Control your SAP data exports and prevent data misuse by authorized users.
Secude SAP Security
Close security gaps in SAP without impacting process efficiency.
Secude HALOCORE at a glance;
- Effective protection of intellectual property and sensitive SAP data by controlling SAP exports and encrypting extracted documents with Microsoft RMS/AIP.
- Significant reduction in administrative effort for managing users and permissions by automating SAP security processes.
- Compliance with legal requirements, such as GDPR (EU) 2016/679, NIAP, APEC CBPR, BASEL, SOX, FISMA, HIPAA, etc., through gapless documention of the use of sensitive data.
A blind spot in SAP puts your IP at risk
On a regular basis, users export sensitive data from SAP applications to generate reports, spreadsheets, PDFs, and other documents. The information is then downloaded and stored on devices, such as USB thumb drives and local hard disks, or, increasingly, on mobile devices and in cloud storage solutions, such as Dropbox and Microsoft OneDrive. Such data often end up in places beyond your control, such as on the file share of an untrustworthy partner or the inbox of a competitor. Even on trusted employee devices, with the increase in sophistication of malware and Trojans, the risk of data loss has never been higher.
Prevent data misuse by external hackers and authorized users
HALOCORE is a data security software that protects intellectual property and other sensitive information extracted from SAP systems. By integrating directly with SAP, HALOCORE protects data with automated classification, blocks unauthorized reports, and helps generate fine-grained access policies. This innovative approach allows enterprises to maintain a high level of control and security over sensitive documents extracted from SAP throughout their lifetime, even if these have been shared via email, downloaded to a recipient’s PC, or printed as PDF.
HALOCORE in action
Watch our two-minute video to learn how HALOCORE automates data security and reduces administrative effort for SAP user and authorization management.
Discover the solution’s features and learn how you can prevent data loss, secure your intellectual property and become GDPR compliant.
HALOCORE MONITOR at a glance
- Close security gaps that are still underestimated by monitoring back-end data streams.
- Quick detection and near real-time notification in case of security incidents such as unauthorized attempts to download sensitive data.
- Comply with GDPR (Articles 5(2) & 30) through comprehensive audit documentation.
Increasing business and compliance requirements need more than what SAP GRC can offer
Business and operations do not happen in silos. There is a constant need to share relevant data through different networks, which also get stored in new storage locations, thus making it almost impossible to control. In such a scenario, it would be incorrect to assume that only authorized users view and access sensitive data related to their job function. It is a fact that most companies running their businesses on SAP have very little knowledge and control over how documents extracted from SAP systems and applications are being shared or who is accessing them. Authorized users access data regularly to perform their job functions, but once that data leaves SAP, there is no way to track and monitor it. This leaves companies at a high risk of data loss due to malicious or accidental actions.
While end users present one side of the case, on the other hand, data also flows through the backend in the form of API-based machine-to-machine communication. Most often than not, enterprises do not have insight into ‘invisible’ SAP application activities and, thus, significantly heighten their IT security risk.
Currently SAP GRC can detect only unauthorized SAP data exports, not SAP data streams (Audit & Classification for applications). Also, it does not offer the capability to prevent unauthorized SAP data exports or protect exported SAP data files.
How HALOCORE MONITOR can help
HALOCORE MONITOR audits all exports and downloads of critical SAP data regardless from which egress point the data flows. Through pseudonymization, the audit log meets, by default, Works Council requirements. It is a key extension to the standard SAP Security Audit Log (SAL) and, furthermore, enriches the auditing data shown in SAP Enterprise Threat Detection (ETD) and SAP Digital Boardroom, especially as it audits all exports using an automated classification engine. Closing these GRC compliance gaps even during ‘firefighter’ activities, the module provides real-time insight into which sensitive data is at risk of leaving your SAP system and sends e-mail notifications in case of data leakage.
HALOCORE BLOCK at a glance
- Effectively prevent data from leaving the protected SAP application through accidental or intentional data leaks.
- Enable compliance by addressing the core requirement of data security regulations such as GDPR, HIPAA, SOX, FISMA, etc.
- Highly customizable for administrators through flexible rule engines based on parameters such as such as by user, role, IP range, white-list, etc.
When SAP authorization management reaches its limit
Most organizations across the globe use SAP systems and applications to run their business. Companies trust their intellectual property, financial information, and compliance regulated data to be stored inside of SAP protected by multiple security mechanisms. Access to sensitive data inside SAP is restricted through roles and stringent authorization management. However, SAP users extract hundreds of documents often containing sensitive data for the purpose of reporting, analytics, and sharing with colleagues and partners. Most companies have very little control over how these documents are being shared or who is accessing them. This leaves companies at a high risk of data loss due to malicious or accidental actions.
How HALOCORE BLOCK can help
HALOCORE BLOCK effectively prevents business-critical data and documents from leaving the protected SAP application and, thus, protects against accidental or intentional data leaks.
Directly integrated into SAP, it works based on the HALOCORE audit log at the source of all recorded data flows. Users without a corresponding SAP-authorized profile would not be able to download files. Furthermore, a granular, bespoke policy can be implemented using automated data classification, which tailors the control over SAP exports to the specific needs of organizations.
HALOCORE PROTECT at a glance
- Protect, in combination with Microsoft AIP, is the only truly comprehensive solution that secures priceless SAP data exiting at end points.
- Extend SAP access control shield for intellectual property and other sensitive information beyond SAP boundaries.
- Silently and automatically classify and protect SAP data without any user intervention. Drive quick and seamless user adoption.
Increasing cyber crime and progressive digitalization require new data-driven security solutions
SAP continues to be the global leader in enterprise software. Most large enterprises typically use SAP ERP systems to manage business operations across departments and for customer relations. This is true across industries – manufacturing, automobile, aviation, banking, insurance and other financial services, hospitality and so on. As a result, large expanse of data continues to be generated and held in SAP systems. However, owing to an ever growing need to enhance collaboration, organizations increasingly break silos and share data, across departments, across geographies, across roles and across enterprise platforms. And this is where the challenge is.
Once a document leaves a company’s network, there is typically no control over how it is being shared or who is accessing it. What happens when data is exported from SAP?
The ultimate question is: Is there a solution that can effectively protect data that is authorized to exit the SAP system throughout its life cycle?
Extending protection beyond SAP: Leveraging Microsoft AIP
HALOCORE, through its PROTECT module, extends the SAP access control shield for Intellectual Property (IP), Personally Identifiable Information (PII) and even Toxic Data and other sensitive data beyond SAP’s boundaries. HALOCORE intercepts the data being downloaded from SAP and applies fully customizable classification labels to the document metadata.
Additionally, HALOCORE is tightly integrated with Microsoft Azure Information Protection (AIP) and fully supports the implementation of Active Directory, Office 365, and Azure Active Directory. Using Microsoft AIP every document exported from SAP is automatically and efficiently encrypted at the server level before it arrives on any device. Using the automated HALOCORE classification engine, granular authorizations and user rights are assigned to sensitive data, allowing easy and secure exchange of documents between employees, partners or suppliers.