Webinar: Data Classification - Closing the Gap between Enterprise and SAP Data
Download as PPTX, PDF3 likes1,237 views
The document outlines the importance of data classification in enhancing data security, particularly within SAP environments, and introduces solutions offered by Secude and Boldon James. It elaborates on the process of identifying, classifying, securing, and monitoring sensitive data to comply with regulations and secure valuable information. Additionally, it discusses the integration of classification solutions with existing security and data protection measures to improve user experience and accountability.
Webinar: Data Classification - Closing the Gap between Enterprise and SAP Data
- 1. STRICTLY CONFIDENTIAL | © 2016 SECUDE AGSTRICTLY CONFIDENTIAL | © 2016 SECUDE AG Data Classification: Closing the Gap between Enterprise and SAP Data
- 2. STRICTLY CONFIDENTIAL | © 2016 SECUDE AG Agenda • About SECUDE • About BOLDON JAMES • The Role of Data Classification • Classification – User Experience • Classification – SAP Data • Question?
- 3. STRICTLY CONFIDENTIAL | © 2016 SECUDE AG About SECUDE SECUDE Global provider of IT data protection solutions for SAP Solutions Focus on data centric security and classification solutions Halocore Suite to protect sensitive data against loss or theft Compliance with legal and industry-specific requirements / guidelines History 1996 – Spin-Off Fraunhofer & SAP Developer of SAP Single Sign-On technology (SAP Single Sign-On) 2011 – Technology sold to SAP Strategic Partner SAP Partner and Value Added Reseller (VAR), Microsoft Partner Customers Implementation partner with Fortune-500 and DAX companies Locations Switzerland, Germany, USA, India
- 4. STRICTLY CONFIDENTIAL | © 2016 SECUDE AG Global leader in data classification and secure messaging solutions Established in 1985, headquartered in the UK with 70+ employees Owned by QinetiQ Plc $2bn defence & security technology business 30 years experience in delivering complex secure messaging, data security and information management solutions Offices in the UK, US, Australia and Europe. World wide coverage through channel partner network. About BOLDON JAMES
- 5. STRICTLY CONFIDENTIAL | © 2016 SECUDE AG THE ROLE OF DATA CLASSIFICATION
- 6. STRICTLY CONFIDENTIAL | © 2016 SECUDE AG IMPROVE data security awareness Top drivers for data classification ENFORCE corporate security policy IDENTIFY and secure valuable data DEMONSTRATE regulatory compliance INCREASE the effectiveness of DLP solutions SECURE mobile and remote access ENCOURAGE safer collaboration
- 7. STRICTLY CONFIDENTIAL | © 2016 SECUDE AG 5 steps to protect your sensitive data Identify – your sensitive data Discover – location and accessibility Classify – data according to its value to the organisation Secure – employ security control and protection measures Monitor – measure and evolve security practices 1 2 3 4 5
- 8. STRICTLY CONFIDENTIAL | © 2016 SECUDE AG Securing data throughout the lifecycle
- 9. STRICTLY CONFIDENTIAL | © 2016 SECUDE AG Dimensions of data classification
- 10. STRICTLY CONFIDENTIAL | © 2016 SECUDE AG Where to engage users? Within their primary productivity tools CREATION SHARING & COLLABORATION
- 11. STRICTLY CONFIDENTIAL | © 2016 SECUDE AG A blended approach to classification Users are empowered to make business-centric classification decisions Supplement other techniques - apply labels that require additional user endorsement Intelligent defaults and rules recommend a classification to the user Data is automatically classified without user involvement – on creation / in transit / at rest Combine Automated and Manual Techniques - to meet the needs of each Enterprise
- 12. STRICTLY CONFIDENTIAL | © 2016 SECUDE AG CLASSIFICATION - USER EXPERIENCE
- 13. STRICTLY CONFIDENTIAL | © 2016 SECUDE AG Visual marking of content Visual marking of content Consistent graphics User Awareness through Visual Markings
- 14. STRICTLY CONFIDENTIAL | © 2016 SECUDE AG User Insight Captured in Metadata Classification selection Visual summary of metadata marking Metadata tags
- 15. STRICTLY CONFIDENTIAL | © 2016 SECUDE AG Classification can get complicated !
