UL Transaction Security, profile picture
Uploaded byUL Transaction Security
PPTX, PDF903 views

BREACHED: Data Centric Security for SAP

SECUDE is an innovative provider of IT security solutions for SAP customers. It focuses on data-centric security and classification with its Halocore solutions. Halocore allows users to identify sensitive data extracted from SAP, apply data loss prevention controls, and protect documents with rights management. This helps mitigate security risks, reduce compliance costs, and prevent data breaches and theft. The presenters discuss how rising security threats, lack of preparedness, and stringent compliance regulations are pushing companies to find new ways to secure their SAP data.

Embed presentation

Downloaded 12 times
Keep it Confidential • Established in 1996, Spin-Off from Fraunhofer & SAP • Developer of a Secure Login (SAP Single Sign-On) technology, sold to SAP in 2011 • SAP partner and Value Added Reseller (VAR) • Trusted by a large number of Fortune 500 and DAX companies • 4 global locations: Switzerland, Germany, USA, India • New focus extends to data-centric security and classification with Halocore solutions SECUDE is an innovative global provider of IT data protection solutions for SAP customers. Our user- friendly solutions protect the integrity of data, prevent intellectual property theft and data breaches, while enforcing regulatory compliance.
Solution Overview
Speakers Aparna Jue, Technical Product Manager Aparna is the Product Manager for Secude and is responsible for product planning, voice of customer, design, project management and launch of key vertical products. Aparna holds a Bachelors of Science degree in Electrical and Computer Engineering from the Georgia Institute of Technology, focusing on Network Communications and has completed graduate research course work in Material Science Engineering in Semi Conductor technology. David A. Kilgallon, ISA, PCIP, Director of Integration Services David has over 24 years of experience in the IT/Application Development, Deployment and Support fields. David has worked in positions of leadership at Oracle and Johnson & Johnson and supported numerous Fortune 500 companies. His Bachelor of Computer Engineering degree is from Lehigh University. Rupali Goyal, SAP Solution Architect Rupali is CardConnect’s SAP Solution Architect. She has nine years of experience in various SAP areas – FI-CO, SD – and has worked on other SAP products including SAP R/3, SAP ERP, SAP Enterprise Portal and SAP Solution Manager Systems. Before coming to CardConnect, Rupali worked for SAP Labs India and SAP America, Inc. PA.
1 Agenda 2 3 Security Risk is on the Rise What Can You Do to Mitigate the Risk Compliance Landscape
Security Risk is on the Rise
Security Risk is on the Rise Datafication • Businesses today cannot operate without their data infrastructure • Every 2 years world’s data is doubling in size BYOx • Bring Your Own… ANYTHING • IT consumerization leads to loss of control over corporate data Data Breaches • Credit Card loss has damaged brands • Even compliance isn’t sufficient
Security Risk is on the Rise Borderless IT • Corporate perimeter is eroding/has eroded • Knowing where your data is has become a challenge • Keeping track of data is next to impossible • Data exists to be consumed and shared • Locking everything down and disallowing employees to use data is counter- productive • Data itself should be protected for secure movement and usage • Key data should be removed to prevent the possibility of theft
Security Risk is on the Rise Businesses Aren’t Prepared 27% of IT professionals admitted that they did not know the trends of data loss incidents over the past few years. (Cisco Systems) 39% of IT professionals worldwide were more concerned about the threat from their own employees than the threat from outside hackers. (Cisco Systems) 40% of organizations experienced a data breach or failed a compliance audit in the last year. (2015 Vormetric Insider Threat Report) 93% of U.S. organizations said that they felt vulnerable to insider attacks, only 7% felt safe. (2015 Vormetric Insider Threat Report) Cybercrime- related costs increased 56% from the previous year to US$5.9 million per incident in 2014. Deloitte
Security Risk is on the Rise The Risk is Real Sony Pictures: The Data Breach and How The Criminals Won Home Depot’s 56 Million Card Breach Bigger Than Target’s Cost of data breaches increasing to average of $3.8 million, study says Millions exposedbylatest healthinsurancehack Uber Says Security Breach May Have Compromised Driver Data Target agrees to pay $10 million to data breach victims Anthem Hacked, Millions of Records Likely Stolen Massive data breach could affect every federal agency
Security Risk is on the Rise Costs Associated with Risk 42% 29% 30% Cause of Data Breach Malicious attack System glitch Human error Financial consequences of a data breach Divided by categories 29% Reputation damage 21% Lost productivity 12% Forensics 19% Lost revenue 10% Technical support 8% Regulatory $5.85 million Source: IBM Average cost of data breach in USA in 2013 Source: 2014 Cost of Data Breach, Ponemon Institute
What Can You Do to Mitigate the Risk
