Audit as first step
The certainty that data is well protected within the SAP system leads to a deceptive sense of security, as information is exported from the systems on a daily basis.
If this data is shared by email with colleagues or external business partners, transferred to mobile devices or to the cloud, the security rules of the SAP system no longer apply and numerous security risks arise.
Many managers have no way of knowing when and where data is exported from SAP, what happens to it and whether this entails security risks.
At the same time, however, more and more compliance regulations require data security to be guaranteed. Legislation, such as the EU General Data Protection Regulation, threatens high penalties of up to 20 million euros or 4 percent of annual turnover if companies fail to comply with security regulations and clearly document what happens to sensitive data.
"As a specialist in SAP and data security, we therefore recommend an audit as a first step to record all data exports and downloads from the SAP systems. This allows the current situation to be determined and suitable measures to be taken on this basis"
explains Volker Kyra, VP Sales EMEA at Secude.
"However, it is important to ensure that the tool used for the audit can be deeply integrated into SAP so that all correlations are captured."
This measure provides companies with an assessment of compliance with national and international compliance guidelines and other security requirements. The evaluation shows the often unintentional security breaches, but also potential dangers from internal perpetrators or external partners.
The documentation ensures accountability, creates greater awareness of the handling of sensitive data and offers an approach to security.