Welcome to realtime, developers of bioLock, the only fingerprint authentication software which is certified by SAP. With bioLock, BULLETPROOF security is at your fingertips !
Realtime was founded in 1986 by former SAP managers. Realtime is an SAP-certified software, services & special expertise partner, with a particular focus in governance, risk and compliance. Our clients span many sectors of industry and government, including food, pharmaceuticals, chemicals, automotive and many more. Realtime’s flagship software product, bioLocK, has been continuously certified by SAP since 2002.
Realtime’s client list includes Fortune Global 500 corporations, and names like Airbus, Bayer, Marathon Oil, Toyota. The list also includes government agencies and financial institutions that prefer to remain anonymous. In all, over 200 global clients are served by realtime, which is privately held, financially sound and based in Germany near SAP’s headquarters.
bioLock was developed in response to the needs of certain SAP users. For executives, true Sarbanes-Oxley compliance became possible by rigidly restricting access to financial data. Other clients wanted to achieve granular control of access to SAP data down to the transaction or field level. Some clients wanted to enforce true segregation of duties in financial transactions, while others focused on complying with HIPAA or other regulations. In some cases, sensitive data or intellectual property had to be protected from unauthorized access.
SAP is the market leader in the ERP space, and offers industry-standard security features that meet many users’ needs. However, your SAP data security can be taken to a whole new level with the addition of bioLock software. We like to call it “bullet-proofing”.
Whether we like it or not, fraud is here to stay. In fact it is a growth industry. The greatest risk may be not from external sources, but from insider fraud, which can be difficult to detect, and may originate from unsuspected first-time offenders. The Association of Certified Fraud Examiners tracks these trends, and reports that apprx. 5% of corporate revenues, globally are lost to fraud. Realtime believes that the risk of insider fraud and unauthorized data access can be significantly mitigated with the use of biometric authentication.
Since you are looking at this presentation, are concerned about protecting your organization from insider fraud? Are your HR practices in full compliance with HIPAA? Do your executives worry about their exposure to Sarbanes-Oxley issues? Does your SAP system store sensitive financial data, secret formulas, or vulnerable intellectual property which should not be seen by unauthorized eyes?
Maybe you are considering the potential impact of a security breach or incident? What would the direct financial cost be? How would negative publicity in traditional and social media affect your organization and your stock price? How about the cost of defending lawsuits? Would a loss of intellectual property be significant?
Any type of system security falls into one of 3 categories: The first is “what you know:, ie. A password that you are supposed to have memorized The 2 nd is “what you have:, i.e. something in your possession like a swipe card, smart card or common access card. The 3 rd type is called “what you are”, - this is a biometric credential that is just part of you.
Passwords are the most rudimentary form of protection. Think about the passwords you use in daily life, lets say for your ATM card. A password is “something you know”. Most people would agree that these are easily guessed, circumvented and not too robust. Often they are written down in plain view on somebody’s desktop or a Post-it note. Smart-cards offer some extra protection because the user has to carry a device. The protection consists of “something you have”, but the device can be borrowed, stolen, or misused. Industry experts and academics agree that the highest degree of security requires biometrics. The user does not have to remember anything, nothing is written down, and there is no device to keep track of. A biometric identity is “who you are” and can’t be transferred or borrowed.
The question is, are you still relying only on passwords? The traditional SAP log-on process relies on passwords, which can be borrowed, stolen or misused. Many users write passwords down, making them especially vulnerable to insider fraud. The log-on password provides only perimeter protection, but no additional layers or granularity.
To bulletproof your SAP data, the first step is to enhance the log-on profile with a fingerprint scan. The traditional password is still entered, but then a simple message box pops up in front of the user and requests a fingerprint scan. There is no way to cancel or circumvent this step, and a user cannot be impersonated be someone else. It only takes a couple of seconds, is totally intuitive and requires no training. Various small hardware devices are available to capture the fingerprint scan for bioLock verification.
A standard scanner as shown above is the simplest approach, but some users prefer using more than one device. For example, you could add a smart card or common access card, which may also be used to open physical doors to your building. Potential future development could include iris scanning or other techniques as technology becomes available.
Many scanning devices can be used with bioLock, which has been tested and verified with a long list of manufacturers. For example, a mouse can contain a scanner on the top or side. Many laptops now have swipe sensors. Keyboards are also available that offer fingerprint scanning, smart card access, or both. Many devices cost less than $100 and are easily installed.
How does SAP interact with bioLock? If a user is enrolled in bioLock, SAP will store a biometric template for that user. Each time the user logs on, their credentials are compared against that template. If the credentials don’t match, access will be denied. By the way, actual fingerprint images are never stored. bioLock creates an encrypted digital template from the minutiae, which are the unique defining points of a fingerprint, and your SAP users’ privacy is always protected.
Here is a graphic view of the 5 levels of control. For bulletproof security, you must have these 5 levels. 1 - perimeter control 2- transaction control 3- field level control 4- financial limits with those fields 5 – dual approval The key is that all these operations can be controlled using fingerprint verification, so that any critical activity in your SAP system is properly authorized and tracked
Here are more examples of actions that can be controlled using bioLock Maybe you want to prevent someone from printing a list of vendors? Did you want to prevent a user from executing a certain process? In the screen example, certain fields are masked, meaning the data is made invisible, so that an unauthorized user cannot view them.
