WEBINAR - A New Era in HR Security for SAP

1,196 views
1,098 views

Published on

The HR landscape is changing. Sensitive personnel information is at high risk and proper security measure need to be taken to protect the information in SAP. Secure your HR data on premise, and in the cloud. Watch the full length webinar here - http://goo.gl/LG4av3

Published in: Recruiting & HR, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,196
On SlideShare
0
From Embeds
0
Number of Embeds
9
Actions
Shares
0
Downloads
9
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

WEBINAR - A New Era in HR Security for SAP

  1. 1. A NEW ERA IN HR SECURITY Presenters: MHP: Jason Sanders – Speaker SECUDE: Anne Marie Colombo – Speaker SECUDE: Michael Kummer – Panelist SECUDE: Aparna Jue – Moderator 2/26/14 SECUDE - MHP 2014 1
  2. 2. Objective How to Secure HR Data on Premise and in the Cloud Agenda •  The Landscape: Understanding the Environment •  The Issue: HR Data Security •  Mitigating the Risk: What Can You Do •  Demo •  Q&A Session 2/26/14 SECUDE - MHP 2014 2
  3. 3. THE HR LANDSCAPE Jason Sanders 2/26/14 SECUDE - MHP 2014 3
  4. 4. The Landscape •  SAP’s HCM Module •  Data is stored on-premise •  Accessible by everyone with access to the server •  Success Factors •  Data is stored in the cloud •  Data can be shared and manipulated by anyone – no tracking •  Hybrid •  Data is stored both on-premise and in the cloud •  Data moves between the two with no protection 2/26/14 SECUDE - MHP 2014 4
  5. 5. 2/26/14 SECUDE - MHP 2014 5 The Right Mix
  6. 6. Risks & Regulations HR Data •  Payroll data •  Social Security Numbers •  State-Issued Identification •  Government forms (I-9, W2, etc.) Compliance Regulations •  HIPPA •  SOX •  Safe Harbour 2/26/14 SECUDE - MHP 2014 6
  7. 7. HR DATA SECURITY ISSUES Anne Marie Colombo 2/26/14 SECUDE - MHP 2014 7
  8. 8. Data Breaches •  90% experienced leakage /loss of sensitive documents over 12 months •  In 2013, the average cost of data breach in USA was over $5.4 million •  Most states have “breach laws” •  Cover specific data, such as SSN, drivers license and credit card numbers 2/26/14 8 2013 The Risk of Insider Fraud Study, Ponemon Institute •  743 Individuals •  CIO/CSO or direct report •  10 avg experience SECUDE - MHP 2014 37 39 24 Cause of Data Breach Malicious Attack Negligence System Glitch Cost of Data Breach Report | Ponemon Institute 2013
  9. 9. The Risk is Real 2/26/14 SECUDE - MHP 2014 9 Virginia Tech Job Application Server Hacked Personal Data Exposed August 2013, - Virginia Tech University server in thehuman resources department was illegally accessed.Hackers got into a database, containing a decede’sworth of applicants data, from 2003 to 2013. Personaldata of 114,963 individuals was exposed. Phoenix-Based Waste Management Company Suffers HR Data Breach August 2013, - An unencrypted laptop was stolen from a Republic Services’ employee’s home. The laptop contained names and social security numbers of current and former employees. 82,160 individuals could have been affected. US Department of Energy Hack Disclosed Employee Data February 2013, - The U.S. Department of Energy saidthat personal information about 14,000 employees andcontractors was stolen in a mid-January hack. Hackershad gained access to personal information, includingSocial Security numbers
  10. 10. HR Data is Constantly on the Move 2/26/14 SECUDE - MHP 2014 10 HR Data is exported from SAP •  Reporting •  Data crunching •  Analysis Cloud & Mobility •  Explosion of cloud services and providers •  BYOD: are you losing track of your data?
  11. 11. Where is the data? Competitor Partner Employees File Server 2/26/14 SECUDE - MHP 2014 11
  12. 12. MITIGATING THE RISK Jason Sanders Michael Kummer 2/26/14 SECUDE - MHP 2014 12
  13. 13. Protecting Hybrid Environment •  Access on premise by establishing a secured tunnel using SAP Cloud Connector (SCC) •  Delegation to a central service (IdP) enables Single Sign-On (SSO) between multiple Cloud applications •  Mature and proven security standards for integration with IdP •  Enable federated authentication supporting the following methods: ü  SAP ID Service – “out-of-the-box” IdP in the Cloud ü  Your own IdP (e.g. in the corporate network) •  Consume data services based on rest API’s or gateway services (oDATA) Non-SAP System ERP SAP NetWeaver Gateway 13
  14. 14. Protecting SAP NetWeaver Protect data inside of SAP •  Roles & Authorizations •  Check HCM Authorizations in new and existing roles •  Review PLOG in existing roles •  Restrict OTYPE •  Check P_ABAP in existing roles Extend protection to data leaving SAP •  Authorizations need to be extended to wherever the data goes 2/26/14 SECUDE - MHP 2014 14
  15. 15. Existing Technologies •  Network •  Data Leakage Prevention (DLP) •  Firewalls •  Virtual Private Network (VPN) •  Storage •  Full Disk Encryption (FDE) •  Database Encryption •  File •  Pretty Good Privacy (PGP) •  Information Rights Management (IRM) 2/26/14 SECUDE - MHP 2014 File Encryption Storage Network
  16. 16. Microsoft AD RMS Built on industry leading Microsoft Rights Management technology Access Control Encryption Policy Enforcement Unauthorized User Trusted Partner 2/26/14 SECUDE - MHP 2014 16
  17. 17. Protecting Data that Leaves SAP 2/26/14 SECUDE - MHP 2014 17
  18. 18. Demo: Protecting HR Data Leaving SAP 2/26/14 18SECUDE - MHP 2014
  19. 19. Where to start? 2/26/14 SECUDE - MHP 2014 19 SECUDE Data Export Auditor for SAP •  Free tool to monitor all data leaving SAP •  Each and every download is tracked •  Intelligent classification •  Download http://www.secude.com/solutions/halocore-data-export-auditor-for-sap/
  20. 20. Potential Next Steps •  Download Data Export Auditor •  Win a free 30 minute consulting session with MHP to help analyze your HR landscape 2/26/14 SECUDE - MHP 2014 20
  21. 21. Questions 2/26/14 SECUDE - MHP 2014 21
  22. 22. Thank you for your attention! Jason Sanders Practice Leader – HR & Emerging Technologies Jason.sanders@mhp.com 404-789-8981 Anne Marie Colombo SECUDE IT Security Anne.colombo@usa.secude.com (404) 915-9687 22

×