Data breach by National Health Service reconfirms that systemic data leaks is an often overlooked security issue
When it comes to regular protocol based data flows, there is a real need to constantly monitor what flows in and out
Coding error or a malicious insider job, lost data is just that – its lost.
The recent reports cross the global media of yet another data breach by the National Health Service in the UK – this time about 150,000 records of patients who had categorically opted ‘out’ of sharing their medical details for research purposes – yet again drives home the fact that data breach continues to be a nightmare whether it is by human design or automated.
Reports state that the breach happened “through a coding error in the software used by General Practitioners (GPs)”. It seems that the records, collected for over three years, were recorded as per protocol, but NHS “never received the details”.
While most data security practitioners and organizations conduct post mortems, not many seem to spend enough time or take efforts to understand that leaks, such as this, happen not through an open door, but through a mouse hole or even a crack in the wall.
Their stand is “it will not happen to me”.
Know what’s flowing into and out of your ‘secure’ landscape
Due to complexity in today’s system landscapes it is virtually impossible to effectively monitor and control data communication, especially dynamic protocol-based machine-to-machine communication.
In order to effectively protect data, such as patients’ medical records as in this example, and to effectively comply with data security regulations organizations need a solution that allows them to monitor and control any unauthorized data export. Organizations must be able to specify all relevant details of data exports from their SAP systems – who, what, where, when and, if possible, why. For this, granular authorization policies are required, which further refine existing access rights. Automated data classification should also be ensured specifying what information should and what should not be processed further by users and applications.
In order to monitor the communication between systems, intelligent integrated technologies are also required to support current protocols such as RFC or Web service. Such technologies should automatically alert security officers to unusual data outflows and report details to a fine level.
Control back-end data streams
HALOCORE MONITOR’s Data Stream Intelligence (DSI) feature provides monitoring and classification of data flow (RFC, IDOC, Webservice) between SAP systems and the connected satellite systems. It extends HALOCORE® MONITOR’s capabilities to scan ‘machine-to-machine’ background communication through various SAP APIs for integrating with other business applications. Enterprises gain insights into ‘invisible’ SAP application activities and, thus, significantly reduce their IT security risk.
For more information, you can read about HALOCORE here.