Five SAP data protection scenarios where HALOCORE must be considered
An ERP, such as SAP, is ubiquitous and all-encompassing. The key value of such a platform is its ability to power operations across departments by enabling seamless data sharing. However, data that is being shared may also be misused and stolen. Here are five SAP data protection scenarios where HALOCORE must be considered.
Data is the essence of all business operations. Be it Human Resource, Financial documentation, Materials Management or Planning, the commonality between all these departments is that they share data. Enterprise Resource Planning (ERP) platforms enable various departments to talk to each other and exchange data between each other and authorized outsiders to drive operations. While this helps drive operations, on the flip side, there is the need to keep data secure at all times and in all hands.
Nowadays, organizations and their leadership are giving ‘due importance’ to data security. Unfortunately, they assume, often incorrectly, that traditional IT security practices of firewall, anti-virus along with password-protection practices would suffice. Nothing could be farther from the truth. It is well known that amongst the greatest threat to data is not from hackers and malware, but by trusted ‘insiders’ who may be at any level in the corporate from employees to the leadership. Securing data from theft and misuse is, naturally, a growing concern of CIOs and CISOs.
Here are five popular use cases of how data is secured in across departments in an SAP environment.
 Human Resources Department – 50 Users
- Ever–changing HR compliance laws such as OSHA and FSLA leave the company constantly at risk of violation due to lack of time and resources devoted to the growing challenges.
- Previous hacker attempt proves systems are susceptible to attacks and breaches.
- Unidentified employees regularly download and move compliance-regulated HR data from SAP without approval for unknown purposes on unprotected, unapproved systems, programs, and apps.
- No budget for third-party risk assessment team to identify and remedy vulnerable points in HR systems.
- Eliminate risks of compliance violations by ensuring the protection of all SAP HR systems data from external attacks, internal data leaks, and potential accidents.
- Track and monitor employee activities surrounding compliance regulated HR data.
Solution & Result
The organization installed HALOCORE. This allowed IT and HR managers to identify which employees are downloading information, what information is being downloaded, how often it is being done, where it came from and where it is going. Through enhanced auditing and logging features, the company now tracks movement and access to compliance sensitive HR data exported from SAP to adhere to state, federal and international regulatory and auditing requirements.
HALOCORE was also used in applying persistent protection to HR data to keep in compliance with OSHA and FSLA regulations. HALOCORE protection is based on Microsoft RMS policy and applies encryption directly to the data itself. HR specified policies are applied at every download so private data cannot be
accessed by anyone except for authorized employees. It does not interfere with productivity or workflow as it is integrated into SAP.
 Finance Department – 1000 users
- Network attack occurred where transactional information and confidential customer financial data was retrieved, copied, and publicized on the Internet.
- In direct violation of FDIC regulations, an employee accidentally shared confidential records to the wrong partner, exposing private customer data without proper notification to the customers.
- Due to a rise in intern groups uploading reports containing sensitive customer information to a cloud sharing drive for collaboration, company is at risk of violating SEC regulations.
- Ensure that confidential financial and customer data is protected at all times at all stages, no matter where it is stored or in use.
- Bring company wide awareness to governance, risk, and compliance issues and regulations that
- need to be addressed in day-to-day activities.
- Monitor all employee activity regarding sensitive data downloaded from SAP.
Solution & Results
HALOCORE was installed to apply data–centric protection to all data and documents as they leave SAP. All data is protected wherever it goes, whether in motion, in storage, on a laptop or mobile phone. In the event of a future network breach or cyber attack, all sensitive financial information will be protected with HALOCORE encryption. Unauthorized users cannot access the sensitive data regardless of where it is stolen from.
GRC extension was installed in addition to implementing a comprehensive GRC framework to mitigate risk, bring risk and compliance to the attention of employees, and maintain a high level of risk awareness throughout the company from the executive level down to middle management.
The Auditing feature of HALOCORE solution was used to gain full visibility into the download activities and data movement of employees. With the managers will be able to view what information is being extracted from SAP and where it is being sent and stored.
 Materials Management – 400 Users
- Access to complex and sensitive material data was unregulated based on the quoting procedures, exports of this information frequent.
- Recently hired 20 new SAP users to manage inventory, purchase orders, and consumption-based planning elements.
- Monitor and control the exported data from the Materials department.
- Develop a method to teach employees to properly secure confidential materials information.
- Show upper management a visual on progress made in securing materials information.
Solution & Results
HALOCORE uses classification and policies to limit who has access to what types of data. Materials Management data downloaded from SAP can automatically be classified for specific personnel eyes only, allowing quote requests to go only to the vendor responsible. Expiration timers can also control how long that information is accessible by the recipient.
HALOCORE’s user-friendly UI, allows employees to reinforce the best classification and protection selection or choose their own. The choice is logged for managerial auditing.
BO/BI Visuals Extension was used to creating a dashboard demonstrating how many materials downloads were protected vs. unprotected and this was tracked over the course of a time period to prove the efficacy of the security policy.
 Product Planning – 125 Users
- Competitor possesses great knowledge of current product specs that are still in R&D. Company’s competitive edge has been revealed and information is being leaked regularly.
- Identify the download activity specifically related to R&D to assess what needs to be carefully regulated.
- Limit what information can be pulled from the PP module based on the transaction code used.
- Work with a classification schema that tags highly confidential R&D information for a downstream management tool to secure.
Solution & Results
The Auditing Log feature within HALOCORE captures the attributes necessary to identify high-risk downloads of R&D material. Some such attributes are what file downloaded and the path, terminal, and IP address of the recipient, transaction code, table viewed, timestamp and so on. Filtering this to view only PP related transaction codes allowed for the customer to build a tagging schema that would classify high-risk data.
Using the native DLP functionality via a BAdl, the company was able to block the download of material using transaction codes they deemed highly sensitive from the auditing log. This was step one in their DLP plan.
Step 2 was to use a simple classification schema that tagged files at the point of download from SAP. With the classification in the metadata, the company was able to use its third-party security solution to manage classified files.
 SAP Crystal reports – 50 Users
- Small government contractor business utilizing the cost-effective Business Intelligence solution cannot afford to hire a CR developer.
- Security settings must be modified per report, per person, by a CR developer, and reset for every change that is made, increasing the risk of security loopholes, gaps, and mistakes.
- Secure sensitive data analysis and exports from CR for protected and compliant collaboration.
- Gain full visibility into sensitive data activity within Business Intelligence.
Solution & Results
HALOCORE was installed to apply context-aware, data–centric protection to all data and documents as they leave SAP. HALOCORE’s auditing log fully integrates with SAP Business Intelligence solutions and Crystal Reports, allowing users to create interactive dashboards for complete visualization of extracted sensitive data, as well as providing the audit trail necessary for compliance, showing that sensitive data is being controlled and regulated within the enterprise and within national and international compliance guidelines.
With HALOCORE, users can utilize data from activity logs to build Crystal reports, and upon export, HALOCORE can audit and block the exports if it is not within the set security parameters for the user, thus reducing the risk of unwanted information disclosure.
To know how SECUDE can protect your vital information, be it financial, IP, operations, customer or even about your employees, visit our HALOCORE page.