The close relationship between realtime and SAP ensures ongoing seamless integration of bioLock Your existing SAP passwords and profiles are unchanged. bioLock is compatible with all versions of SAP from 4.x onwards User profiles can be customized as much, or as little, as your business rules and management policies require.
In this example, the user works in purchasing, and is trying to select the ME21N transaction to create a purchase order. Since purchasing is considered a critical function, the bioLock message box pops up and requires the user to provide a fingerprint scan. After successful authentication, the prompt disappears and the user continues working as usual. Please note that this could have been any other transaction type, not just purchasing.
Here is an example of the automatically generated audit file. Note the distinction between the SAP User column and the bioLock User column. The log file will identify suspect events such as failed log-on attempts or attempts at unauthorized actions. Events such as viewing of financial data provide a strong Sarbanes-Oxley audit trail. Any attempt to share passwords, as in this example, will be prevented.
Here are some examples of success stories. 1- HR data was protected while ensuring HIPAA compliance 2- Senior management achieved control of purchasing to prevent unauthorized use of funds. 3- Internal fraud risk was mitigated by the use of data masking and financial controls 4- Payroll and expense account fraud were controlled after years of abuse 5- A nuclear power plant protects and controls mission-critical workflow components
Let’s summarize a few key points: Installation and configuration of bioLock can be done very rapidly, with minimal IT support and very little impact on users. Ongoing SAP compatibility is assured. Very quickly, your organization can achieve dramatically increased SAP security capability The cost of installing a bioLock 100-license starter package is less than a typical single fraud incident
Please contact us if you would like more information, or to arrange a demonstration. Thank you for time.
<ul><li>Founded in 1986 by former SAP ® managers </li></ul><ul><li>Certified software, services & special expertise partner </li></ul><ul><li>Specializing in governance, risk and compliance (GRC) </li></ul><ul><li>Serving many industry sectors including food, </li></ul><ul><li>pharmaceutical, chemical, automotive, aerospace, </li></ul><ul><li>defense, engineering, government and more </li></ul><ul><li>Flagship software product, certified by SAP ® since 2002 is </li></ul><ul><li>Bulletproof SAP ® security at your fingertips! </li></ul>Who is realtime ?
Selected realtime clients 3M, AIRBUS, Alcan, BASF IT Services B.V., Bayer, Bayer CropScience, Brevard County Government, California State University, Campbell's, GlaxoSmithKline, Harman Kardon Music Group, Krupp Bilstein, Linde, Loewe Opta, Marathon Oil, Océ Document Technologies, Polk County School District, Purdue Pharma, Siemens, ThyssenKrupp Michigan, Toyota, United States Army… <ul><li>Over 200 global clients served! </li></ul>
What were these users looking for? <ul><li>was developed to provide these benefits demanded by users: </li></ul><ul><li>Dramatically increase SAP ® security capabilities </li></ul><ul><li>Manage user identities via indisputable biometrics </li></ul><ul><li>Control access to functions down to the field level </li></ul><ul><li>Enforce true Segregation of Duties (SoD) </li></ul><ul><li>Ensure meaningful compliance with: Sarbanes-Oxley, HIPAA, ITAR and more </li></ul>
Is your system bulletproof? Standard Version + Bulletproof Version Bulletproof Protection Standard Protection
<ul><li>According to the ACFE’s 2010 Report to the Nations on Occupational Fraud and Abuse , based on global data, organizations lose about 5% of annual revenue to fraud. </li></ul><ul><li>Insider schemes can go undetected for years, frequently involve first-time offenders. </li></ul><ul><li>Ref: Association of Certified Fraud Examiners www.acfe.com </li></ul>#1 Risk: Fraud is a growth industry
<ul><li>Risk of Financial Fraud? </li></ul><ul><li>HIPAA Compliance? </li></ul><ul><li>Sarbanes-Oxley (Section 404)? </li></ul><ul><li>ITAR ? </li></ul><ul><li>Industrial Espionage? </li></ul><ul><li>Other regulations? </li></ul>Are you concerned about…
<ul><li>Decline in stock price? </li></ul>How would an incident affect you? <ul><li>Financial loss? </li></ul><ul><li>Negative publicity? </li></ul><ul><li>Lawsuits? </li></ul><ul><li>Loss of intellectual property? </li></ul>
<ul><li>“ What you have ”, </li></ul><ul><li>e.g. CAC card, smart card: </li></ul>3 types of security protection “ Who you are ”, e.g. fingerprint scan: “ What you know ”, i.e. password or PIN:
Biometric technology offers the highest security Fingerprint Scan = Maximum Security
Are you still relying on this? User password SAP ® Software <ul><li>Passwords are often written down, borrowed or stolen. </li></ul><ul><li>Provide “perimeter” security but no additional layers! </li></ul><ul><li>Traditional SAP ® log-on process uses passwords </li></ul>
