Minute Read: 4 minutes

Do you use a Zero Trust Strategy when you relocate your sensitive files to another location?

We are all too familiar with the ongoing war between Russia and Ukraine. Amidst this crisis, the deputy chief of Ukraine’s state service of special communications and information protection Victor Zhora quoted that his department was planning for a contingency to be ready for any Russian threat to seize sensitive government documents.

While their initial protection plan was to safeguard the IT infrastructure within Ukraine, should there be a necessity then they had plans to move their critical data out of Ukraine. This would involve either the physical transport of servers and removable storage devices or the digital migration of data from one service or server to another.

Their main concern is that if Russia wanted to control Ukraine, then it could try possessing Ukrainian government databases and intelligence files which could be doctored by them for various propaganda. It is not only during a war that businesses should be prepared.

They should be always prepared especially when moving their sensitive data to another location due to business reasons, shifting, or sharing information with another organization for business purposes.

Why adopt a Zero Trust Strategy?

Following the Russian invasion of Ukraine, cyberattacks on businesses and government agencies have increased manifold. Potential targets include critical infrastructures such as financial services, governments, manufacturing, and utility industries.

Several hours before the launch of Russian missiles, Microsoft’s Threat Intelligence Center (MSTIC) detected offensive and destructive cyberattacks directed against Ukraine’s digital infrastructure.

As a spillover, some ransomware, data leaks, and other disruptive activities affecting entities in other countries haves occurred. There is more chance that cyberattacks may not be restricted to Ukraine alone as they can quickly spread across borders.

According to Accenture’s “Global Incident Report: Russia Ukraine Crisis, March 17, 2022” the top three industries threat groups have targeted were manufacturing, financial services, and Wholesale.

Businesses should be motivated to improve their protection, preparation, and improve its resilience in the face of breaches. In such situations, the best strategy would be to adopt a security posture based on Zero Trust.

What is Zero Trust?

A Zero Trust policy or strategy hinges on enforcing least privilege access and ensures users do not have more permissions than are needed to complete their job. Effective access control is the key consideration in enforcing a Zero Trust strategy.

With cybersecurity risks growing and increasing day by day, instead of making all services available to all users and then locking them down, no access is granted at all unless it is specifically and deliberately given.

Zero Trust uses the principle of micro-segmentation to break up security perimeters into smaller zones to create separate access points for separate parts of the network. While access is given to one zone, access to other zones requires separate authentication. In Zero Trust policies are often set to give users the least amount of access needed to complete a task.

Therefore, it becomes important that as a business organization when your employees have to work remotely or share files with third-party vendors or suppliers, share or relocate information to another place, it is best to adopt a Zero Trust strategy.

This is especially important when design files or sensitive information from SAP systems are moved from one location to another, or shared from one source to another source as a service or exchange of information.

Zero Trust with SECUDE and Microsoft

SECUDE together with Microsoft offers a solution that addresses making Zero Trust security a reality for files stored in SAP/CAD-PLM systems.

Automated protection of CAD files shared across the supply chain

All companies working with CAD designs, blueprints, and other product data are managing them mainly in a Product Lifecycle Management (PLM) system, but require them locally on the frontend workstation to edit them. In addition, when they collaborate with their suppliers, they need these files on their workstations too.

In all these cases these files are not protected once they leave the PLM repository. SECUDE HALOCAD provides automated MIP protection whenever a CAD file or assembly leaves the PLM. In addition, the CAD application should be able to open MIP-protected files.

SECUDE HALOCAD also provides a plug-in for various CAD applications, allowing them to open MIP-protected files and to enforce the user privileges defined by the MIP- template.

Automated MIP protection for the structured data when downloaded/exported from SAP

Most companies worldwide are managing their core business processes with SAP applications and store all their business-critical data (like finance, HR, CRM) in SAP systems. However, SAP users often download data out of SAP as a copy and use it within Office files (mainly Excel).

As the SAP security system only works within SAP, these downloaded / exported files are not protected. SECUDE HALOCORE provides automated MIP protection before the data leaves the SAP system.

It leverages the SAP business process metadata / attributes to identify the required data classification and to map the SAP data security profile to the corresponding MIP template. So, only the users, who have access to the data in SAP, have access to the downloaded data.


As complexities grow and uncertainties around cybersecurity exist, businesses should start questioning the effectiveness of their current security framework and architecture.

A serious cyberattack can have a cascading effect similar to a natural disaster, knocking out essential infrastructure and creating a crisis. Businesses should rethink adopting a Zero Trust strategy to protect critical assets as time is running out.

To know how you can protect your critical assets in SAP and CAD systems with a Zero Trust strategy, do email us at .






Comments are closed.