SAP Data at the Heart of the Enterprise
Every Day Data is Extracted from SAP
Context Awareness
Classification • Identify sensitive data extracted from SAP with intelligent classification • Maximize SAP users’ investment in data governance solutions • Gain 360 degree visibility and control • Optimize Data Loss Prevention (DLP) Benefits of Halocore’s classification functionality: • Ability to tag data extracted from SAP • Lowered compliance costs • Improved accuracy of DLP • Increased user awareness
Data Loss Prevention • Empower users with first SAP-native DLP functionality • Prevent accidental and malicious data leaks from SAP • Prevent certain types of compliance sensitive data from leaving the enterprise Deep integration with SAP and contextual awareness: • User (Roles, Authorization) • Data (Transaction, Table) • Technical environment (Front-end, App. Component)
Data Centric Protection • Apply granular access control and rights management to documents extracted from SAP with Microsoft RMS • Minimize the risk of data breaches, theft and accidental loss • Secure data across mobile and cloud platforms • Enable secure sharing with colleagues and partners By utilizing RMS, Halocore allows SAP users to restrict access to sensitive data: • Roles and authorizations configured in SAP can be extended to data leaving it • Protection stays with the file no matter where it travels • Documents can be safely consumed on mobile devices
Next Steps • Start with Auditing! • Understand what data is extracted from SAP and how sensitive it is • Identify risky areas, users, and transactions • Maintain a full audit trail for compliance purposes Halocore can help SAP users to gain knowledge: • What sensitive data they have • Where it resides • Who is accessing their data • What actions they perform with it
Next Steps • Find Out How Much Data is Leaving SAP • Identify Sensitive Data • Build Business Case for – Classification – Blocking – Protection – Compliance
Compliance Landscape
Compliance Landscape The Data-fication of Businesses = Increasingly strict compliance regulations Layered Security Approach • Network Protection: DLP, Firewalls, VPN • Storage Protection: FDE, DB Encryption • File-based Protection: IRM / DRM
PCI Cost Components Key Compliance Cost: PCI DSS • Consists of hard costs in real dollars spent with external auditors • It’s essential to prevent the exposure to loss of credit card data • PCI compliance alone is not sufficient to protect your data: PCI DSS comprises a minimum set of requirements for protecting cardholder data, and may be enhanced by additional controls and practices to further mitigate risks, as well as local, regional and sector laws and regulations. Payment Card Industry (PCI) Data Security Standard, v3.0 Page 5 © 2006-2013 PCI Security Standards Council, LLC. All Rights Reserved. November 2013
PCI Cost Components Businesses spend on average $225,000 per year to ensure PCI compliance • Top 10% of businesses pay $500,000 or more annually • Where does the money go? > Initial scope > QSA audits > Full time resources > Self-Assessment Questionnaire Average annual cost of PCI compliance audit? $225k Ellen Messmer; Networkworld.com
PCI Scope Reduction Before After SAQ-D SAQ-A/B QSA Costs - $100,000+ Reduced Audit Requirements - $3,000 2 Full-Time Equivalents 1 Full-Time Equivalent
P2PE and Tokenization • Point-to-Point Encryption and patented tokenization > Irreversible tokens > Single-use vs. multi-use tokens
P2PE and Tokenization
Why Tokenize? • Tokenization removes sensitive data from SAP entirely – reducing PCI scope and ultimately, reducing cost > Remove historical payment card data from SAP via batch tokenization > Implement encryption and tokenization for all new transactions
Secure Future Transactions • Apply to existing sales channels > SAP GUI, iStore, integrations > POS, mobile, e-commerce, and more • SAP-to-Gateway integration
SAP  CardSecure® Landscape
SAP Process Flow Create Order In SAP, execute VA01 and enter the required information for the order and hit enter. Enter the payment information using the ‘Enter Card’ button on the screen. The system automatically authorizes the sales order on ‘save’. Create Settlement In SAP, execute transaction FCC1 to run the settlement. The settlement batches are sent to CardConnect for processing.
CardConnect Web Tokenizer from SAP Order Entry Screen
SAP Payment Acceptance Additional Features Account Updater > Update expired cards automatically Level II/Level III > Lowers interchange costs Bank Account Masking > Mask sensitive information CardClear > Clear open invoices in SAP Authorization and Settlement Reports > Detailed ALV reports outlining important information Auth Increase | TokenSecure | Settlement Consolidation | CardDeposit | Address Fill | E-Check | PrePay Invoice Cancellation | Monitoring Report | Auth Reversal | Authorization Wrapper | Settlement Wrapper CardCopy | Process Flow Report | Auth Recycle | CardMasking | Reconciliaiton Report
Q&A
Aparna Jue SECUDE aparna.jue@usa.secude.com David Kilgallon, ISA, PCIP CardConnect dkilgallon@cardconnect.com Rupali Goyal CardConnect rgoyal@cardconnect.com BREACHED Data Centric Security for SAP

