delivery(+971558539980)Abortion pills for sale..dubai sharjah, abu d...hyt3577
 
Arjan Call Girl Service #$# O56521286O $#$ Call Girls In Arjan
Arjan Call Girl Service #$# O56521286O $#$ Call Girls In ArjanArjan Call Girl Service #$# O56521286O $#$ Call Girls In Arjan
Arjan Call Girl Service #$# O56521286O $#$ Call Girls In Arjanparisharma5056
 
Perry Lieber Your Trusted Guide in the Dynamic World of Real Estate Investments
Perry Lieber Your Trusted Guide in the Dynamic World of Real Estate InvestmentsPerry Lieber Your Trusted Guide in the Dynamic World of Real Estate Investments
Perry Lieber Your Trusted Guide in the Dynamic World of Real Estate InvestmentsPerry Lieber
 
Will Robots Steal Your Jobs? Will Robots Steal Your Jobs? 10 Eye-Opening Work...
Will Robots Steal Your Jobs? Will Robots Steal Your Jobs? 10 Eye-Opening Work...Will Robots Steal Your Jobs? Will Robots Steal Your Jobs? 10 Eye-Opening Work...
Will Robots Steal Your Jobs? Will Robots Steal Your Jobs? 10 Eye-Opening Work...Jasper Colin
 
Cleared Job Fair Handbook | May 2, 2024
Cleared Job Fair Handbook | May 2, 2024Cleared Job Fair Handbook | May 2, 2024
Cleared Job Fair Handbook | May 2, 2024ClearedJobs.Net
 
RecruZone - Your Recruiting Bounty marketplace
RecruZone - Your Recruiting Bounty marketplaceRecruZone - Your Recruiting Bounty marketplace
RecruZone - Your Recruiting Bounty marketplaceDavide Donghi
 
Mercer Global Talent Trends 2024 - Human Resources
Mercer Global Talent Trends 2024 - Human ResourcesMercer Global Talent Trends 2024 - Human Resources
Mercer Global Talent Trends 2024 - Human Resourcesmnavarrete3
 
Webinar - How to set pay ranges in the context of pay transparency legislation
Webinar - How to set pay ranges in the context of pay transparency legislationWebinar - How to set pay ranges in the context of pay transparency legislation
Webinar - How to set pay ranges in the context of pay transparency legislationPayScale, Inc.
 

Último (10)

Mastering Vendor Selection and Partnership Management
Mastering Vendor Selection and Partnership ManagementMastering Vendor Selection and Partnership Management
Mastering Vendor Selection and Partnership Management
 
2k Shots ≽ 9205541914 ≼ Call Girls In Vinod Nagar East (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Vinod Nagar East (Delhi)2k Shots ≽ 9205541914 ≼ Call Girls In Vinod Nagar East (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Vinod Nagar East (Delhi)
 
100%Safe delivery(+971558539980)Abortion pills for sale..dubai sharjah, abu d...
100%Safe delivery(+971558539980)Abortion pills for sale..dubai sharjah, abu d...100%Safe delivery(+971558539980)Abortion pills for sale..dubai sharjah, abu d...
100%Safe delivery(+971558539980)Abortion pills for sale..dubai sharjah, abu d...
 
Arjan Call Girl Service #$# O56521286O $#$ Call Girls In Arjan
Arjan Call Girl Service #$# O56521286O $#$ Call Girls In ArjanArjan Call Girl Service #$# O56521286O $#$ Call Girls In Arjan
Arjan Call Girl Service #$# O56521286O $#$ Call Girls In Arjan
 
Perry Lieber Your Trusted Guide in the Dynamic World of Real Estate Investments
Perry Lieber Your Trusted Guide in the Dynamic World of Real Estate InvestmentsPerry Lieber Your Trusted Guide in the Dynamic World of Real Estate Investments
Perry Lieber Your Trusted Guide in the Dynamic World of Real Estate Investments
 
Will Robots Steal Your Jobs? Will Robots Steal Your Jobs? 10 Eye-Opening Work...
Will Robots Steal Your Jobs? Will Robots Steal Your Jobs? 10 Eye-Opening Work...Will Robots Steal Your Jobs? Will Robots Steal Your Jobs? 10 Eye-Opening Work...
Will Robots Steal Your Jobs? Will Robots Steal Your Jobs? 10 Eye-Opening Work...
 
Cleared Job Fair Handbook | May 2, 2024
Cleared Job Fair Handbook | May 2, 2024Cleared Job Fair Handbook | May 2, 2024
Cleared Job Fair Handbook | May 2, 2024
 
RecruZone - Your Recruiting Bounty marketplace
RecruZone - Your Recruiting Bounty marketplaceRecruZone - Your Recruiting Bounty marketplace
RecruZone - Your Recruiting Bounty marketplace
 
Mercer Global Talent Trends 2024 - Human Resources
Mercer Global Talent Trends 2024 - Human ResourcesMercer Global Talent Trends 2024 - Human Resources
Mercer Global Talent Trends 2024 - Human Resources
 
Webinar - How to set pay ranges in the context of pay transparency legislation
Webinar - How to set pay ranges in the context of pay transparency legislationWebinar - How to set pay ranges in the context of pay transparency legislation
Webinar - How to set pay ranges in the context of pay transparency legislation
 

