GRC
HR
SCM
CRM
BI


Article

 

Stop SAP Data Leaks

by Rohit Khanna | insiderPROFILES

October 1, 2012

Organizations spend massive amounts of money to protect their networks from outside intruders, but ignore the more daunting threat of breaches by their own employees. Often times, these breaches can be traced to file sharing practices that feature few controls over who can send what to whom, and no audit trail to support compliance efforts. Luckily, SEEBURGER AG offers a solution to this growing challenge.
 

A major irony of today’s data security landscape is that organizations pour tens of thousands of dollars into defending networks from outside intruders while doing relatively little to combat a bigger threat: their own employees. According to a recent Symantec study, more than half of all US data breaches are caused by either unintentional (39%) or malicious (12%) leaks by company personnel.1 Remarkably, one-third of all malicious attacks originate with insiders.

These employee-initiated breaches can be traced directly to file sharing. Business information changes hands hundreds of times every day via email, FTP-based file transfers, web-based file sharing services, and other methods. Frequently, there are few controls over who can send what to whom, and no audit trail to support compliance or forensics efforts. Data can easily fall into the wrong hands, violating compliance mandates and potentially causing irreparable damage to the business.

For companies using SAP solutions, one strategy for plugging this security hole is to implement managed file transfer (MFT) technology — with features like automatic encryption, monitoring, and policy enforcement — within the SAP environment. All SAP and non-SAP data movement, inside and outside the firewall, can then be controlled centrally within the SAP interface and SAP NetWeaver Process Integration (SAP NetWeaver PI), extending the value of existing SAP investments as well as SAP NetWeaver’s role as an integration platform.

Data Transfer Troubles

Managing data and file sharing can be challenging, and much of the data flying through the ether is highly business-sensitive. In the case of SAP-based data, it includes everything from customer, price, and product lists, to business plans, contracts, requests for proposals (RFPs), financial records, tax data, HR files, and CAD and engineering drawings from SAP Product Lifecycle Management (SAP PLM). If any of this information slips through the security cracks, a company can lose competitive advantage or worse. Chevron, for example, suffered considerable embarrassment in 2011 when an errant email exposed the company’s previously unknown role in setting global oil prices.2  

Since standard SAP software implementations lack a native solution for preventing unauthorized data exports, customers need a way to ensure data security. Without such measures, users can export any SAP data to which they have access privileges either directly by using the download/export function in the SAP interface, or via FTP by linking the data to SAP NetWeaver PI processes using automated scripts. Neither method protects against data loss, theft, unapproved downloads, unauthorized transmissions of data from SAP systems, or associated exposure to compliance penalties.

Efforts to manage data and file sharing are also hampered by the patchwork of plug-ins, FTP/SFTP servers, and gateway or application-specific MFT servers that organizations have acquired over the years to address evolving business integration protocols and disparate trading partner requirements. This tangle of integration technologies adds to IT overhead by requiring staff competence on multiple systems, containing many points of failure, requiring FTP script maintenance, and complicating change management. It also fails to provide the centralized management and audit capabilities required for traceability, accountability, and compliance.

Gain Complete Control Through SAP Systems

For shops that use SAP solutions, both the risks and complexities of file sharing can be eliminated by using the edition of SEEBURGER Managed File Transfer (SEE MFT) designed specifically for SAP solutions. SEE MFT is a fully integrated package of solutions for any file and data sharing scenario developed by long-time SAP business integration partner SEEBURGER AG. The SEE MFT platform is the latest extension to the SEEBURGER Business Integration Suite, which is used by thousands of organizations worldwide to handle trading partner communications.

Leveraging the power and flexibility of SAP NetWeaver as well as the familiar SAP interface, SEE MFT enables IT teams to centrally control, secure, and track all SAP and non-SAP data movement both within a company and with external partners such as customers, suppliers, payroll services, banks, and contract manufacturers. Package components — all developed by SEEBURGER and fused to deliver a unified MFT platform — include:

  • Solutions for secure, monitored human-to-human, human-to-system, system-to-system, ad hoc, and mobile file exchange
  • Plug-ins for SAP and Microsoft Outlook that automatically route files through the MFT system, eliminating the need for end users to change work habits
  • AS2, OFTP/OFTP2, HTTP/s, and SFTP adapters to meet disparate trading partner encryption requirements
  • Preconfigured SAP NetWeaver PI workflows for internal and external managed file transfer plus predefined endpoint configuration tools for rapid implementation
  • A robust message tracking solution for point-and-click traceability of all file transfer activity from a single interface

This single integrated toolset, deployed and managed within the SAP and SAP NetWeaver environments, also enhances SAP’s own file transfer functionality, strengthening SAP data protections and dramatically simplifying the business integration infrastructure.

Put a Stop to Data Leakage

To help prevent unauthorized data exports, SEE MFT for SAP solutions overrides SAP’s export function to prevent unauthorized data exports and instead automatically routes manually initiated SAP print requests, emails, and system transfers through plug-ins that connect SAP systems and Microsoft Outlook with the SEEBURGER File Exchange (SEE FX) server. Predefined permissions and business policies are automatically applied to ensure that both senders and recipients are permitted to transmit each specific file.

This feature protects ad hoc exports from SAP applications as well as regular background tasks, such as exports of daily, weekly, or monthly reports. No extra steps are required for end users except a few clicks on an extra pulldown menu. In addition, by using core SEE MFT capabilities that apply to both SAP and non-SAP file transfers, each file is automatically encrypted, authenticated, monitored to ensure delivery, and logged in a central location for easy tracking and auditing.

Automated file exports receive the same policy enforcement, encryption, monitoring, and reporting treatment for security and compliance. If a file transmission requires an industry or partner-specific secure communications protocol, for example, the system routes it accordingly.

Additionally, the platform’s SEE Link endpoint client aids compliance by ensuring guaranteed delivery of files, even to and from locations with unpredictable network connections such as offshore manufacturing facilities and overseas trading partners.

Simplified Integration Architecture

With SEE MFT, organizations can also consolidate their fragmented multivendor file transfer architectures for easier, lower-cost management. A single, fully integrated platform can now replace the integration “spaghetti” strung together over time to accommodate technology changes and different partner ecosystems. Eliminating this redundant architecture, while simultaneously using SAP NetWeaver as the file transfer control center, simplifies administration and significantly lowers total cost of ownership.

Finally, with its full complement of components, SEE MFT is uniquely able to manage all file transfer activity including B2B/EDI communications, unstructured file exchange, and even application integration from the same interface. This industry-first ability to merge all B2B processes into a single view helps meet the goal of every IT administrator: to achieve efficiency and keep operations running smoothly.

Learn More

To read more about reducing file sharing risks with SEEBURGER Managed File Transfer for SAP solutions, please visit www.seeburger.com/managed-file-transfer/see-mft-for-sap.html.

         
     

Rohit Khanna
Executive Vice President of Global Strategy and Corporate Development
SEEBURGER AG 

         

1 Symantec, “2011 Annual Study: US Cost of a Data Breach” (March 2012; www.slideshare.net/symantec/2011-annual-study-us-cost-of-a-data-breach-march-2012). [back]

2 The Wall Street Journal, “Chevron’s Email ‘Oops’ Reveals Energy Giant’s Sway Over Markets” (July 16, 2011; http://on.wsj.com/Not2Fw). [back]

An email has been sent to:






More from SAPinsider



COMMENTS

Please log in to post a comment.

No comments have been submitted on this article. Be the first to comment!


SAPinsider
FAQ