How to Bulletproof your system: <ul><li>Upgrade SAP ® user profiles with fingerprint scans </li></ul><ul><li>Users are prompted as shown when performing critical functions </li></ul><ul><li>Fingerprint scans prove conclusively who users are - while protecting their privacy! </li></ul>X SAP ® Software Encrypted scan User’s fingerprint
What devices can verify user identity? Plus one of these … (optional) + Potential Future Development
bioLock is compatible with over 80 laptops (with built-in fingerprint sensor) and over 50 independent devices like mice, keyboards, or PCMCIA Cards. is hardware independent Cherry ID Mouse Convenient Touch Sensor bioLock ID Mouse Powered by Secugen Leading Laptops 23% have Swipe Sensors Secugen Hamster FIPS 201 Compliant UPEK Eikon Low-cost Device Cherry Keyboard Smart Card Option Zvetco P5000 High End Device
SAP ® log-on & system access with Logon Logon authorized Logon blocked bioLock checks authentication rules bioLock user/ function bioLock prompts you for fingerprint Fingerprint comparison with table bioLock templates bioLock identifies unique points (minutiae) within a fingerprint and creates an encrypted, digital template – no images of fingerprints are ever stored! Note:
System Log-on Transaction Bulletproof security requires 5 Levels Any Field Perimeter Security - Level I Transactions – Level II Fields - Level III bioLock can control all 5 Levels using fingerprint scans! Financial Limits – Level IV Dual Approval – Level V
<ul><li>Log-on to a Profile (e.g. Admin) </li></ul><ul><li>Transactions (e.g. HR / PO / Finance) </li></ul><ul><li>Infotypes (e.g. 008/167 etc.) </li></ul><ul><li>Buttons (e.g. Print / Export / Execute) </li></ul><ul><li>Display (e.g. Balance Sheet) </li></ul><ul><li>Execute (e.g. prevent execution of anything…) </li></ul><ul><li>Tables within SE16/SE16N </li></ul><ul><li>Programs within SE38 </li></ul><ul><li>Values (e.g. wire transfer over a certain amount) </li></ul><ul><li>Screens (e.g. export control / ITAR ) </li></ul><ul><li>Dual Authentication </li></ul><ul><li>Mask Fields (e.g. make data invisible) </li></ul>Multiple Control Points per User Example – Masking Field Data:
<ul><li>Unaffected by SAP ® versions or upgrades </li></ul><ul><li>Existing SAP ® passwords and authorizations are unchanged </li></ul><ul><li>Compatible with all SAP ® versions from 4.x onward </li></ul><ul><li>Profiles are 100% customizable on a user-by-user basis </li></ul><ul><li>Roll-out timetable is entirely controlled by you. </li></ul><ul><li>You decide what aspect of your system needs to be protected and how stringently! </li></ul>- Seamless Integration Bulletproof bioLock Security
User selects the transaction “ME21N” to create a purchase order NOTE: This could be virtually any R/3 transaction such as SE16 or SE38 Example – what a user sees… User is prompted for a fingerprint scan to complete the activity (Security Level II)
Log File Enhanced activity logging Sorted by error / threat category <ul><li>Audit trail is greatly enhanced </li></ul>Example: Unauthorized attempt to log on with another user’s Password SAP USER profile… … and the REAL USER as identified by fingerprint
Sample Success Stories - <ul><li>Achieve compliance with HIPAA by protecting private employee / HR information </li></ul><ul><li>Ensure proper approvals for purchasing by automating workflow with external browser access for senior executives </li></ul><ul><li>International bank prevents fraud with dual authentication and strong financial controls, masking data from unauthorized viewing </li></ul><ul><li>School Board prevents payroll and personal expense fraud which went undetected for years </li></ul><ul><li>European power plant protects all purchase orders and workflow for several thousand users </li></ul>
Benefits of <ul><li>Installation and configuration of bioLock is very rapid. </li></ul><ul><li>Training requirements are minimal. </li></ul><ul><li>Impact on users and IT support staff is low, both during installation and in use. Only “power users” are involved. </li></ul><ul><li>Ongoing compatibility with different SAP ® versions is assured. </li></ul><ul><li>In a very short time, you can start enjoying benefits such as: </li></ul><ul><ul><ul><li>Dramatically increased SAP ® security capabilities </li></ul></ul></ul><ul><ul><ul><li>Manage users ’ identities via indisputable biometrics </li></ul></ul></ul><ul><ul><ul><li>Control access to functions down to the field level </li></ul></ul></ul><ul><ul><ul><li>Enforce true Segregation of Duties (SoD) </li></ul></ul></ul><ul><ul><ul><li>Attain meaningful compliance with SOX, HIPAA & ITAR </li></ul></ul></ul><ul><li>A starter package could cost less than a single fraud incident. </li></ul>
realtime North America, Inc. WORLD TRADE CENTER 1101 Channelside Drive, Tampa, FL 33602 T: 813-283-0070 F: 813-283-0071 Email: firstname.lastname@example.org Web: www.bioLock.us Martin Lum Director of Business Development, Northeast 813-310-7007 Please contact us for a demonstration or pilot installation: 1-877-bioLock [email_address]