The global and independent platform for the SAP community.

Prevent unwanted data outflow from SAP systems

Data loss prevention, the protection against the leakage of confidential data, is a combination of technical aspects and employee-related measures.
Robert Hegyi, Swisscom
May 7, 2020
It Security
This text has been automatically translated from German to English.

It can happen quickly: in a hurry, the wrong recipient is selected in the email and the confidential product presentation is leaked. Or the - naturally unprotected - USB stick with business-critical data is left somewhere on a business trip. Not to mention cases in which employees deliberately pass on confidential information.

The protection of confidential company data is as important as it is complex, as these examples show. Data loss prevention (DLP) or data leakage prevention refers to all measures designed to prevent the unwanted outflow of company information.

Compliance requirements based on regulations and data protection laws play an important role here. Because violating these rules can result in severe fines.

However, reputation is just as important as the basis for customer trust. Customers rightly expect companies to handle the data entrusted to them in a trustworthy manner. A data leak can quickly result in a loss of customers.

The introductory example with the wrong email recipient shows that DLP must include a combination of technical measures, processes and employee awareness.

Perhaps in this case it would have been technically possible to prevent the product presentation from being sent. But an employee trained in handling confidential data would never have thought of forwarding the document by email.

Preventive awareness-raising activities help to raise understanding of how to handle confidential data - and also of the necessary guidelines, processes and technical protective measures. However, there is no such thing as absolute security.

The key to successfully preventing data leakage lies in the way it is implemented and the measures must not hinder the business. Otherwise, there will be no acceptance and employees will find creative ways to circumvent DLP.

Information that is stored and processed in SAP systems is particularly exposed data. For many companies, this is the linchpin of numerous company-relevant processes.

Even with a well thought-out and granular SAP role and authorization concept, data outflow cannot be effectively controlled or monitored, nor can it be prevented in every case via data classification. If confidentially classified SAP data is not protected more comprehensively, hackers and data thieves are easy prey.

Companies should consider watertight answers to key questions. For example, are protection mechanisms in place to prevent data from leaving the SAP application through accidental or deliberate data leaks? And is compliance with legal requirements or internal guidelines ensured through the seamless implementation of access and transfer controls?

Also to be considered: Can the increase in response speed in the event of a cyberattack be implemented immediately through real-time notification and alerting? And how is intellectual property and sensitive SAP data protected by controlling SAP downloads and encrypting exported documents? Only those who consider a comprehensive strategy and follow it consistently can guarantee data security.

We advise you to address the challenges mentioned above for yourself and your customers. There are common security solutions that ensure adherence to industry-specific compliance guidelines and automatically protect data exports from SAP applications and document management systems (DMS).

Prevent the outflow of your sensitive, business-critical data - without compromising business processes or limiting user-friendliness.
Robert Hegyi, Swisscom

Robert Hegyi is Principal Consultant SAP GRC at Swisscom (Switzerland) AG.

Write a comment

Work on SAP Basis is crucial for successful S/4 conversion. This gives the so-called Competence Center strategic importance among SAP's existing customers. Regardless of the operating model of an S/4 Hana, topics such as automation, monitoring, security, application lifecycle management, and data management are the basis for the operative S/4 operation. For the second time already, E3 Magazine is hosting a summit in Salzburg for the SAP community to get comprehensive information on all aspects of S/4 Hana groundwork. With an exhibition, expert presentations, and plenty to talk about, we again expect numerous existing customers, partners, and experts in Salzburg. E3 Magazine invites you to Salzburg for learning and exchange of ideas on June 5 and 6, 2024.


Event Room, FourSide Hotel Salzburg,
At the exhibition center 2,
A-5020 Salzburg

Event date

June 5 and 6, 2024


Early Bird Ticket - Available until 29.03.2024
EUR 440 excl. VAT
Regular ticket
EUR 590 excl. VAT

Secure your Early Bird ticket now!


Event Room, Hotel Hilton Heidelberg,
Kurfürstenanlage 1,
69115 Heidelberg

Event date

28 and 29 February 2024


Regular ticket
EUR 590 excl. VAT
The organizer is the E3 magazine of the publishing house AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes the attendance of all lectures of the Steampunk and BTP Summit 2024, the visit of the exhibition area, the participation in the evening event as well as the catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due time.