For The CIO
Data risks come in multifarious forms: Insiders have the easiest access to data and, without control, the best chance to leak it.
Losing intellectual property and misusing sensitive information is one of the highest business risks CIOs need to address. It is being increasingly understood that most attacks occur through internal access and export capabilities. This issue is more critical today than ever before as governments and statutory organizations are strictly enforcing data security through stringent regulations such as GDPR.
SAP standard functions do not suffice
SAP systems are particularly vulnerable to such attack vectors. Every SAP user can export data, which he or she has access to out of SAP without any restrictions. Unfortunately, SAP standard functions (Security Audit Log) only log data export after it has taken place. That does not prevent data leakage. The intellectual property is already lost.
The view that the SAP standard role and authorization concept sufficiently protects critical SAP data is widespread, but not accurate.
What must CIOs do?
The first step is to expand the existing security concept such that unauthorized data exports from SAP is automatically prevented. In order to implement this necessary risk protection it is essential to be fully cognizant about the data that is being downloaded in the first place and, then, to take appropriate action based on policy applicable on the user – block or protect.
We, at SECUDE, understand the CIO’s world. We partner with CIOs across the world towards securing their critical SAP data.