- 16. STRICTLY CONFIDENTIAL | © 2016 SECUDE AG Immediate feedback to the user
- 17. STRICTLY CONFIDENTIAL | © 2016 SECUDE AG Immediate feedback to the user Quick fix remediation Warn or Prevent Customisable feedback
- 18. STRICTLY CONFIDENTIAL | © 2016 SECUDE AG Extending to CAD applications… Common User Experience
- 19. STRICTLY CONFIDENTIAL | © 2016 SECUDE AG QUESTIONS?
- 20. STRICTLY CONFIDENTIAL | © 2016 SECUDE AG CLASSIFICATION – SAP DATA
- 21. STRICTLY CONFIDENTIAL | © 2016 SECUDE AG SAP Data | The Heart of the Enterprise FICO Financial Information BW Data Warehouse Information SRM Price List RFI, RFP Quotes PP/PLM Product Specifications HR/HCM Personnel Information BI/BO Analytical Data
- 22. STRICTLY CONFIDENTIAL | © 2016 SECUDE AG SAP | Data Movement Corporate Unstructured Data Data-Center “2/3rd of corporate data lives outside the data center.” “Expected to grow 50% by 2017”. Gartner Group On average, sensitive data is sent outside organizations every 49 minutes. Check Point
- 23. STRICTLY CONFIDENTIAL | © 2016 SECUDE AG Case Study: Austrian Manuf. Company • 3,000 SAP Users on ECC 6 system • ~1,000 downloaded data • Focus on Finance, Human Resources and Controlling • Halocore Auditing in PROD environment for 30 days • Result: 100,000 logged downloads
- 24. STRICTLY CONFIDENTIAL | © 2016 SECUDE AG SAP | SAP and Enterprise Security • Role and authorization system • Governance, Risk & Compliance • SAP Patch Management • Secure Network Communications (SNC) • Secure Passwords and Single Sign-On • Database security, code scanning, … SAP Security • Perimeter: Firewalls & VPNs • Enterprise Data Classification • DLP • Cloud security • Data Centric Protection • Enterprise Rights Management • Security Information and Event Management, … Enterprise Security • SECUDE Halocore plus Halocore
- 25. STRICTLY CONFIDENTIAL | © 2016 SECUDE AG SAP | Export of Data x Loss of all security controls within SAP No way to log or audit data export activity No classification of exported information No protection and no control over access Insufficient opportunities to block data exports
- 26. STRICTLY CONFIDENTIAL | © 2016 SECUDE AG Classification | Content-based Classification as a downstream process
- 27. STRICTLY CONFIDENTIAL | © 2016 SECUDE AG Classification | Context-based Classification at Time of Creation with Halocore Context Awareness is the ability to fully understand the context of where the data is coming from, who the user is as it relates to that context and where the data is going. SAP Add-On: Context-aware solutions require integration
- 28. STRICTLY CONFIDENTIAL | © 2016 SECUDE AG Halocore | Classify x x First SAP integrated Data Classification Solution Automatic context-sensitive classification of exported files Classification of Office 2007+, Adobe PDF, GIF, PNG, JPG Tying existing DLP solutions with Classification Integration with Boldon James for seamless user experience Classify x
- 29. STRICTLY CONFIDENTIAL | © 2016 SECUDE AG Halocore + Classifier | Lifecycle control x x First SAP integrated Data Classification Solution Automatic context-sensitive classification of exported files Classification of Office 2007+, Adobe PDF, GIF, PNG, JPG Tying existing DLP solutions with Classification Integration with Boldon James for seamless user experience Auto Classify x Visual Marking Onward Control Classifier
- 30. STRICTLY CONFIDENTIAL | © 2016 SECUDE AG Classification | Report View
- 31. STRICTLY CONFIDENTIAL | © 2016 SECUDE AG Classification | Report Export
- 32. STRICTLY CONFIDENTIAL | © 2016 SECUDE AG Classification | Choose File Format
- 33. STRICTLY CONFIDENTIAL | © 2016 SECUDE AG Classification | Save As
- 34. STRICTLY CONFIDENTIAL | © 2016 SECUDE AG Classification | Download Interception
- 35. STRICTLY CONFIDENTIAL | © 2016 SECUDE AG Classification | Download Audited
- 36. STRICTLY CONFIDENTIAL | © 2016 SECUDE AG Classification | Visual marking
- 37. STRICTLY CONFIDENTIAL | © 2016 SECUDE AG Classification | Applying control
- 38. STRICTLY CONFIDENTIAL | © 2016 SECUDE AG Classification | Onward control
- 39. STRICTLY CONFIDENTIAL | © 2016 SECUDE AG Classification | Onward control
- 40. STRICTLY CONFIDENTIAL | © 2016 SECUDE AG Classification | Onward control
- 41. STRICTLY CONFIDENTIAL | © 2016 SECUDE AG Classification | Onward control