More Related Content

PPT
DLP
bysaurabh.sood
 
PDF
DLP Executive Overview
byKim Jensen
 
PPTX
Data Security: Why You Need Data Loss Prevention & How to Justify It
byMarc Crudgington, MBA
 
PPT
5 Myths About Data Loss Prevention
byGary Bahadur
 
PDF
ISSA DLP Presentation - Oxford Consulting Group
byaengelbert
 
PDF
Keep Up with the Demands of IT Security on a Nonprofit Budget
byBVU
 
PPTX
IT Asset Management by Miradore
byMiradore
 
PDF
Symantec Data Loss Prevention 11
bySymantec
 
DLP
bysaurabh.sood
 
DLP Executive Overview
byKim Jensen
 
Data Security: Why You Need Data Loss Prevention & How to Justify It
byMarc Crudgington, MBA
 
5 Myths About Data Loss Prevention
byGary Bahadur
 
ISSA DLP Presentation - Oxford Consulting Group
byaengelbert
 
Keep Up with the Demands of IT Security on a Nonprofit Budget
byBVU
 
IT Asset Management by Miradore
byMiradore
 
Symantec Data Loss Prevention 11
bySymantec
 

What's hot

PDF
Overview of Data Loss Prevention (DLP) Technology
byLiwei Ren任力偉
 
PDF
Symantec DLP for Tablet
bySymantec
 
PPTX
Enterprise API Security & Data Loss Prevention - Intel
byIntel - API Security & Tokenization
 
PDF
InDefend-Integrated Data Privacy Offerings
byData Resolve Technologies Pvt. Ltd.
 
PPTX
DSS ITSEC 2013 Conference 07.11.2013 - For your eyes only - Symantec PGP Re-L...
byAndris Soroka
 
PPTX
Marc Crudgington Who I Am
byMarc Crudgington, MBA
 
PPT
Shariyaz abdeen data leakage prevention presentation
byShariyaz Abdeen
 
PPTX
Data Loss Prevention from Symantec
byArrow ECS UK
 
PPTX
Data Leakage Prevention
byDhananjay Aloorkar
 
PPTX
The CISO’s Guide to Data Loss Prevention
byDigital Guardian
 
PPT
How Network Data Loss Prevention is Implemented
byJerry Paul Acosta
 
PDF
The Definitive Guide to Data Loss Prevention
byDigital Guardian
 
PPTX
Retail Security: Closing the Threat Gap
byTripwire
 
PPSX
Retail security-services--client-presentation
byJoseph Schorr
 
PDF
Dlp notes
byanuepcet
 
PDF
Be Aware Webinar Symantec-Maxímice su prevención hacia la fuga de la información
bySymantec LATAM
 
PPT
It Capabilities.2009
byDiontealley
 
PPT
Data Leakage Presentation
byMike Spaulding
 
PPTX
Humans Are The Weakest Link – How DLP Can Help
byValery Boronin
 
PPTX
DLP customer presentation
byMedley India Infosolution Pvt Ltd
 
Overview of Data Loss Prevention (DLP) Technology
byLiwei Ren任力偉
 
Symantec DLP for Tablet
bySymantec
 
Enterprise API Security & Data Loss Prevention - Intel
byIntel - API Security & Tokenization
 
InDefend-Integrated Data Privacy Offerings
byData Resolve Technologies Pvt. Ltd.
 
