Blog

Valuable SAP Security Knowledge

Data breach by National Health Service reconfirms that systemic data leaks is an often overlooked security issue

The latest incident of data loss by the National Health Service in the UK reconfirms that data leaks needn’t always be man-made. With increasing reliance on automation and system-to-system communication, it is imperative that organizations constantly monitor data flows.

Read more

Security risk USB stick – This is how SAP customers protect themselves against data loss and malware

As long as unencrypted USB sticks with Heathrow Airport airport security data are found on London's streets, it is clear that the security risk posed by lost smartphones and flash drives is still significantly underestimated. We show what companies can do to prevent data misuse.

Read more

The seven colors of the insider threat rainbow

SECUDE has come to learn a sad fact. Those responsible for the safety and security of their companies data (IP) often fail to comprehend a serious risk that stares at them straight in the face – malicious insiders. There are media articles galore on this danger, but not many seem to learn the lesson.

Read more

Business leaders must look beyond national boundaries, says Dr. Kromer

The Chairman and Managing Director of SECUDE, Dr. Heiner Kromer, was recently at the University of Lucerne to promote the department of International IT Management at the University of Lucerne. Here is an exclusive interview with Dr. Kromer. The interviewer is Dr. Bernhard Haemmerli - Professor, Lucerne University of Applied Sciences and Gjøvik University College.

Read more

A perspective on SECUDE-Microsoft relations – The story of HALOCORE

Philipp Meier is the Vice President of Research & Development. He has been at the core of developing HALOCORE and is thus privy to HALOCORE-Microsoft relations since the beginning. This is his perspective on HALOCORE - the decisive DLP solution that SAP users need.

Read more

How do you naturally integrate SAP and Microsoft’s Azure Information Protection?

HALOCORE finds mention in Microsoft’s application support website due to its innate capability to apply classification and protection leveraging Microsoft’s Azure Information Protection policies for SAP downloads on demand and fully automated.

Read more

No cog too small: Data security in Materials Management

Information, such as pricing, inventory management and consumption-based planning, that is included in SAP Material Management need to be protected. Often access to such complex and sensitive material data is unregulated based on the quoting procedures and exports of such information are frequent.

Read more

A lesson from the Facebook-Cambridge Analytica Affair

It now known to the entire world, and not just Facebook users, that data of over 50 million accounts have been misused in direct violation of agreed terms between the Social Media giant and ‘integrated’ third-party applications. This could have been avoided had proper ‘safeguards’ been taken.

Read more

Why reinvent the wheel? Leverage existing investments in data security with a difference

CISOs are increasingly investing in robust data security solutions, such as DLP, assuming that their organization’s data will be perfectly secure. Most DLPs are content-based solutions that function based on key words. While it might seem secure, they could lead to complications, such as 'false positives’ and ‘false negatives’, maybe even leading to permitted data being blocked and unauthorized data passing through the security filter.

Read more

Students should take risks when getting into jobs & aspire for IT security experience: Dr. Kromer

“Students should take risks and join smaller companies as they offer much wider and deeper experience than enterprise environments,” says Dr. Heiner Kromer, Chairman, SECUDE, in his key note address at the inauguration of the IT Security Department at the University of Luzern, Switzerland, on 22nd February 2018. Here is the transcript of his presentation.

Read more

How not to give business to the business of cyber crime

McAfee and the Center for Strategic and International Studies recently published a report titled ‘Economic Impact of Cybercrime - No Slowing Down’. The report categorically states the scary real world scenario of increasing cybercrime, often by governments and government sponsored actors.

Read more

Securing communication in a non-VPN China

In January 2017, Chinese President Xi Jinping ordered the Internet to be cleansed of free VPN access by March 2018. Going by the progress of things in the country, they are ready to impose the ban by the end of February. In such a scenario, how can companies secure data in China?

Read more

Security risk as a USB stick – This is how SAP customers protect themselves against data loss and malware

As long as unencrypted USB sticks with Heathrow Airport airport security data are found on London's streets, it is clear that the security risk posed by lost smartphones and flash drives is still significantly underestimated. We show what companies can do to prevent data misuse.

Read more

How do you secure data against Industrial Espionage?

Intel, recently, admitted that the majority of processors running in all devices have an inherent weakness making them susceptible to espionage. This isn't surprising as embedded electronic espionage has been in vogue since World War 2. However the key question that businesses need to ask is: Can data be protected?

Read more

Context-aware Data Loss Prevention

In contrast to content-based Data Loss Prevention (DPL) software, context-aware DLP solutions have the ability to discern the context of the data flow (to and from) and the user. Thereby they enable CISOs to leverage existing investments in SAP data security.

Read more

Data exports – The big security risk

Most business processes are not limited to SAP. Sensitive data is exported by users using Microsoft Office applications – a risk that is clearly underestimated. In this article, Holger Hügel (VP, Products and Services), explains inherent risks in data sharing.

