SAP Data Security


-

What Is Data Security?

Data security is the practice of protecting data from unauthorized access, corruption, or theft throughout its lifecycle. Data security includes every aspect of information security, from the physical security of hardware and storage devices to administrative and access controls and application security. It also includes putting in place specific controls, standard policies, and procedures to protect data from a range of threats.

What Is SAP Data Security?

SAP security for the intelligence enterprise falls into four categories: identity and access governance, data protection and privacy, cybersecurity, and enterprise risk and compliance. In the data protection and privacy area, SAP has implemented a wide range of measures to help protect data controlled by SAP and its customers. These measures include:

What Is Data Security?

Data security is the practice of protecting data from unauthorized access, corruption, or theft throughout its lifecycle. Data security includes every aspect of information security, from the physical security of hardware and storage devices to administrative and access controls and application security. It also includes putting in place specific controls, standard policies, and procedures to protect data from a range of threats.

What Is SAP Data Security?

SAP security for the intelligence enterprise falls into four categories: identity and access governance, data protection and privacy, cybersecurity, and enterprise risk and compliance. In the data protection and privacy area, SAP has implemented a wide range of measures to help protect data controlled by SAP and its customers. These measures include:

  • Data Processing Agreements: SAP signs data processing agreements with its cloud services provider, which mirror the terms of SAP’s customer-facing data protection agreement and include standard contractual clauses (SCCs). SAP implements and maintains technical and organizational measures to adequately protect personal data.
  • Data Transfer Impact Assessments: SAP publishes FAQs to support customers with questions related to data transfer impact assessments when they are using SAP Cloud services.
  • Data Protection Management System: The SAP data protection management system uses SAP’s data protection controls framework for all internal data protection and privacy controls, which cover the requirements of international industry standards.
  • Internal Data Protection: SAP regularly trains employees and ensures data protection compliance with regular audits on the business and legal entity levels.

Further Resources for SAPinsiders

10 Best Practices for Enforcing Data Security, Control, and Consistency in the Software Logistics Process. In this article, security architect Kehinde Eseyin provides best practices, tips, and guidelines for ensuring that the process of making changes and transporting changed data in the SAP ABAP system is well secured against possible security threats and risks.

A Holistic Approach to Managing Cybersecurity & Protecting Your Data. This article provides tips and best practices to secure your data in the intelligent enterprise. SAP offers nearly a dozen solutions employed by many organizations — including SAP itself — to respond to compliance and security requirements and, in the event of a breach, minimize the impact, relates Bruce Romney, Senior Director of Product Marketing for SAP Governance, Risk and Compliance (GRC) and Security Solutions.

Overview of SAP Cybersecurity and Data Protection Solutions. In this presentation, Arndt Lingscheid, Global Solution Owner Cybersecurity and Data Protection at SAP SE, details steps organizations can take to secure the SAP S/4HANA business application environment.

Vendors that can assist SAP customers with data security include: Appsian Security, Capgemini, Fastpath, HPE, Intel, Kyriba, Layer Seven Security, NetApp, Onapsis, Rackspace, Saviynt, Security Weaver, Thales, Virtustream, Xiting, and Xpandion.

 

22 results

  1. Jabil UI Masking Image

    Jabil Turns to UI Masking for Stronger Data Protection

    The proliferation of data privacy regulations and laws has prompted organizations to beef up their data privacy and protection. One way to protect data without the inconvenience of encryption is data masking or user interface (UI) masking. One company taking full advantage of SAP’s UI masking feature is Jabil, a St. Petersburg, Fla.-based global manufacturing…
  2. Wilder Latino image

    Jabil Deploys UI Masking

    Reading time: 4 mins

    The proliferation of data privacy regulations and laws, such as the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), has prompted organizations to beef up their data privacy and protection. One way to protect data without the inconvenience of encryption is data masking or user interface (UI) masking. One…
  3. How to prioritize security measures to avoid an SAP data breach

    With the increasing number of Cyberattacks in different forms, organizations need to avoid the high cost and significant business impact of a potential SAP data breach. Traditional network security does not provide adequate protection of the data in your SAP systems against insider and outsider attacks. In this session, John Mortimer, Security Consultant at CyberSafe,…
  4. How to prioritize security measures to avoid an SAP data breach

    With the increasing number of Cyberattacks in different forms, organizations need to avoid the high cost and significant business impact of a potential SAP data breach. Traditional network security does not provide adequate protection of the data in your SAP systems against insider and outsider attacks. In this session, John Mortimer, Security Consultant at CyberSafe,…
  5. Overview of SAP cybersecurity and data protection solutions

    Cyber-attacks can have severe consequences when it comes to SAP S/4HANA applications. These attacks focus on the company’s application layer and use privileged user accounts. Unfortunately, many security departments see the SAP application layer as a “black box,” and assume the security of SAP applications as the responsibility of their Basis or SAP application colleagues,…
  6. Integrated UI Data Protection: Take protection of your crown jewel data assets to the next level

    The SAP solutions for UI data protection are evolving. Join this session for the debut introduction to the first integrated release of UI Masking and UI Logging. Attend this session to: - Experience a comprehensive demo of many new features, such as data blocking and ‘Reveal on Demand’ with attribute-based authorizations - Know how these…
  7. Cybersecurity and Data Protection: Taking an Integrated Approach

    Reading time: 2 mins

    By Fred Donovan, Senior Editor, SAPinsider “The threat actor only needs to be right once. We need to be right every time,” says Scott Margolis, Managing Director for the Data Privacy and Protection Practice at Ernst & Young (EY).   The best way to stay ahead of threat actors, considering the global shift to remote work, is to implement an “integrated approach” to…
  8. How to Get the Most out of Using the Security Audit Log — From configuration to monitoring