DSS ITSEC 2013 Conference 07.11.2013 - For your eyes only - Symantec PGP Re-L...
byAndris Soroka
 
Marc Crudgington Who I Am
byMarc Crudgington, MBA
 
Shariyaz abdeen data leakage prevention presentation
byShariyaz Abdeen
 
Data Loss Prevention from Symantec
byArrow ECS UK
 
Data Leakage Prevention
byDhananjay Aloorkar
 
The CISO’s Guide to Data Loss Prevention
byDigital Guardian
 
How Network Data Loss Prevention is Implemented
byJerry Paul Acosta
 
The Definitive Guide to Data Loss Prevention
byDigital Guardian
 
Retail Security: Closing the Threat Gap
byTripwire
 
Retail security-services--client-presentation
byJoseph Schorr
 
Dlp notes
byanuepcet
 
Be Aware Webinar Symantec-Maxímice su prevención hacia la fuga de la información
bySymantec LATAM
 
It Capabilities.2009
byDiontealley
 
Data Leakage Presentation
byMike Spaulding
 
Humans Are The Weakest Link – How DLP Can Help
byValery Boronin
 
DLP customer presentation
byMedley India Infosolution Pvt Ltd
 

Similar to BREACHED: Data Centric Security for SAP

PPTX
Your data is your business: Secure it or Lose it!
byPerformance Tuning Corporation
 
PPTX
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...
byUlf Mattsson
 
PDF
365 infographic-compliance
by365 Data Centers
 
PPT
Life After Compliance march 2010 v2
bySafeNet
 
PPTX
A practical data privacy and security approach to ffiec, gdpr and ccpa
byUlf Mattsson
 
PDF
Blinde la seguridad de su empresa
bySAP Latinoamérica
 
PDF
RSA Presentation - 5 Steps to Improving PCI Compliance
byEMC
 
PPTX
Aligning Application Security to Compliance
bySecurity Innovation
 
PPT
Data Security For Compliance 2
byFlaskdata.io
 
PPTX
UNCOVER DATA SECURITY BLIND SPOTS IN YOUR CLOUD, BIG DATA & DEVOPS ENVIRONMENT
byUlf Mattsson
 
PDF
API World 2019 Presentation on Securing sensitive data through APIs and AI pa...
bydsapps
 
PDF
GDPR: The Application Security Twist
bySecurity Innovation
 
PDF
Sask 3.0 Summit Pci dss presentation Bashir Fancy
bySaskSummit
 
PPTX
ControlCase Data Discovery and PCI DSS
byControlCase
 
PDF
Rethinking Segregation of Duties: Where Is Your Business Most Exposed?
bySAPinsider Events
 
PPTX
DS-12-Pre-sales Call-v6.6 for engagement and presales start
byemelylee001
 
PPT
Total FBO User Conference
byBranden Williams
 
PDF
How the latest trends in data security can help your data protection strategy...
byUlf Mattsson
 
PPTX
Cacs na isaca session 414 ulf mattsson may 10 final
byUlf Mattsson
 
PDF
Where In The World Is Your Sensitive Data?
byDruva
 
Your data is your business: Secure it or Lose it!
byPerformance Tuning Corporation
 
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...
byUlf Mattsson
 
365 infographic-compliance
by365 Data Centers
 
Life After Compliance march 2010 v2
bySafeNet
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
byUlf Mattsson
 
