Skip to content

Additional layer for SAP Data Security

For many years, it’s been said that data is the new oil. This means that data rich companies could well be more successful than their competitors. Data and information are like fuel for companies since both are needed for ongoing business transactions and innovation. Companies can only win the race against their competitors if they are not losing this fuel, meaning they must keep data secure at all times and anywhere.

Protecting the company’s IT perimeter against cyber-attacks by leveraging firewalls and intrusion detection systems, as well as promptly implementing security patches are today’s best practices for IT security. The SecurityBridge Platform provides SAP customers with a holistic solution to detect vulnerabilities, identify missing security patches, and create alerts when a nefarious but anonymous user is posing a threat. Even the examination of our customers’ own developments is covered. All of which leads to an increase in the SAP data security posture.

Adding another ingredient to SAP Data Security

All IT security experts know, however, that there’s still a risk that a cyber-attack could successfully enter the IT perimeter. Some of them might remain hidden for quite a while, like successful Log4J intrusions, until they’re used as “backdoor” for data leakage. So, wouldn’t it be great to have an additional and independent layer for SAP data security which prevents the unauthorized use and distribution of the captured data?

The key success factor for this is, to always work with encrypted data. While encryption for data at rest and data in transit are already widely used techniques, encryption of data in use is leveraging solutions that have reached maturity in the last couple of years. That’s why companies must adopt a Digital Rights Management platform and integrate it with all their egress points used in their enterprise applications and platforms.

SAP is the most important enterprise business application, and provides several data export functions, so SAP users can download data e.g., directly into an Excel spreadsheet. However, while the data is protected in SAP, that protection is lost when on downloading. While the monitoring of the SecurityBridge platform is equipped with special sensors that inform about data exfiltration and even reports anomalies e.g., extraordinarily large data extraction, SAP data can leave the secure system area through uncontrolled application features, like data downloads and similar egress points.

How to protect SAP data, outside of SAP?

We asked our customers how they can continue to protect their SAP data once it’s left their SAP system. Is there a way to map the SAP security profile to any data downloaded from SAP and used e.g., in various Microsoft Office applications? SECUDE provides an answer specifically to this question.
Microsoft Information Protection (MIP), as the most visible Digital Rights Management platform on the market, that can help protect this exported data and files from SAP. However, the existing efficient user workflows are only preserved with a deep SAP integration and an automated approach for mapping the SAP security profile of the corresponding data to the appropriate MIP protection template.

SECUDE HALOCORE provides this automated integration of MIP into SAP environments. The solution is triggered by SAP functions that expose data beyond the system boundaries and retrieves all relevant SAP business metadata for an attribute-based classification on-the-fly. Once the data classification is determined, the corresponding MIP protection template is applied, and the file is seamlessly sent to the SAP frontend or web UI.

With this approach the SAP user experience is fully preserved and in addition the SAP data security profile is now enforced in Microsoft Office or Adobe Acrobat Reader. For special engineering and supply chain use cases, SECUDE provides dedicated MIP-clients for CAD applications which allow users to work with native MIP-protected CAD files.

This blog article was written jointly by Holger Hügel from Secude and Christoph Nagy from SecurityBridge.

Posted by

Till Pleyer
Find recent Security Advisories for SAP©

Looking into securing your SAP landscape? This white-paper tells you the “Top Mistakes to Avoid in SAP Security“. Download it now.

Security Automation: The Need for a Last Line of Defense

Join our upcoming webinar session on Security Automation with special guests from SecurityBridge and discover how you can automate your SAP security and compliance processes to improve your security posture and implement a last line of defence for your mission-critical SAP landscape.

Mastering NIST & CISA Compliance for SAP

Join us for an enlightening webinar where we simplify these regulatory frameworks, map CISA guidelines to SAP instances, and showcase how the SecurityBridge platform can assist you in achieving your SAP compliance needs.
Senior SAP Developer Singapore
As a Senior SAP Developer, you will be responsible for designing, developing, and maintaining SAP solutions while leading and guiding a team of developers. You will play a crucial role in the development of standard products, and your technical expertise and communication skills will be instrumental in ensuring the success of our projects. This role demands strong leadership, technical acumen, and the ability to collaborate effectively in an international development team.
Earlier this year, IBM presented its 18th edition of ‘The Cost of a Data Breach Report’ (you can find it here). This publication provides detailed and valuable insights into various factors related to data breaches. It is based on research carried out at 553 impacted organizations - any IT security professional should check it out. In this article, we will highlight some of this report’s findings and bring them into the context of SAP security.
We're hiring a financial controller/analyst
As a Controller/Financial Analyst at SecurityBridge, you will play a crucial role in managing and optimizing financial processes, ensuring accurate reporting, and providing strategic financial insights. This is an exciting opportunity for a detail-oriented professional to contribute to the financial success of the fastest-growing cybersecurity provider for SAP systems.