Skip to content

Additional layer for SAP Data Security

For many years, it’s been said that data is the new oil. This means that data rich companies could well be more successful than their competitors. Data and information are like fuel for companies since both are needed for ongoing business transactions and innovation. Companies can only win the race against their competitors if they are not losing this fuel, meaning they must keep data secure at all times and anywhere.

Protecting the company’s IT perimeter against cyber-attacks by leveraging firewalls and intrusion detection systems, as well as promptly implementing security patches are today’s best practices for IT security. The SecurityBridge Platform provides SAP customers with a holistic solution to detect vulnerabilities, identify missing security patches, and create alerts when a nefarious but anonymous user is posing a threat. Even the examination of our customers’ own developments is covered. All of which leads to an increase in the SAP data security posture.

Adding another ingredient to SAP Data Security

All IT security experts know, however, that there’s still a risk that a cyber-attack could successfully enter the IT perimeter. Some of them might remain hidden for quite a while, like successful Log4J intrusions, until they’re used as “backdoor” for data leakage. So, wouldn’t it be great to have an additional and independent layer for SAP data security which prevents the unauthorized use and distribution of the captured data?

The key success factor for this is, to always work with encrypted data. While encryption for data at rest and data in transit are already widely used techniques, encryption of data in use is leveraging solutions that have reached maturity in the last couple of years. That’s why companies must adopt a Digital Rights Management platform and integrate it with all their egress points used in their enterprise applications and platforms.

SAP is the most important enterprise business application, and provides several data export functions, so SAP users can download data e.g., directly into an Excel spreadsheet. However, while the data is protected in SAP, that protection is lost when on downloading. While the monitoring of the SecurityBridge platform is equipped with special sensors that inform about data exfiltration and even reports anomalies e.g., extraordinarily large data extraction, SAP data can leave the secure system area through uncontrolled application features, like data downloads and similar egress points.

How to protect SAP data, outside of SAP?

We asked our customers how they can continue to protect their SAP data once it’s left their SAP system. Is there a way to map the SAP security profile to any data downloaded from SAP and used e.g., in various Microsoft Office applications? SECUDE provides an answer specifically to this question.
Microsoft Information Protection (MIP), as the most visible Digital Rights Management platform on the market, that can help protect this exported data and files from SAP. However, the existing efficient user workflows are only preserved with a deep SAP integration and an automated approach for mapping the SAP security profile of the corresponding data to the appropriate MIP protection template.

SECUDE HALOCORE provides this automated integration of MIP into SAP environments. The solution is triggered by SAP functions that expose data beyond the system boundaries and retrieves all relevant SAP business metadata for an attribute-based classification on-the-fly. Once the data classification is determined, the corresponding MIP protection template is applied, and the file is seamlessly sent to the SAP frontend or web UI.

With this approach the SAP user experience is fully preserved and in addition the SAP data security profile is now enforced in Microsoft Office or Adobe Acrobat Reader. For special engineering and supply chain use cases, SECUDE provides dedicated MIP-clients for CAD applications which allow users to work with native MIP-protected CAD files.

This blog article was written jointly by Holger Hügel from Secude and Christoph Nagy from SecurityBridge.

Posted by

Till Pleyer
Find recent Security Advisories for SAP©

Looking into securing your SAP landscape? This white-paper tells you the “Top Mistakes to Avoid in SAP Security“. Download it now.

Mastering NIST & CISA Compliance for SAP

Join us for an enlightening webinar where we simplify these regulatory frameworks, map CISA guidelines to SAP instances, and showcase how the SecurityBridge platform can assist you in achieving your SAP compliance needs.

Kickstarting Your SAP Security Journey

Do you want to kickstart your journey towards SAP security excellence? Then check out our upcoming webinar. In our webinar, we will show you how to overcome these pitfalls and kickstart your journey to SAP Security excellence. Our customer cbs consulting will talk about their experience with implementing the SecurityBridge Platform and the first milestones achieved on their SAP Security journey.
SAP vulnerability
SAP Vulnerability
As we know, SAP (Systems, Applications, and Products in Data Processing) is a widely used enterprise resource planning (ERP) software suite that helps organizations manage various business operations. No digital system is secure by nature or by default - there will always be security challenges, and SAP is no exception. In this article, we discuss the Top 10 vulnerabilities in SAP – how they affect the security of an SAP system, and finally, how to identify and manage them with SecurityBridge.
SAP security Patch day
Today, September 12th, 2023 brings the release of SAP Security Patches for the extensive enterprise application portfolio developed by the Walldorf giant. SAP released 13 new Security Notes and provided 5 updates to previously released Security Notes.
Leadership team
SecurityBridge, a leading provider of cybersecurity solutions for SAP customers, acquired Dutch SAP security specialist Protect4S. Through the acquisition, customers will benefit from an even more comprehensive one-stop-shop software platform that will improve every SAP customer’s security position across all technology stacks.