Blinde la seguridad de su empresa
bySAP Latinoamérica
 
RSA Presentation - 5 Steps to Improving PCI Compliance
byEMC
 
Aligning Application Security to Compliance
bySecurity Innovation
 
Data Security For Compliance 2
byFlaskdata.io
 
UNCOVER DATA SECURITY BLIND SPOTS IN YOUR CLOUD, BIG DATA & DEVOPS ENVIRONMENT
byUlf Mattsson
 
API World 2019 Presentation on Securing sensitive data through APIs and AI pa...
bydsapps
 
GDPR: The Application Security Twist
bySecurity Innovation
 
Sask 3.0 Summit Pci dss presentation Bashir Fancy
bySaskSummit
 
ControlCase Data Discovery and PCI DSS
byControlCase
 
Rethinking Segregation of Duties: Where Is Your Business Most Exposed?
bySAPinsider Events
 
DS-12-Pre-sales Call-v6.6 for engagement and presales start
byemelylee001
 
Total FBO User Conference
byBranden Williams
 
How the latest trends in data security can help your data protection strategy...
byUlf Mattsson
 
Cacs na isaca session 414 ulf mattsson may 10 final
byUlf Mattsson
 
Where In The World Is Your Sensitive Data?
byDruva
 

More from UL Transaction Security

PPTX
Webinar: Data Classification - Closing the Gap between Enterprise and SAP Data
byUL Transaction Security
 
PPTX
Webinar: Eliminating Negative Impact on User Experience from Security Solutions
byUL Transaction Security
 
PDF
Perimeter Security is Failing
byUL Transaction Security
 
PPTX
Solving Security, Collaboration, and Mobility Challenges in SAP With Microsof...
byUL Transaction Security
 
PDF
BYOD Webinar for SAP: Securing Data in a Mobile World
byUL Transaction Security
 
PDF
HR Security in SAP: Securing Data Beyond HCM Authorizations
byUL Transaction Security
 
PDF
Mobility & BYOD: Leveraging Best Practices and Latest Technologies for Compre...
byUL Transaction Security
 
PDF
WEBINAR - A New Era in HR Security for SAP
byUL Transaction Security
 
PPTX
What's New in Microsoft Rights Management Services
byUL Transaction Security
 
Webinar: Data Classification - Closing the Gap between Enterprise and SAP Data
byUL Transaction Security
 
Webinar: Eliminating Negative Impact on User Experience from Security Solutions
byUL Transaction Security
 
Perimeter Security is Failing
byUL Transaction Security
 
Solving Security, Collaboration, and Mobility Challenges in SAP With Microsof...
byUL Transaction Security
 
BYOD Webinar for SAP: Securing Data in a Mobile World
byUL Transaction Security
 
HR Security in SAP: Securing Data Beyond HCM Authorizations
byUL Transaction Security
 
Mobility & BYOD: Leveraging Best Practices and Latest Technologies for Compre...
byUL Transaction Security
 
WEBINAR - A New Era in HR Security for SAP
byUL Transaction Security
 
What's New in Microsoft Rights Management Services
byUL Transaction Security
 

Recently uploaded

PDF
MINDCTI Revenue Release Quarter 3 2025 - Financial Presentation
byMIND CTI
 
PDF
Skills to Pass the UiPath Agentic Automation Associate (UiAAA) Certification
byUiPathCommunity
 
PDF
How to Build a Crypto Wallet that Excels in 2026.pdf
byimoliviabennett
 
PDF
Agentic AI Roadmap 2026: Mastering Autonomous AI Workflows and Systems
byAeafat Ahmed Mubin
 
PDF
10 Best AI Tools for Fashion Brands in 2026
bymockitseo
 
PPTX
Achieve enterprise automation with SAP BTP solutions and SAP Signavio
bydarrellkiwi
 
PDF
Safer’s Picks: Recent FME Enhancements with Big Everyday Impact
bySafe Software
 
PPTX
Apache Kafka 101 for Techies in IT dep.pptx
byamulyareddyk97
 
PDF
Kubernetes Cloud Native Indonesia Meetup - January 2026
byPrasta Maha
 
PDF
Transcript: What ONIX can do: Leveraging metadata to support the discoverabil...
byBookNet Canada
 
DOCX
Best Web to Learn About Buying Verified Skrill Accounts (Los Angeles).docx
byhttps://topsellerit.com/product/buy-verified-binance-accounts/
 
