Executive summary

For The CIO

Synopsis:

As data is critical part of the digital transformation journey, CIOs should think beyond IT and embed data protection as part of the IT strategy. Data security should be tightly integrated with the overall IT Strategy and a key component of the IT roadmap.

Digital Data Security is at the top of the agenda for most CIOs

In today’s digital world, data leaks are at an all-time high that cause organizations dearly. Over the past 10 years, more than 300 data breaches have involved the theft of 100,00 or more records (Forbes). 

Losing intellectual property and misusing sensitive information is one of the highest business risks CIOs need to address. 

Protecting sensitive data requires far more than just implementing perimeter security solutions. It is being increasingly understood that most attacks occur through internal access and export capabilities.  

This issue is more critical today than ever before as governments and statutory organizations are strictly enforcing data security and privacy through stringent regulations such as GDPR. 

SAP standard functions do not suffice

SAP systems are particularly vulnerable to such attack vectors. Every SAP user can export data, which he or she has access to out of SAP without any restrictions.

Unfortunately, SAP standard functions (Security Audit Log) only log data export after it has taken place. That does not prevent data leakage. The intellectual property is already lost.

The view that the SAP standard role and authorization concept sufficiently protects critical SAP data is widespread, but not accurate.

What must CIOs do?

Multiple technologies and practices are required to implement Zero Trust and this includes Data Loss Prevention (DLP)Multi-factor Authentication (MFA), Least Privilege Access, Encryption and Enterprise Digital Rights Management (EDRM).   

EDRM technology is a combination of identity and access management, encryption and data usage control

EDRM-protected content is encrypted and coupled with a protection policy that specifies usage permissions for different users and user groups, such as view, edit, download, print, save or forward. 

For a user to access protected content, authentication is needed. Based on the identity, the user is granted permissions in accordance with the protection policy based onMicrosoft  Information Protection (MIP). 

As a valued partner of SAP and Microsoft, SECUDE  offers effective data-centric solutions based on MIP for all data downloaded from SAP systems. 

SECUDE helps CIOs across the world towards securing their critical SAP data. 

HALOCORE offers effective protection of intellectual property and sensitive SAP data by controlling SAP exports and encrypting extracted documents with Microsoft Information Protection. 

HALOCAD is the only solution to apply Microsoft Information Protection (MIP) for securing priceless CAD files outside of shielded Product Lifecycle Management (PLM) repositories throughout their life cycle, even beyond the company’s IT boundaries. 

Control your SAP data exports and prevent insider attacks