Expand +



How Safe Is Your HCM Data?

by Chris Winters and Louis Ojuwu | SAPinsider, Volume 16, Issue 4

October 9, 2015

While most companies secure data in their production environments, it is equally important to do so in non-production systems. Learn how organizations can mask their SAP system data and ensure that users do not have access to sensitive information during testing.


Keeping human capital management (HCM) data in production environments secure is a top priority for most companies. This same data in non-production systems, however, can sometimes slip past the notice of even the most security-savvy executives. Your non-production systems need data that behaves like your actual live data, so that when a support package is applied or new functionality is introduced, legal changes are adopted and you can test effectively.

Non-production systems — such as test, quality assurance, training, or sandbox systems — are integral parts of any landscape, but can also be major points of weakness. For example, the users of these non-production systems generally have less stringent authorization checks and could gain access to sensitive information that they are not authorized to access in the live environment.

In the event of a security breach, regardless of whether the cause is due to employee negligence or an outside threat, it’s the organization that will ultimately be held accountable. The onus is on the business to implement preventive measures and protect its customer and employee data.

The onus is on the business to implement preventive measures and protect its customer and employee data. 

Data Security Is Paramount

The challenge is allowing users enough access to test effectively but also controlling and anonymizing sensitive data. Data anonymization can be difficult and often requires significant manual intervention due to the nature of data storage. This manual process requires writing custom programs to conform to data security legislation, which is time consuming, prone to error, and introduces inconsistency across your SAP landscape.

Data Secure, a product in the Data Sync Manager (DSM) suite from EPI-USE Labs, is a complete data protection solution that masks SAP system data to safeguard sensitive information. Most existing data masking solutions use “in-place” masking, which means that data is masked only after it has been copied to the target system.

Data Secure takes security to a completely new level with “source-side” masking. This means that the data is masked before it leaves the source system. The original sensitive data is never duplicated, so there is less risk of it falling into the wrong hands.

Additionally, companies can use an extensive set of rules delivered out of the box, or add their own rules. Standard Data Secure rules include those related to employee, customer, vendor, business partner, and address data. They define which tables and fields are to be modified and what the new values will be. If companies have unique data security needs to mask customer-defined tables and fields, or want other rules, then they can define new rules using built-in Data Secure business logic or ABAP user exits.

Data Secure can also handle very large volumes of data. An EPI-USE customer, one of the world’s largest oil and gas companies, used Data Secure to scramble a 3.1TB system with 23,829 employees, 992,393 customers, 94,846 vendors, 272,849 business partners, and 1.6 million addresses in only 25 minutes.

For More Information

Data Secure has been used by multinational organizations across public, private, and health sectors to ensure compliance with regulatory requirements as well as numerous other laws and regulations that govern the use of live customer data. Contact the EPI-USE Labs team at or to arrange a demo or assessment of your data security compliance.

An email has been sent to:


Chris Winters
Chris Winters

Technical Consultant

Louis Ojuwu
Louis Ojuwu

Technical Consultant

More from SAPinsider


Please log in to post a comment.