Additional layer for SAP Data Security

For many years, it’s been said that data is the new oil. This means that data rich companies could well be more successful than their competitors. Data and information are like fuel for companies since both are needed for ongoing business transactions and innovation. Companies can only win the race against their competitors if they are not losing this fuel, meaning they must keep data secure at all times and anywhere.

Protecting the company’s IT perimeter against cyber-attacks by leveraging firewalls and intrusion detection systems, as well as promptly implementing security patches are today’s best practices for IT security. The SecurityBridge Platform provides SAP customers with a holistic solution to detect vulnerabilities, identify missing security patches, and create alerts when a nefarious but anonymous user is posing a threat. Even the examination of our customers’ own developments is covered. All of which leads to an increase in the SAP data security posture.

Adding another ingredient to SAP Data Security

All IT security experts know, however, that there’s still a risk that a cyber-attack could successfully enter the IT perimeter. Some of them might remain hidden for quite a while, like successful Log4J intrusions, until they’re used as “backdoor” for data leakage. So, wouldn’t it be great to have an additional and independent layer for SAP data security which prevents the unauthorized use and distribution of the captured data?

The key success factor for this is, to always work with encrypted data. While encryption for data at rest and data in transit are already widely used techniques, encryption of data in use is leveraging solutions that have reached maturity in the last couple of years. That’s why companies must adopt a Digital Rights Management platform and integrate it with all their egress points used in their enterprise applications and platforms.

SAP is the most important enterprise business application, and provides several data export functions, so SAP users can download data e.g., directly into an Excel spreadsheet. However, while the data is protected in SAP, that protection is lost when on downloading. While the monitoring of the SecurityBridge platform is equipped with special sensors that inform about data exfiltration and even reports anomalies e.g., extraordinarily large data extraction, SAP data can leave the secure system area through uncontrolled application features, like data downloads and similar egress points.

How to protect SAP data, outside of SAP?

We asked our customers how they can continue to protect their SAP data once it’s left their SAP system. Is there a way to map the SAP security profile to any data downloaded from SAP and used e.g., in various Microsoft Office applications? SECUDE provides an answer specifically to this question.
Microsoft Information Protection (MIP), as the most visible Digital Rights Management platform on the market, that can help protect this exported data and files from SAP. However, the existing efficient user workflows are only preserved with a deep SAP integration and an automated approach for mapping the SAP security profile of the corresponding data to the appropriate MIP protection template.

SECUDE HALOCORE provides this automated integration of MIP into SAP environments. The solution is triggered by SAP functions that expose data beyond the system boundaries and retrieves all relevant SAP business metadata for an attribute-based classification on-the-fly. Once the data classification is determined, the corresponding MIP protection template is applied, and the file is seamlessly sent to the SAP frontend or web UI.

With this approach the SAP user experience is fully preserved and in addition the SAP data security profile is now enforced in Microsoft Office or Adobe Acrobat Reader. For special engineering and supply chain use cases, SECUDE provides dedicated MIP-clients for CAD applications which allow users to work with native MIP-protected CAD files.

This blog article was written jointly by Holger Hügel from Secude and Christoph Nagy from SecurityBridge.

Posted by

Till Pleyer
Share on linkedin
Share on twitter
Share on email
Find recent Security Advisories for SAP©

Looking into securing your SAP landscape? This white-paper tells you the “Top Mistakes to Avoid in SAP Security“. Download it now.

Webinar: Why is SAP Security Patching not like Windows Updates?

The webinar, taking place on 05.10.2022, is all about SAP Patch Management and its challenges. The German-speaking SAP User Group (DSAG) and the American colleagues of ASUG asked why SAP security patching cannot be as simple and effective as, for example, Windows updates.

SecurityBridge at the DSAG Annual Congress 2022: How to protect SAP systems during these times

Together with its partner, Fortinet, the SAP Security specialist company will present how to close the gap between SAP and network security in Leipzig.
S/4HANA migration
SAP Cybersecurity- SAP Security Automation- Security News
“There are a few constants in life” – a statement that also applies to the SAP user community. It has always been a challenge for SAP customers to bring their large SAP environments to a current release level. Although the vendor has done a lot in the past to simplify this, it is still not a complex undertaking.
SecurityBridge
Here at SecurityBridge, we are extremely lucky to have a team full of amazing professionals. Thanks to our team, we have achieved extraordinary things in the past couple of years. With that in mind, we thought it was time for us to start introducing you to the team that drives everything behind the scenes. And we couldn't have chosen a better example to start with than our very own, Harish Dahima! Read on and learn all about Harish's life as a Senior Product Developer, his role, and life at SecurityBridge.
SAP Cloud Connector
SAP Cloud Security- SAP Cybersecurity- Security News
Every organization constantly faces the challenge of minimizing the attack surface that an adversary could use to perform malicious operations. To do this, administrators must install the deployed components and understand them in detail to identify risks and proactively mitigate or prevent those. Today we are looking at what is necessary to protect the SAP Cloud Connector.
SAP Cycling event
Life at SecurityBridge- Partner News- Security News
It was John F. Kennedy who once said: “nothing compares to the simple pleasure of a bike ride”. And what a pleasure it has been! We had our annual bike ride with friends from Accenture, Deloitte, CGI, McCoy, Thales, KPN, Hunt &Hacket, and security leaders from major customers. We had a lot of opportunities for exchange in the cozy atmosphere among like-minded people who all love road cycling and have SAP Security improvement in mind.