Read more

We go beyond traditional data leak prevention functionality: Dola Krishna

Organizations are increasingly going ‘Digital’. But this is not without its due share of challenges, especially when it comes to data security. In this interview with Express Computer, Dola Krishna (Director - Sales) shares his thoughts on solutions that are more robust than standard content-based DLP solutions.

Read more

Compromised data is compromised security

The news media recently carried the story of a lost USB stick found on a London street - innocuous enough, except that the stick contained extremely sensitive information on infrastructure security and travel routines of dignitaries, etc. One of the fundamental questions is: Could theft of such information be avoided?

Read more

Data security in times of SAP S/4HANA

In an interview with the E-3 magazine, Andreas Opfer and Holger Huegel describe how companies can leverage the architectural changes that are associated with SAP S / 4 HANA in order to raise the data security level.

Read more

Success Factor data classification

The SAP specialist magazine, E3, recently published a series by SECUDE on SAP data security. In this article, the author Holger Heugel (VP, Products and Services), shares his perspectives on data classification in context to SAP data security. This article is part of a series published by the magazine.

Read more

Complete digital interconnection through IOT is the way forward for global businesses – But be wary

Over the past few decades, Digital has been considered a key enabler in business and operations. In this regard, in January 2017, SAP launched SAP Leonardo. With a singular focus on levering ‘Things’ for superior business ‘Outcomes’, SAP Leonardo promises a revolution. But there may be a few things to keep in mind…

Read more

Is your automated, policy-based machine-to-machine communication secure? Think again!

Digital transformation has catalyzed a significant shift in application integration and data distribution models. To effectively protect intellectual property and personal data, and thus, to meet the requirements of the new European Data Security regulation – GDPR, new solutions need to be considered.

Read more

Do you have Microsoft Azure Information Protection? What stops you from using it?

Does your organization use Microsoft Azure Information Protection to protect critical documentation and files? Do all your employees use it effectively? What stops them? Is it because they feel that the extra effort of applying a protective layer hampers their workflow? Too many questions, right? Here is a solution.

Read more

Number of data breaches has gone up, but data security is still not top priority

On 24th July, NBC News published a rather statistic heavy report by ITRC that presented a paradoxical picture. While on one end, the frequency of data breach in the US has “jumped 29% in the first half of this year”, on the other “cyber security still doesn’t get the respect it deserves”. Strange, but true!

Read more

GDPR is around the corner. Are companies really prepared?

A recent study by Veritas Technologies reveals startling facts about the level of preparedness by companies, especially in Germany. While CISOs and CTOs may state their level of readiness being on track, certain fundamental issues are still, scarily, left unanswered. And the leadership is often clueless about this.

Read more

Companies realize that they are unprepared for GDPR

Why should enterprises simplify timely provision of data? GDPR requires companies to localize and provide personal data on request to clients and users within stipulated time. But many, if not most, are unprepared. There are many reasons. Missing Processes For Data Classification is one such. What should companies do?

Read more

Dark Web augments insider threat for organizations

The Dark Web is not only a trading place for stolen passwords and weapons, but also for sensitive company data and insider knowledge. Read why the Dark Web further increases the risk of insider attacks and what actions companies should take to counter it.

Read more

What does Design Thinking have to do with data security?

Have you heard of the concept called Design Thinking? Yes? No? Okay. Its evangelists define it as “a proven and repeatable problem-solving protocol that any business or profession can employ to achieve extraordinary results.” Okay. But what does ‘Design Thinking’ have to do with data security? A lot. Really.

Read more

The core of digital banking is data. But how secure is the core from a meltdown?

Touching lives at every milestone. The Banking and Financial Services Industry is perhaps the only industry that touches lives consistently and Digital Banking enables this. Such digital capabilities also carry immense risk. Just imagine if customer data is lost or stolen. The consequences are familiar.

Read more

What’s the penalty for losing a 100-million strong customer database?

Have you read the recent article by Warwick Ashford (Security Editor, ComputerWeekly.com) on the settlement that US retail giant Target paid for the 2013 data breach? Well, on records, it summed up to $220 million including legal fees and other associated costs. Maybe more. But what is key is - how did the data get out?

Read more

5 steps to implement a successful data classification policy

Many organizations recognize that protecting sensitive information is a critical part of business operations and are now taking steps to ensure strong data protection strategies are integrated into everyday business activities. However, many companies fail to identify the sensitive of data they are trying to protect.

Read more

Beware of the gap!

"[…] If you’re not thinking holistically, not looking at a system-wide approach to SAP cybersecurity, you’re just not doing enough." says Josh Greenbaum in his article ‘SAP, Cybersecurity and You’. That is the key - holistic thinking when it comes to SAP Data security. Unfortunately, not many security practitioners do so.

Read more

Protecting corporate information in the SAP data security space

Data within the confines of SAP are secure. But it becomes exposed when users extract them from SAP systems for reporting and sharing. Everyday, vast volumes of data are extracted from a SAP system, increasing the risk of loss and theft. Securing such data, unfortunately, does not seem a priority for companies.

Read more

Close your SAP security gaps now and let business run.