PDF
How the EU Ecolabel's Record Growth Creates ESG Opportunities for CRE
byWastify AI
 
PPTX
Code Like Bro -A guide for better Coding
byMadan Panthi
 
PPTX
Storage-and-HCI-Positioning-update-sales.pptx
byhungungphu123
 
PDF
Introduction to Linux and Basic Commands
byiDev Semarang
 
PPTX
6G and Non-Terrestrial Networks (NTN) Testing.pptx
byXRComm
 
PPTX
AI Meets DBA Transforming Database Administration with Intelligence
byGeoPITS Global Pvt Ltd
 
PDF
CISO_2027_Playbook: Sovereign AI Resilience & Quantum-Proof Identity
bySaraDavis91
 
PPTX
API Gateway Architecture - Technical Report 2026
byPowersoft2026
 
PDF
Azure DevOps Managed Services: Driving Speed, Security, and Business Growth
byjohncarterjn
 
MINDCTI Revenue Release Quarter 3 2025 - Financial Presentation
byMIND CTI
 
Skills to Pass the UiPath Agentic Automation Associate (UiAAA) Certification
byUiPathCommunity
 
How to Build a Crypto Wallet that Excels in 2026.pdf
byimoliviabennett
 
Agentic AI Roadmap 2026: Mastering Autonomous AI Workflows and Systems
byAeafat Ahmed Mubin
 
10 Best AI Tools for Fashion Brands in 2026
bymockitseo
 
Achieve enterprise automation with SAP BTP solutions and SAP Signavio
bydarrellkiwi
 
Safer’s Picks: Recent FME Enhancements with Big Everyday Impact
bySafe Software
 
Apache Kafka 101 for Techies in IT dep.pptx
byamulyareddyk97
 
Kubernetes Cloud Native Indonesia Meetup - January 2026
byPrasta Maha
 
Transcript: What ONIX can do: Leveraging metadata to support the discoverabil...
byBookNet Canada
 
Best Web to Learn About Buying Verified Skrill Accounts (Los Angeles).docx
byhttps://topsellerit.com/product/buy-verified-binance-accounts/
 
How the EU Ecolabel's Record Growth Creates ESG Opportunities for CRE
byWastify AI
 
Code Like Bro -A guide for better Coding
byMadan Panthi
 
Storage-and-HCI-Positioning-update-sales.pptx
byhungungphu123
 
Introduction to Linux and Basic Commands
byiDev Semarang
 
6G and Non-Terrestrial Networks (NTN) Testing.pptx
byXRComm
 
AI Meets DBA Transforming Database Administration with Intelligence
byGeoPITS Global Pvt Ltd
 
CISO_2027_Playbook: Sovereign AI Resilience & Quantum-Proof Identity
bySaraDavis91
 
API Gateway Architecture - Technical Report 2026
byPowersoft2026
 
Azure DevOps Managed Services: Driving Speed, Security, and Business Growth
byjohncarterjn
 

