Petrobras: How to Improve Security of Personal and Confidential Data using Attribute-Based Access Control (ABAC)
Key Takeaways
⇨ Petrobras improved data security and compliance with NextLabs' dynamic authorization and attribute-based access control (ABAC) technologies, enhancing SAP security and data management.
⇨ The implementation of NextLabs SAP Data Access Management (DAM) within four months, as part of Petrobras' #trans4mar Project, ensured fine-grained access control and data masking for personal and business-critical data.
⇨ Petrobras' collaboration with Deloitte and NextLabs enabled the swift deployment of data governance initiatives, strengthening their digital transformation and data privacy efforts.
As part of its digital transformation strategy, Petrobras started the #trans4mar Project in 2019. The objective was to convert its SAP ERP from ECC to S/ 4HANA, along with the review and improvement of some selected business processes. Petrobras IT with the support of Deloitte and NextLabs resources, worked in tight collaboration to implement the primary deliverable of Nextlabs SAP DAM within four months to quickly deploy and meet the data governance-initiatives set forth. With this zero-trust data-centric approach using SAP DAM, Petrobras is now able to ensure fine-grained access control for applications that create, store, or modify personal confidential data. To further protect privacy, data is dynamically masked on transaction fields where personal confidential data is present. This is taken one step further, by also dynamically segregating data for reports, ensuring that personally identifiable information (PII) and business-critical data are protected, helping maintain confidential data privacy.