In this session, you will hear security experts from SECDUE talk about reducing a negative impact on user experience from traditional security solutions. You will also learn about emerging technologies that enable you to protect financial, PII, and other sensitive information inside and outside of SAP, while eliminating a negative productivity impact. Learn how you can gain a 360° control by extending roles and authorization configured in SAP to any documents leaving SAP applications, allowing them to be safely accessed, shared, and stored inside the company and beyond, including mobile and cloud platforms. Find out how you can to track and analyze all download activity from SAP systems, identify sensitive data with intelligent classification, and create intuitive DLP policies to prevent data loss, all with minimal work disruptions.
SECUDE has many customers using SAP and each and every one we have spoken to has confirmed to us that they do NOT know when, what, who or how often data is extracted from their SAP systems!
Clearly not knowing what data is leaving SAP, Who is accessing it, Where it is going is a serious Security Vulnerability.
Our Halocore solution can deal with that issue and more.
It is best described with the 5 simple words highlighted here which will be the basic sequence we us in understanding the Halocore solution.
First a bit of history about SECUDE . . .
It took our industry a number of years to fully understand how important user experience (UX) is to everything that we build.
At its heart, UX design is about effectively addressing the needs and circumstances of your users, to produce an interface that is comfortable and even joyful to use.
your users’ needs are always changing, as people continually evolve their expectations and technologies.
Tradeoffs between security, privacy, and convenience are sometimes inevitable Active X controls Cookies
Putting up walls just keeps people from getting their work done, from creating value in the organization. And, it creates discord between value creators and information protectors."
Be enablers. non-intrusive tracking and monitoring capabilities. present users with understandable options that allow them to perform their tasks with a minimum of inconvenience.
As an SAP customer you run most of your business on SAP thus you have a tremendous amount of sensitive mission-critical data in SAP.
Your security team has spent a lot of time to ensure that what is in SAP can only be accessed by the people who have the roles and authorizations to access it.
Strong Roles and Authorizations have been developed to ensure that.
SAP IS YOUR MISSION CRITICAL DATA STORE
From PII to HR to Financial to Product Plan, your Crown Jewels reside in the SAP data stores.
Unfortunately, every day a multitude of data is extracted from SAP by your users who need it to do their job, most of them likely spreadsheets but many other data types as well.
It is then sent to many places like Dropbox, a PC hard drive, a mobile device and may be shared with employees, partners and possibly even a competitor.
Or worse it may get out loose on the Internet!
Catch it if you can..
You have many DLP solutions to try to protect your data outside of SAP.
Most GUESS what the data may be, look for cc # patterns, to decide to alert, block or so on, even ask for user input.
EDC today, if used only comes into play when a user open a document after it has been downloaded from SAP and mostly depends on the User to do it.
So why not classify data at creation? When data is extracted out of SAP, When all of the rich SAP meta-data is available, What system, What table, What roles, authorizations, even Where the user is at the time and much more is available?
That is EXACTLY what Halocore does.
At the point of extraction/download using an algorithm called Attribute Derivation; Halocore intelligently classifies the data right then when most is known about it. App, System, Tx, table, even what device it is going to.
Right at that time it can Audit, Block even Protect,
By automatically and intelligently applying Classification Meta-Data Tags your downstream solutions become far more accurate and effective and produce far fewer false positives.
This UI is completely optional. Classification and Tagging can be done without any user involvement or it can involve the user in confirming or even changing the classification.
Many allow User involvement to create awareness of document sensitivity.
All actions are logged.
What you see is entirely configurable.
An Atlanta beverage company does not want password hashes to EVER be downloaded…
So they blocked any downloads of Tx SE16 Table USR02.
Locked and any access attempts Logged.
MS RMS is template based, in this example we use a Finance template which allows open only and others only have read only print only access.
Once a user attempts to download, Halocore pops up and asks the user to confirm the template again. Assuming the user confirms (Save) in next step Excel comes as normal but as you can see by the yellow bar Excel confirms that this spreadshe
Clicking will bring up the second example, will try to have changed into two distinct slides.
As you can see user have View and Print only, cannot Copy, Edit or Save it elsewhere.
So if this was sent to someone outside of the finance department they would not even be able to open it.
Helps to track sensitive data distribution in the company and identify possibly weak spots
Does not require a Microsoft RMS infrastructure
Each and every download is tracked
The log can be displayed with an easy-to-use report transaction, in an ALV grid
Data can be extracted and analyzed with more powerful tools, such as Business Objects