Blog
Valuable SAP Security Knowledge
Why CEOs Should Worry About Data Leaks
CEOs are aware that losing IP and data devastates brand, business reputation and finally the entire company. But only a few are committed to a cyber security strategy for protecting their digital assets. When the CEO’s skin is in the game why do they fall short?
Read more
How to ascertain suspected data leak from the IT landscape?
Wipro, the India-based IT giant, is in the news for a major breach of its systems. An advanced phishing attack has enabled hackers, possibly government sponsored, to use Wipro’s network to ‘listen’ to information exchanges with customers and external vendors. Is there a way to thwart data leaks right at the beginning? What should be done?
Read more
The Simple Printer: Innocuous Office Tool or Source of Silent Data Leak?
The innocuous office printer is a seemingly simple corporate device of everyday use. Despite stringent ‘go-green’ and ‘paperless office’ initiatives printing will continue to be. But what comes out needn’t be authorized printed documents. They may also be vital intellectual property or other sensitive information. It’s time IT Managers look beyond mere maintenance issues.
Read more
Why invest in a new CAD file security solution when you can leverage your investment in Microsoft AIP
Manufacturing companies create and manage their IP based on CAD drawings that are often shared outside the organization. The risk of losing this IP is significant. Is there a solution to secure your CAD files without any major additional expense? Watch this brief demo to know how.
Read more
Data-centric security: Protecting the lifeblood of your business
It is high time that data security practitioners – CIOs, CISOs and, indeed, even business leaders take a long and hard look at their IT security practices. If it does not include data security to a large degree, they have just left their treasure chest wide open.
Read more
Data breach in Germany: Who will pay the GDPR fine this time?
Germany seems to be in the news for wrong reasons. The country paid its first GDPR fine recently. Now a major data breach in the country has potential to create a political furor. It is time the political, the public and all classes in between take a serious look at data security.
Read more
SAP and Oracle applications are increasingly being targeted by hackers
Cyber security companies and the US Department of Homeland Security warn of an increasing number of hidden hacker attacks on vulnerable SAP and Oracle applications which provide unrestricted access to systems.
Read more
Germany’s first GDPR fine: Understanding what is important
Over a month ago the data protection authority of Baden-Württemberg imposed the first fine for violation of GDPR. This clearly means that companies' honeymoon period is over. It is time they pull up their socks and get to work in meeting the regulation's requirements.
Read more
Complying with HIPAA – The HALOCORE way
The recent report about an ex-employee’s access to e-PHI data of a leading Colorado-based medical center raises another important question in addition to robust access control: How to protect data that egress an organization’s enterprise landscape?
Read more
Hospitality doesn’t pay; Robust data security does: What Marriott should have done at the outset
PII of around 500 million(!) guests at Marriott hotels has been compromised. The cause of this is due to unauthorized access within its network since 2014. Could this have been averted as early as 2010 when it switched to SAP ERP?
Read more
From university to industry: A few perspectives from Philipp Meier
Through this brief post, Philipp Meier, Vice President (Research & Development) shares his thought on the values of industry-university connect after the recently inaugurated bachelors programme in Information and Cyber Security.
Read more
Insider threat could be insidious to regional stability
The recent arrest of a BrahMos Aerospace engineer highlights the need for organizations, private and government-run, dealing with sensitive military technologies to up their data security best practices. When it comes to national security, best may not be best enough.
Read more
Bridging Technology Landscapes for Enhanced Data Security: A Microsoft Case Study
“HALOCORE provides effective classification and protection of sensitive data by controlling SAP exports and encrypting extracted documents... Deploying HALOCORE at Microsoft helps us keep our company more secure and compliant,” says Shalini Gupta, Principal Privacy Lead at Microsoft. Read the brief case study to know more.
Read more
Four steps to spot and stop data theft in your SAP landscape
Outsider threats, while still an important consideration in cyber security, account for only 40% of malicious attacks on your system while 60% potentially come from trusted insiders. Here are 4 important steps to keep in mind.
Read more
A stable SAP data security policy is imperative to implement GDPR
SAP customers are concerned about identification of data in the SAP system, their pseudonymisation in copies of the production system, and timely information, blocking and finally deletion of user data. This is what users should keep in mind.
Read more
Reuters article on hackers highlights basic question overlooked by CIOs
A startling research report highlighted by a recent Reuters article on SAP data security reveals that attacks by hackers targeting large ERP software, such as SAP, are at an alarming raise and that many large corporates are falling victim. The reason for this is due to an obviously overlooked issue: Lack of importance to data security.
Read more
Data breach by National Health Service reconfirms that systemic data leaks is an often overlooked security issue
The latest incident of data loss by the National Health Service in the UK reconfirms that data leaks needn’t always be man-made. With increasing reliance on automation and system-to-system communication, it is imperative that organizations constantly monitor data flows.
Read more
Security risk USB stick – This is how SAP customers protect themselves against data loss and malware
As long as unencrypted USB sticks with Heathrow Airport airport security data are found on London's streets, it is clear that the security risk posed by lost smartphones and flash drives is still significantly underestimated. We show what companies can do to prevent data misuse.