BREACHED: Data Centric Security for SAP

  • 2.
    Keep it Confidential •Established in 1996, Spin-Off from Fraunhofer & SAP • Developer of a Secure Login (SAP Single Sign-On) technology, sold to SAP in 2011 • SAP partner and Value Added Reseller (VAR) • Trusted by a large number of Fortune 500 and DAX companies • 4 global locations: Switzerland, Germany, USA, India • New focus extends to data-centric security and classification with Halocore solutions SECUDE is an innovative global provider of IT data protection solutions for SAP customers. Our user- friendly solutions protect the integrity of data, prevent intellectual property theft and data breaches, while enforcing regulatory compliance.
  • 3.
  • 4.
    Speakers Aparna Jue, TechnicalProduct Manager Aparna is the Product Manager for Secude and is responsible for product planning, voice of customer, design, project management and launch of key vertical products. Aparna holds a Bachelors of Science degree in Electrical and Computer Engineering from the Georgia Institute of Technology, focusing on Network Communications and has completed graduate research course work in Material Science Engineering in Semi Conductor technology. David A. Kilgallon, ISA, PCIP, Director of Integration Services David has over 24 years of experience in the IT/Application Development, Deployment and Support fields. David has worked in positions of leadership at Oracle and Johnson & Johnson and supported numerous Fortune 500 companies. His Bachelor of Computer Engineering degree is from Lehigh University. Rupali Goyal, SAP Solution Architect Rupali is CardConnect’s SAP Solution Architect. She has nine years of experience in various SAP areas – FI-CO, SD – and has worked on other SAP products including SAP R/3, SAP ERP, SAP Enterprise Portal and SAP Solution Manager Systems. Before coming to CardConnect, Rupali worked for SAP Labs India and SAP America, Inc. PA.
  • 5.
    1 Agenda 2 3 Security Risk ison the Rise What Can You Do to Mitigate the Risk Compliance Landscape
  • 6.
    Security Risk ison the Rise
  • 7.
    Security Risk ison the Rise Datafication • Businesses today cannot operate without their data infrastructure • Every 2 years world’s data is doubling in size BYOx • Bring Your Own… ANYTHING • IT consumerization leads to loss of control over corporate data Data Breaches • Credit Card loss has damaged brands • Even compliance isn’t sufficient
  • 8.
    Security Risk ison the Rise Borderless IT • Corporate perimeter is eroding/has eroded • Knowing where your data is has become a challenge • Keeping track of data is next to impossible • Data exists to be consumed and shared • Locking everything down and disallowing employees to use data is counter- productive • Data itself should be protected for secure movement and usage • Key data should be removed to prevent the possibility of theft
  • 9.
    Security Risk ison the Rise Businesses Aren’t Prepared 27% of IT professionals admitted that they did not know the trends of data loss incidents over the past few years. (Cisco Systems) 39% of IT professionals worldwide were more concerned about the threat from their own employees than the threat from outside hackers. (Cisco Systems) 40% of organizations experienced a data breach or failed a compliance audit in the last year. (2015 Vormetric Insider Threat Report) 93% of U.S. organizations said that they felt vulnerable to insider attacks, only 7% felt safe. (2015 Vormetric Insider Threat Report) Cybercrime- related costs increased 56% from the previous year to US$5.9 million per incident in 2014. Deloitte
  • 10.
    Security Risk ison the Rise The Risk is Real Sony Pictures: The Data Breach and How The Criminals Won Home Depot’s 56 Million Card Breach Bigger Than Target’s Cost of data breaches increasing to average of $3.8 million, study says Millions exposedbylatest healthinsurancehack Uber Says Security Breach May Have Compromised Driver Data Target agrees to pay $10 million to data breach victims Anthem Hacked, Millions of Records Likely Stolen Massive data breach could affect every federal agency
  • 11.
    Security Risk ison the Rise Costs Associated with Risk 42% 29% 30% Cause of Data Breach Malicious attack System glitch Human error Financial consequences of a data breach Divided by categories 29% Reputation damage 21% Lost productivity 12% Forensics 19% Lost revenue 10% Technical support 8% Regulatory $5.85 million Source: IBM Average cost of data breach in USA in 2013 Source: 2014 Cost of Data Breach, Ponemon Institute
  • 12.
    What Can YouDo to Mitigate the Risk
  • 13.
    SAP Data atthe Heart of the Enterprise
  • 14.
    Every Day Datais Extracted from SAP
  • 15.
  • 16.
    Classification • Identify sensitivedata extracted from SAP with intelligent classification • Maximize SAP users’ investment in data governance solutions • Gain 360 degree visibility and control • Optimize Data Loss Prevention (DLP) Benefits of Halocore’s classification functionality: • Ability to tag data extracted from SAP • Lowered compliance costs • Improved accuracy of DLP • Increased user awareness
