Is your automated, policy-based machine-to-machine communication secure? Think again!
Due to complexity in today’s system landscapes it is virtually impossible to effectively monitor and control data communication, especially dynamic protocol-based machine-to-machine communication.
For many companies, the ‘all-in’ strategy for ERP has been long replaced by a hybrid approach. Today, specific ‘on premise’ and ‘cloud’ solutions from third-party vendors extend the scope of the ERP systems in a straightforward way. The SAP ecosystem, for example, has complete application framework that has been developed to integrate multiple business applications via data exchange mechanisms. Data transfer can be initiated both by SAP applications and by external applications that support standard SAP data transfer protocols such as Remote Function Call (RFC) or Web Service. In addition, to improve user friendliness, web portals have been increasingly used over the recent years, which can be adapted to business-specific applications as the need may be. This evolving development of the corporate architecture is leading to a shift in application integration and distribution of data. The ability to monitor and control data flows in SAP applications, especially exports, is therefore a critical success factor for ensuring IT data security.
New data security act increases pressure on companies to put their ‘act’ together
For many companies, it is no longer just nice to know the vulnerabilities of their company and personnel data. Compliance requirements, in particular the EU centric GDPR, require profound knowledge on the use and processing of sensitive and personal data across all company applications. However, due to the complexity of today’s system landscapes, whether organically grown or specifically designed, it is virtually impossible to effectively monitor and control data communication, especially dynamic protocol-based machine-to-machine communication. Many systems, where sensitive data are kept, adhere to only a very sketchy allocation of rights. For example, transfer controls are usually not configurable separately from the access control.
A real need to control SAP data exports and M2M communication
In order to effectively protect intellectual property and personal data, and thus, to effectively comply with data security regulations, such as GDPR, companies need a solution that allows them to monitor and control any unauthorized data export. Companies must be able to specify all relevant details of data exports from their SAP systems – who, what, where, when and, if possible, why. For this, granular authorization policies are required, which further refine existing access rights. Automated data classification should also be ensured specifying what information should and what should not be processed further by users and applications. This would help maintain (or even increase!) business processes.
In order to monitor the communication between applications, intelligent integrated technologies are also required to support current protocols such as RFC or Web service. Such technologies should automatically alert security officers to unusual data outflows and report details to a fine level.
Bridging the gaps – The SECUDE way
SECUDE is an international provider of innovative IT data protection solutions for SAP customers. The company is the only supplier worldwide to combine the security features of SAP with those of Microsoft through HALOCORE®. HALOCORE® is a unique solution for controlling and protecting intellectual property and personal data that are exported from SAP. HALOCORE® not only meets GDPR requirements, but shuts the door to security breaches. By integrating directly with SAP, HALOCORE® audits all SAP data exports and streams using an automated classification engine to block unauthorized downloads and to protect authorized exports outside of SAP.
This innovative approach allows enterprises to maintain a high level of control and security over sensitive documents extracted from SAP throughout their lifetime, even if these have been shared via email, downloaded to a recipient’s PC or mobile device, or taken from temporarily saved spool jobs.
With technologies, such as Data Stream Intelligence, HALOCORE also ensures seamless monitoring of data flows between SAP and the connected satellite systems. This gives companies the necessary insights into ‘invisible’ SAP application activities thus, reducing the risk of data misuse and ensuring compliance with regulations such as GDPR.
For more information, you can read about HALOCORE here.