We are in an era which has increased usage of work from home across the board in all organizations. There are organizations who are enabling working from home which have never thought of this for their employees.
When we talk about cyber security, this norm suddenly reveals the vulnerability of IT systems and brings data protection much more into the awareness of companies than ever before.
But why is work from home a cyber security concern? Some thoughts on this.
- By working remotely and a bigger distance to colleagues and the enterprise infrastructure, employees are attractive targets for attacks, by manipulating and gaining access to a company’s network and data, utilizing individual fear of the target.
- Risk results from increased digital and telephonic exchange among employees due to home office working. This form of communication offers a bigger attack surface for social engineering, meaning active manipulation of employees.
- Internal employees might feel more secure in their familiar environment, download trusted data or open unsafe email attachments. This could lead to a system failure or if important company data is stolen or disclosed, it could result in the complete collapse of an organization.
As companies begin to understand that hope is not a strategy for IT security and substantial steps need to be taken, let’s take a look at some of the products and solutions available as part of the SAP IBSO security suite which can help companies. This comprises of UI data protection (masking and logging and advanced functionality such as data block, ABAC), and Enterprise Threat Detection (ETD).
Here are some broad ideas on how these products help masking and logging products help.
- Human firewall – you would want to both educate your users to stick to accessing data on a per-need basis only.
On top of that, you’d want to ensure users keep to this policy – which is helped by UI Logging: Users who are aware that their moves are (or just maybe could be…) tracked/analysed will behave in a different and more cautious manner. And that’s not a theoretical statement – it’s feedback from our installed based that a lot of “strange” data accesses just don’t happen any more!
- The second part is also straightforward – tighten up users’ access to data. You might decrease access rights on transaction/app level; however that may stop them from doing their work well. Better to use UI Masking to add an additional layer of protection, selectively to sensitive information. That can be either a complete type of data (social security number), but also just data pertaining to specific (sensitive) data objects or subjects (salaries or contract end dates of your top management). Another attribute can also be whether the user’s IP points to the office, or the home office…
UI Masking further allows “reveal on demand”, basically a two-step way of showing sensitive data only on specific demand and with a tracking.
Moreover, seeing several fields masked reminds users of their role in the “human firewall”.
- For those data you can’t take away from users because they’re essential for the users’ tasks, you would however want a strong logging mechanism in place so you get transparency on data access. This is again covered by UI Logging; including alerts on pre-defined critical data being accessed, as well as options to analyse data access.
- As you’re talking a big data scenario already with UI Logging, and threats to your system are not only through UI level data access but may become apparent through much information from other logs inside or outside of SAP systems, it makes sense to consider an automated, real time data correlation and threat detection feature, in the form of SAP Enterprise Threat Detection.
Alert scenarios can be based on high volume of specific activities or access to specific data (compared against a normal baseline of past access), as well as special sequence of activities or even just one critical activity (download in SE16n), and if desired all under the condition that the IP from which data were accessed does not point to onsite usage.
- The last scenario would be a all-round integration, which we have prototyped recently. If ETD becomes aware of a potential threat, it can send this information to masking. For e.g. the user name and data types he seems to be calling strangely are sent to UI masking via ABAC Policy Cockpit. The next time the user wants to access such data, UI Masking can determine that there is a warning, and hide the data from the user dynamically (for one, 5minutes, rest of the day etc).
SAP customers today are more dependent on IT applications in almost all areas than ever before. If a hacker attack results in a system failure or if important company data is stolen or disclosed, this can result in the complete collapse of a company.
What are your thought processes on this. How can we protect sensitive data stored in SAP systems in these times. Do mention in comments your thoughts!