  • 17.
    Data Loss Prevention •Empower users with first SAP-native DLP functionality • Prevent accidental and malicious data leaks from SAP • Prevent certain types of compliance sensitive data from leaving the enterprise Deep integration with SAP and contextual awareness: • User (Roles, Authorization) • Data (Transaction, Table) • Technical environment (Front-end, App. Component)
  • 18.
    Data Centric Protection •Apply granular access control and rights management to documents extracted from SAP with Microsoft RMS • Minimize the risk of data breaches, theft and accidental loss • Secure data across mobile and cloud platforms • Enable secure sharing with colleagues and partners By utilizing RMS, Halocore allows SAP users to restrict access to sensitive data: • Roles and authorizations configured in SAP can be extended to data leaving it • Protection stays with the file no matter where it travels • Documents can be safely consumed on mobile devices
  • 19.
    Next Steps • Startwith Auditing! • Understand what data is extracted from SAP and how sensitive it is • Identify risky areas, users, and transactions • Maintain a full audit trail for compliance purposes Halocore can help SAP users to gain knowledge: • What sensitive data they have • Where it resides • Who is accessing their data • What actions they perform with it
  • 20.
    Next Steps • FindOut How Much Data is Leaving SAP • Identify Sensitive Data • Build Business Case for – Classification – Blocking – Protection – Compliance
  • 21.
  • 22.
    Compliance Landscape The Data-ficationof Businesses = Increasingly strict compliance regulations Layered Security Approach • Network Protection: DLP, Firewalls, VPN • Storage Protection: FDE, DB Encryption • File-based Protection: IRM / DRM
  • 23.
    PCI Cost Components KeyCompliance Cost: PCI DSS • Consists of hard costs in real dollars spent with external auditors • It’s essential to prevent the exposure to loss of credit card data • PCI compliance alone is not sufficient to protect your data: PCI DSS comprises a minimum set of requirements for protecting cardholder data, and may be enhanced by additional controls and practices to further mitigate risks, as well as local, regional and sector laws and regulations. Payment Card Industry (PCI) Data Security Standard, v3.0 Page 5 © 2006-2013 PCI Security Standards Council, LLC. All Rights Reserved. November 2013
  • 24.
    PCI Cost Components Businessesspend on average $225,000 per year to ensure PCI compliance • Top 10% of businesses pay $500,000 or more annually • Where does the money go? > Initial scope > QSA audits > Full time resources > Self-Assessment Questionnaire Average annual cost of PCI compliance audit? $225k Ellen Messmer; Networkworld.com
  • 25.
    PCI Scope Reduction BeforeAfter SAQ-D SAQ-A/B QSA Costs - $100,000+ Reduced Audit Requirements - $3,000 2 Full-Time Equivalents 1 Full-Time Equivalent
  • 26.
    P2PE and Tokenization •Point-to-Point Encryption and patented tokenization > Irreversible tokens > Single-use vs. multi-use tokens
  • 27.
  • 28.
    Why Tokenize? • Tokenizationremoves sensitive data from SAP entirely – reducing PCI scope and ultimately, reducing cost > Remove historical payment card data from SAP via batch tokenization > Implement encryption and tokenization for all new transactions
  • 29.
    Secure Future Transactions •Apply to existing sales channels > SAP GUI, iStore, integrations > POS, mobile, e-commerce, and more • SAP-to-Gateway integration
  • 30.
  • 31.
    SAP Process Flow CreateOrder In SAP, execute VA01 and enter the required information for the order and hit enter. Enter the payment information using the ‘Enter Card’ button on the screen. The system automatically authorizes the sales order on ‘save’. Create Settlement In SAP, execute transaction FCC1 to run the settlement. The settlement batches are sent to CardConnect for processing.
  • 32.
    CardConnect Web Tokenizerfrom SAP Order Entry Screen
  • 33.
    SAP Payment Acceptance AdditionalFeatures Account Updater > Update expired cards automatically Level II/Level III > Lowers interchange costs Bank Account Masking > Mask sensitive information CardClear > Clear open invoices in SAP Authorization and Settlement Reports > Detailed ALV reports outlining important information Auth Increase | TokenSecure | Settlement Consolidation | CardDeposit | Address Fill | E-Check | PrePay Invoice Cancellation | Monitoring Report | Auth Reversal | Authorization Wrapper | Settlement Wrapper CardCopy | Process Flow Report | Auth Recycle | CardMasking | Reconciliaiton Report
  • 34.
  • 35.
    Aparna Jue SECUDE aparna.jue@usa.secude.com David Kilgallon,ISA, PCIP CardConnect dkilgallon@cardconnect.com Rupali Goyal CardConnect rgoyal@cardconnect.com BREACHED Data Centric Security for SAP