Cybersecurity and protecting sensitive data in the COVID-19 era a.k.a Work from home era

These days customers are wondering how they can protect their sensitive data, be it financial or PII data during this time of working from home in the COVID-19 era. This is also because of news on increasing hacking/attack activities due to massive insecurity of users during home office usage

I immediately thought of highlighting the SAP IBSO security suite which comprises of UI data protection (masking and logging and advanced functionality such as data block, ABAC), and ETD and how we can help employees working from home protect the data which is more vulnerable.

Once your SAP systems are enabled for access from remote/home offices, your data are already “off premise” as soon as they are displayed. Here are some broad ideas on how these products help masking and logging products help.

  1. Human firewall – you would want to both educate your users to stick to accessing data on a per-need basis only.
    On top of that, you’d want to ensure users keep to this policy – which is helped by UI Logging: Users who are aware that their moves are (or just maybe could be…) tracked/analysed will behave in a different and more cautious manner. And that’s not a theoretical statement – it’s feedback from our installed based that a lot of “strange” data accesses just don’t happen any more!
  2. The second part is also straightforward – tighten up users’ access to data. You might decrease access rights on transaction/app level; however that may stop them from doing their work well. Better to use UI Masking to add an additional layer of protection, selectively to sensitive information. That can be either a complete type of data (social security number), but also just data pertaining to specific (sensitive) data objects or subjects (salaries or contract end dates of your top management). Another attribute can also be whether the user’s IP points to the office, or the home office…
    UI Masking further allows “reveal on demand”, basically a two-step way of showing sensitive data only on specific demand and with a tracking.
    Moreover, seeing several fields masked reminds users of their role in the “human firewall”.
  3. For those data you can’t take away from users because they’re essential for the users’ tasks, you would however want a strong logging mechanism in place so you get transparency on data access. This is again covered by UI Logging; including alerts on pre-defined critical data being accessed, as well as options to analyse data access.
  4. As you’re talking a big data scenario already with UI Logging, and threats to your system are not only through UI level data access but may become apparent through much information from other logs inside or outside of SAP systems, it makes sense to consider an automated, real time data correlation and threat detection feature, in the form of SAP Enterprise Threat Detection.
    Alert scenarios can be based on high volume of specific activities or access to specific data (compared against a normal baseline of past access), as well as special sequence of activities or even just one critical activity (download in SE16n), and if desired all under the condition that the IP from which data were accessed does not point to onsite usage.
  5. The last scenario would be a all-round integration, which we have prototyped recently. If ETD becomes aware of a potential threat, it can send this information to  masking. For e.g. the user name and data types he seems to be calling strangely are sent to UI masking via ABAC Policy Cockpit. The next time the user wants to access such data, UI Masking can determine that there is a warning, and hide the data from the user dynamically (for one, 5minutes, rest of the day etc).

What are your thought processes on this. How can we protect sensitive data stored in SAP systems in these times. Do mention in comments your thoughts!