WEBINAR - A New Era in HR Security for SAP

  • 1. A NEW ERA IN HR SECURITY Presenters: MHP: Jason Sanders – Speaker SECUDE: Anne Marie Colombo – Speaker SECUDE: Michael Kummer – Panelist SECUDE: Aparna Jue – Moderator 2/26/14 SECUDE - MHP 2014 1
  • 2. Objective How to Secure HR Data on Premise and in the Cloud Agenda •  The Landscape: Understanding the Environment •  The Issue: HR Data Security •  Mitigating the Risk: What Can You Do •  Demo •  Q&A Session 2/26/14 SECUDE - MHP 2014 2
  • 3. THE HR LANDSCAPE Jason Sanders 2/26/14 SECUDE - MHP 2014 3
  • 4. The Landscape •  SAP’s HCM Module •  Data is stored on-premise •  Accessible by everyone with access to the server •  Success Factors •  Data is stored in the cloud •  Data can be shared and manipulated by anyone – no tracking •  Hybrid •  Data is stored both on-premise and in the cloud •  Data moves between the two with no protection 2/26/14 SECUDE - MHP 2014 4
  • 5. 2/26/14 SECUDE - MHP 2014 5 The Right Mix
  • 6. Risks & Regulations HR Data •  Payroll data •  Social Security Numbers •  State-Issued Identification •  Government forms (I-9, W2, etc.) Compliance Regulations •  HIPPA •  SOX •  Safe Harbour 2/26/14 SECUDE - MHP 2014 6
  • 7. HR DATA SECURITY ISSUES Anne Marie Colombo 2/26/14 SECUDE - MHP 2014 7
  • 8. Data Breaches •  90% experienced leakage /loss of sensitive documents over 12 months •  In 2013, the average cost of data breach in USA was over $5.4 million •  Most states have “breach laws” •  Cover specific data, such as SSN, drivers license and credit card numbers 2/26/14 8 2013 The Risk of Insider Fraud Study, Ponemon Institute •  743 Individuals •  CIO/CSO or direct report •  10 avg experience SECUDE - MHP 2014 37 39 24 Cause of Data Breach Malicious Attack Negligence System Glitch Cost of Data Breach Report | Ponemon Institute 2013
  • 9. The Risk is Real 2/26/14 SECUDE - MHP 2014 9 Virginia Tech Job Application Server Hacked Personal Data Exposed August 2013, - Virginia Tech University server in thehuman resources department was illegally accessed.Hackers got into a database, containing a decede’sworth of applicants data, from 2003 to 2013. Personaldata of 114,963 individuals was exposed. Phoenix-Based Waste Management Company Suffers HR Data Breach August 2013, - An unencrypted laptop was stolen from a Republic Services’ employee’s home. The laptop contained names and social security numbers of current and former employees. 82,160 individuals could have been affected. US Department of Energy Hack Disclosed Employee Data February 2013, - The U.S. Department of Energy saidthat personal information about 14,000 employees andcontractors was stolen in a mid-January hack. Hackershad gained access to personal information, includingSocial Security numbers
  • 10. HR Data is Constantly on the Move 2/26/14 SECUDE - MHP 2014 10 HR Data is exported from SAP •  Reporting •  Data crunching •  Analysis Cloud & Mobility •  Explosion of cloud services and providers •  BYOD: are you losing track of your data?
  • 11. Where is the data? Competitor Partner Employees File Server 2/26/14 SECUDE - MHP 2014 11
  • 12. MITIGATING THE RISK Jason Sanders Michael Kummer 2/26/14 SECUDE - MHP 2014 12
  • 13. Protecting Hybrid Environment •  Access on premise by establishing a secured tunnel using SAP Cloud Connector (SCC) •  Delegation to a central service (IdP) enables Single Sign-On (SSO) between multiple Cloud applications •  Mature and proven security standards for integration with IdP •  Enable federated authentication supporting the following methods: ü  SAP ID Service – “out-of-the-box” IdP in the Cloud ü  Your own IdP (e.g. in the corporate network) •  Consume data services based on rest API’s or gateway services (oDATA) Non-SAP System ERP SAP NetWeaver Gateway 13
  • 14. Protecting SAP NetWeaver Protect data inside of SAP •  Roles & Authorizations •  Check HCM Authorizations in new and existing roles •  Review PLOG in existing roles •  Restrict OTYPE •  Check P_ABAP in existing roles Extend protection to data leaving SAP •  Authorizations need to be extended to wherever the data goes 2/26/14 SECUDE - MHP 2014 14
  • 15. Existing Technologies •  Network •  Data Leakage Prevention (DLP) •  Firewalls •  Virtual Private Network (VPN) •  Storage •  Full Disk Encryption (FDE) •  Database Encryption •  File •  Pretty Good Privacy (PGP) •  Information Rights Management (IRM) 2/26/14 SECUDE - MHP 2014 File Encryption Storage Network
  • 16. Microsoft AD RMS Built on industry leading Microsoft Rights Management technology Access Control Encryption Policy Enforcement Unauthorized User Trusted Partner 2/26/14 SECUDE - MHP 2014 16
  • 17. Protecting Data that Leaves SAP 2/26/14 SECUDE - MHP 2014 17
  • 18. Demo: Protecting HR Data Leaving SAP 2/26/14 18SECUDE - MHP 2014
  • 19. Where to start? 2/26/14 SECUDE - MHP 2014 19 SECUDE Data Export Auditor for SAP •  Free tool to monitor all data leaving SAP •  Each and every download is tracked •  Intelligent classification •  Download http://www.secude.com/solutions/halocore-data-export-auditor-for-sap/
  • 20. Potential Next Steps •  Download Data Export Auditor •  Win a free 30 minute consulting session with MHP to help analyze your HR landscape 2/26/14 SECUDE - MHP 2014 20
  • 22. Thank you for your attention! Jason Sanders Practice Leader – HR & Emerging Technologies Jason.sanders@mhp.com 404-789-8981 Anne Marie Colombo SECUDE IT Security Anne.colombo@usa.secude.com (404) 915-9687 22