- 42. STRICTLY CONFIDENTIAL | © 2016 SECUDE AG Halocore + Classifier | Lifecycle control x x First SAP integrated Data Classification Solution Automatic context-sensitive classification of exported files Classification of Office 2007+, Adobe PDF, GIF, PNG, JPG Tying existing DLP solutions with Classification Integration with Boldon James for seamless user experience Auto Classify x Visual Marking Onward Control Classifier
- 43. STRICTLY CONFIDENTIAL | © 2016 SECUDE AG Benefits of Joint Solution Consistency in handling enterprise data, created both inside and outside of SAP Ability to make more effective decisions on the controls needed for data protection Lowered costs and compliance efforts on the national and international level Improved accuracy of DLP and risk management solutions Increased user awareness and accountability for data safeguarding
- 44. STRICTLY CONFIDENTIAL | © 2016 SECUDE AG QUESTIONS?
- 45. STRICTLY CONFIDENTIAL | © 2016 SECUDE AG www.boldonjames.com www.secude.com
- 46. STRICTLY CONFIDENTIAL | © 2016 SECUDE AG Copyright SECUDE AG © 2016 All rights reserved. All product and service names mentioned are the trademarks of their respective companies. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express written permission of SECUDE AG. The information contained herein may be changed without prior notice. Microsoft, Windows, and Active Directory are the brand names or registered trademarks of Microsoft Corporation in the United States.
Editor's Notes
- #2: SECUDE has many customers using SAP and each and every one we have spoken to has confirmed to us that they do NOT know when, what, who or how often data is extracted from their SAP systems! Clearly not knowing what data is leaving SAP, Who is accessing it, Where it is going is a serious Security Vulnerability. Our Halocore solution can deal with that issue and more. It is best described with the 5 simple words highlighted here which will be the basic sequence we us in anderstanding the Halocore solution.
- #9: Identify – sensitive and indeed non-sensitive data (remember not all data requires the same level of protection e.g. non-business). Until you know what you have got, you can’t make informed decisions on how to protect it Discover – find out where sensitive data resides and how it is being used? (possibly using a data governance solution such as Varonis or Symantec) Classify – data according to the value to the organisation – what would the impact be to the business if this data was lost or leaked? Secure - assess the security and protection requirements for sensitive assets (and non-sensitive) based on level of importance and value to the organisation. Basically what measures are required to protect business critical data? Determine the functional and solution gaps and then plan and implement the technical and business changes required to protect assets whilst enabling accessibility. Monitor – Determine metrics and processes for monitoring classification application and security performance, as well as how you will report and communicate the results. This is likely to Continue to evolve and adapt to changes that are required – process and infrastructure/solutions. Revalidate and improve security programme effectiveness.
- #10: End-Users create the vast majority of an organisation’s unstructured data Capturing the user’s insight at the point of creation in the form of classification metadata is first step in ensuring data is correctly protected Metadata can be used right throughout the Information Lifecycle to drive a range of security and data management solutions and processes…
- #12: Data Classification solutions extend the capabilities of Microsoft products and other applications to allow users to apply relevant visual & metadata labels (protective markings) to messages, documents and files in order to enforce information assurance policies, raise user awareness of data value and drive multiple security technologies.
- #19: UX Highlights User feedback via policy check dialogue - Quick fix remediation - Warn/Challenge/Prevent options All UI fully customisable and localisable
- #20: UX Highlights User feedback via policy check dialogue - Quick fix remediation - Warn/Challenge/Prevent options All UI fully customisable and localisable
- #23: Thank you Keith for explaining the basic of data classification and for showing us how Boldon James' solution can help classify data at the time of creation outside of SAP. Now let's take a look and see what all that means for data extracted from SAP and how SECUDE's Halocore solution can be integrated with Boldon James' Classifier to provide a seamless end user experience.