    The Security Audit Log in SAP records security-related system information such as unsuccessful logon attempts, changes to user master records, and RFC calls. The Security Audit Log keeps a record of these activities for your review and investigation. Attend this session to gain a comprehensive overview of what the Security Audit Log is, how to…
  9. Trust Matters! The SAP Security Strategy and Roadmap

    This session provides an up-to-date overview of SAP security strategy as well as their related solutions and products. The intelligence and persistence of potential threats is only increasing. There is growing attention on SAP systems as they house organization’s most critical data and business assets. SAP is expanding its security expertise and solution portfolio accordingly.…
  10. Bridging the Cybersecurity Gap in ITGC

    Compliance with regulations like Sarbanes-Oxley (SOX) often require a set of controls in place to mitigate risks to the integrity of financial reporting. Current ITGC testing performed by internal and external auditors is only focused on one slice of access risk. Different entry points into SAP systems are overlooked and present a higher level of…
  11. Recap of “Evolving Your SAP Security and Compliance Strategy in the Era of Cloud and SAP S/4HANA”

    Reading time: 3 mins

    By Annie Kennedy, Associate Conference Producer Jason Fruge (JF), Vice President, Business Application Cybersecurity at ‎Onapsis, was the expert in the Q&A titled “Evolving Your SAP Security and Compliance Strategy in the era of Cloud & SAP S/4HANA,” which aired live on day 1 of SAPinsider’s 2020 Virtual Conference Experience. Although Jason is a more than 20-year security practitioner,…
  12. Pitfalls of SAP System Copies for Non-production Environments

    Reading time: 0 min

    Data on non-production systems is governed by compliance regulations like the GDPR and is at serious risk of security breaches, especially from insider attacks and negligence. On top of this, replicating large SAP databases, often several times over, leads to skyrocketing costs. How much are you really spending on your non-production system copies? Don’t be…
  13. Extending Data Security To SAP Downloads: A Collaborative Story

    Reading time: 0 min

    Data flows are imperative for today's global business processes — but not at the cost of data security. Because the nature of industries warrants data sharing to fuel business operations across enterprises and geographies, it is necessary to protect inf This content is available to (General or Premium) members. Sign in or Join for free!…
  14. Misuse Detection in SAP Systems

    Reading time: 5 mins

    Financial planning and analysis (FP&A) is a top financial concern for SAP customers, according to a recent SAPinsider benchmark report, “SAP S/4HANA Finance: State of the Market,” where more than 400 individuals across all lines of business from nearly 150 companies were surveyed regarding their strategy for SAP S/4HANA Finance. However, many organizations are still…
  15. Nexeo Solutions’ Data Archiving Strategy Ensures Security and Improves Performance

    Reading time: 10 mins

    Nexeo Solutions – worldwide distributor of chemicals, plastics, and environmental services – needed to ensure reliable and timely same-day or next-day deliveries to roughly 28,000 customers worldwide after divesting from its parent company in 2011. To continue creating and tracking purchase orders in the most efficient and effective manner, Nexeo Solutions underwent a phased data…
  16. Has Your System Been Breached?

    Reading time: 1 min

    Since cyber attackers are aware of methods for breaking into SAP systems, companies need to take countermeasures. It is important that they know what data they should analyze to detect where their systems have been compromised, according to Juan Perez-Etchegoyen of Onapsis. In his upcoming Cybersecurity for SAP Customers 2018 session, “Detect and Respond: How…
  17. Meeting Modern Data Protection Requirements

    Reading time: 15 mins

    As the volume of data collected by organizations continues to increase, so too do regulations designed to protect data from misuse, particularly when it comes to personal data. One of these is the European General Data Protection Regulation (GDPR), which goes into full effect on May 25th, 2018, and has global implications — it applies…
  18. Ensure the Security of Your SAP HANA Log Data with Remote Data Center Encryption

    Reading time: 3 mins

    Every single data area processed in SAP HANA is highly sensitive. To safeguard against security threats, SAP HANA includes a built-in feature that encrypts the vast majority of accrued data, known as data volumes, on the SAP HANA server’s hard drive. But what about the log files that record ongoing changes to the SAP HANA…
  19. Protect Your SAP HANA Environment: Live Q&A on Security Best Practices

    Reading time: 23 mins

    Rapid data center and infrastructure advancements have created endless new opportunities – especially for those who are now live on SAP HANA or SAP S/4HANA. However, now that you’re live, how do you protect your investment? Are you automating OS patch deployment and compliance across your SAP landscape? Are you looking to decrease total cost…...…
  20. The Impact of PCI-Validated P2PE

    Reading time: 6 mins

    Audio pioneer Dolby Laboratories, which has been delivering audiophiles a superior sound and sight experience since the 1970s, decided in 2016 that it wanted an equally stringent level of quality assurance for its business process testing. The business sought a risk-based automated testing solution to reduce or eliminate regression test coverage gaps and lengthy testing…
  21. How to Identify What Sensitive Data is Leaking Out of Your SAP System

    Reading time: 10 mins

    Every day users extract potentially business-critical information (such as personally identifiable information [PII], financial and sales figures, new product specifications, and much more) from SAP applications for the purpose of reporting, analytics, and collaboration. Access to data stored inside SAP applications is strictly regulated by roles and authorizations. However, data that can be viewed can…...…
  22. How to Protect Your Data from Today’s Biggest Cybersecurity Threats: Q&A on Managing Security in Your SAP Landscape

    Reading time: 28 mins

    Modern enterprises are facing a perfect storm of increasingly sophisticated technology, changing regulations, and cybersecurity attacks that are rapidly growing in their scale, scope, and speed. In today’s technology landscape, cloud and mobile connectivity to SAP systems demand more than just network firewalls and perimeters to effectively protect your applications, and auditors and compliance managers…...…