How to Identify What Sensitive Data is Leaking Out of Your SAP System

  • by Michael Kummer, President Americas, SECUDE
  • May 2, 2016
Every day users extract potentially business-critical information (such as personally identifiable information [PII], financial and sales figures, new product specifications, and much more) from SAP applications for the purpose of reporting, analytics, and collaboration. Access to data stored inside SAP applications is strictly regulated by roles and authorizations. However, data that can be viewed can typically be downloaded from SAP applications. Once the data has left the secure boundaries of the SAP system, it is at risk of being exposed to loss and theft. This is an often-overlooked gap that is complicated by the fact that SAP security teams have limited control over data outside the SAP environment.
Learning Objectives

Reading this article you will learn:

  • Why protecting your data inside your SAP system is not enough
  • The difference between content-sensitive and context-aware data protection solutions
  • What context-sensitive data protection means for SAP users
  • How to intercept data extracted from SAP applications
Key Concept

While business-critical data stored in an SAP system is sufficiently protected inside the secure boundaries of the SAP system, it becomes exposed when users extract that information from the SAP system for the purpose of reporting and sharing. Unknown amounts of data are extracted from an SAP system daily, increasing the risk of loss and theft. Legacy data protection solutions have gaps when it comes to protecting SAP data because they lack context that is only available inside the SAP system. New third-party solutions operating inside of SAP try to bridge this gap by leveraging context that helps classify and protect data before it leaves the SAP system.

If you are an SAP customer, chances are that some of your company’s most critical business data is securely stored inside SAP applications and its underlying databases.  Access to such data is carefully restricted through a complex permissions system. By relying on roles and authorizations, a company can very selectively grant access to certain data or subsets thereof, depending on the user requirements and their business role. SAP provides all the tools necessary to prevent or at least minimize unauthorized access to sensitive data stored in SAP applications. However, these tools are sometimes time-consuming and maintenance-intensive.

Problems arise when data leaves the secure boundaries of the SAP environment and suddenly ends up on users’ computers, emails, mobile devices, or unauthorized cloud storage (all part of today’s shadow IT environment), thus significantly increasing the risk of data loss and theft. Just remember the last time you or someone you know accidentally sent an email to the wrong recipient. Hopefully, it didn’t contain any sensitive (or embarrassing) information.

For more information on securing data in SAP systems and applications, read these articles and blogs on SAPinsider.

Michael Kummer

Michael Kummer, president Americas at SECUDE, is a technology and security expert. As an innovative and independent thinker with a broad knowledge of security-related technologies, he has enjoyed a decade-long history within the IT industry, going back to his days in the Austrian Army. In his role of the president Americas at SECUDE, Michael Kummer is facilitating the company’s latest efforts in the field of data-centric security for SAP.

See more by this author


No comments have been submitted on this article. 

Please log in to post a comment.

To learn more about subscription access to premium content, click here.