- #24: As an SAP customer you run most of your business on SAP and thus you have a tremendous amount of sensitive and mission-critical stored data inside of SAP. Depending on the industry you're in, that could be anything from Product Specs, Customer and Vendor data, personnel information, financial data etc. The problem is, most of that data doesn't stay inside of SAP because it's extracted by users, who are trying to do their job, on a daily basis.
- #25: Let's take a look at how data moves through an organization. On top, we have your data center, housing all your SAP and non-SAP systems. You have probably put tight controls around that data center to prevent unauthorized access through firewalls, access control etc. However authorized users, extract a lot of that data turning it into so-called corporate unstructured data. Gartner predicts that most of your corporate data lives outside the data center – on personal computers, mobile devices and cloud storage. But it doesn't end there. According to Checkpoint, on average, sensitive data is sent outside the organization every 49 minutes. So it is incredibly important to intercept, classify and, if necessary protect, data at the time of creation in a persistent manner. The question is: Just how much data is regularly extracted from SAP by end-user?
- #29: Catch it if you can.. You have many DLP solutions to try to protect your data outside of SAP. Most GUESS what the data may be, look for cc # patterns, to decide to alert, block or so on, even ask for user input. EDC today, if used only comes into play when a user open a document after it has been downloaded from SAP and mostly depends on the User to do it. So why not classify data at creation? When data is extracted out of SAP, When all of the rich SAP meta-data is available, What system, What table, What roles, authorizations, even Where the user is at the time and much more is available?
- #30: That is EXACTLY what Halocore does. At the point of extraction/download using an algorithm called Attribute Derivation; Halocore intelligently classifies the data right then when most is known about it. App, System, Tx, table, even what device it is going to. Right at that time it can Audit, Block even Protect, By automatically and intelligently applying Classification Meta-Data Tags your downstream solutions become far more accurate and effective and produce far fewer false positives.
- #34: This UI is completely optional. Classification and Tagging can be done without any user involvement or it can involve the user in confirming or even changing the classification. Many allow User involvement to create awareness of document sensitivity. All actions are logged. What you see is entirely configurable.
- #35: This UI is completely optional. Classification and Tagging can be done without any user involvement or it can involve the user in confirming or even changing the classification. Many allow User involvement to create awareness of document sensitivity. All actions are logged. What you see is entirely configurable.
- #36: This UI is completely optional. Classification and Tagging can be done without any user involvement or it can involve the user in confirming or even changing the classification. Many allow User involvement to create awareness of document sensitivity. All actions are logged. What you see is entirely configurable.
- #37: This UI is completely optional. Classification and Tagging can be done without any user involvement or it can involve the user in confirming or even changing the classification. Many allow User involvement to create awareness of document sensitivity. All actions are logged. What you see is entirely configurable.
- #38: This UI is completely optional. Classification and Tagging can be done without any user involvement or it can involve the user in confirming or even changing the classification. Many allow User involvement to create awareness of document sensitivity. All actions are logged. What you see is entirely configurable.
- #39: This UI is completely optional. Classification and Tagging can be done without any user involvement or it can involve the user in confirming or even changing the classification. Many allow User involvement to create awareness of document sensitivity. All actions are logged. What you see is entirely configurable.
- #47: Consistency in handling enterprise data, created both inside and outside of SAP Ability to make more effective decisions on the controls needed for data protection Lowered costs and compliance efforts on the national and international level Improved accuracy of DLP and risk management solutions Increased user awareness and accountability for data safeguarding
- #48: This UI is completely optional. Classification and Tagging can be done without any user involvement or it can involve the user in confirming or even changing the classification. Many allow User involvement to create awareness of document sensitivity. All actions are logged. What you see is entirely configurable.
- #49: This UI is completely optional. Classification and Tagging can be done without any user involvement or it can involve the user in confirming or even changing the classification. Many allow User involvement to create awareness of document sensitivity. All actions are logged. What you see is entirely configurable.
- #50: This UI is completely optional. Classification and Tagging can be done without any user involvement or it can involve the user in confirming or even changing the classification. Many allow User involvement to create awareness of document sensitivity. All actions are logged. What you see is entirely configurable.