Read more
The seven colors of the insider threat rainbow
SECUDE has come to learn a sad fact. Those responsible for the safety and security of their companies data (IP) often fail to comprehend a serious risk that stares at them straight in the face – malicious insiders. There are media articles galore on this danger, but not many seem to learn the lesson.
Read more
Business leaders must look beyond national boundaries, says Dr. Kromer
The Chairman and Managing Director of SECUDE, Dr. Heiner Kromer, was recently at the University of Lucerne to promote the department of International IT Management at the University of Lucerne. Here is an exclusive interview with Dr. Kromer. The interviewer is Dr. Bernhard Haemmerli - Professor, Lucerne University of Applied Sciences and Gjøvik University College.
Read more
A perspective on SECUDE-Microsoft relations – The story of HALOCORE
Philipp Meier is the Vice President of Research & Development. He has been at the core of developing HALOCORE and is thus privy to HALOCORE-Microsoft relations since the beginning. This is his perspective on HALOCORE - the decisive DLP solution that SAP users need.
Read more
How do you naturally integrate SAP and Microsoft’s Azure Information Protection?
HALOCORE finds mention in Microsoft’s application support website due to its innate capability to apply classification and protection leveraging Microsoft’s Azure Information Protection policies for SAP downloads on demand and fully automated.
Read more
No cog too small: Data security in Materials Management
Information, such as pricing, inventory management and consumption-based planning, that is included in SAP Material Management need to be protected. Often access to such complex and sensitive material data is unregulated based on the quoting procedures and exports of such information are frequent.
Read more
A lesson from the Facebook-Cambridge Analytica Affair
It now known to the entire world, and not just Facebook users, that data of over 50 million accounts have been misused in direct violation of agreed terms between the Social Media giant and ‘integrated’ third-party applications. This could have been avoided had proper ‘safeguards’ been taken.
Read more
Why reinvent the wheel? Leverage existing investments in data security with a difference
CISOs are increasingly investing in robust data security solutions, such as DLP, assuming that their organization’s data will be perfectly secure. Most DLPs are content-based solutions that function based on key words. While it might seem secure, they could lead to complications, such as 'false positives’ and ‘false negatives’, maybe even leading to permitted data being blocked and unauthorized data passing through the security filter.
Read more
Students should take risks when getting into jobs & aspire for IT security experience: Dr. Kromer
“Students should take risks and join smaller companies as they offer much wider and deeper experience than enterprise environments,” says Dr. Heiner Kromer, Chairman, SECUDE, in his key note address at the inauguration of the IT Security Department at the University of Luzern, Switzerland, on 22nd February 2018. Here is the transcript of his presentation.
Read more
How not to give business to the business of cyber crime
McAfee and the Center for Strategic and International Studies recently published a report titled ‘Economic Impact of Cybercrime - No Slowing Down’. The report categorically states the scary real world scenario of increasing cybercrime, often by governments and government sponsored actors.
Read more
Securing communication in a non-VPN China
In January 2017, Chinese President Xi Jinping ordered the Internet to be cleansed of free VPN access by March 2018. Going by the progress of things in the country, they are ready to impose the ban by the end of February. In such a scenario, how can companies secure data in China?
Read more
Security risk as a USB stick – This is how SAP customers protect themselves against data loss and malware
As long as unencrypted USB sticks with Heathrow Airport airport security data are found on London's streets, it is clear that the security risk posed by lost smartphones and flash drives is still significantly underestimated. We show what companies can do to prevent data misuse.
Read more
How do you secure data against Industrial Espionage?
Intel, recently, admitted that the majority of processors running in all devices have an inherent weakness making them susceptible to espionage. This isn't surprising as embedded electronic espionage has been in vogue since World War 2. However the key question that businesses need to ask is: Can data be protected?
Read more
Context-aware Data Loss Prevention
In contrast to content-based Data Loss Prevention (DPL) software, context-aware DLP solutions have the ability to discern the context of the data flow (to and from) and the user. Thereby they enable CISOs to leverage existing investments in SAP data security.
Read more
Data exports – The big security risk
Most business processes are not limited to SAP. Sensitive data is exported by users using Microsoft Office applications – a risk that is clearly underestimated. In this article, Holger Hügel (VP, Products and Services), explains inherent risks in data sharing.
Read more
We go beyond traditional data leak prevention functionality: Dola Krishna
Organizations are increasingly going ‘Digital’. But this is not without its due share of challenges, especially when it comes to data security. In this interview with Express Computer, Dola Krishna (Director - Sales) shares his thoughts on solutions that are more robust than standard content-based DLP solutions.
Read more
Compromised data is compromised security
The news media recently carried the story of a lost USB stick found on a London street - innocuous enough, except that the stick contained extremely sensitive information on infrastructure security and travel routines of dignitaries, etc. One of the fundamental questions is: Could theft of such information be avoided?
Read more
Data security in times of SAP S/4HANA
In an interview with the E-3 magazine, Andreas Opfer and Holger Huegel describe how companies can leverage the architectural changes that are associated with SAP S / 4 HANA in order to raise the data security level.
Read more
