Which type of sensitive information is stored in an SAP system?
A wide variety of industries and governmental institutions store their business-critical data and personal sensitive information of their employees in an SAP system. For example:
Government: Social Security/National Insurance Number
Government agencies often store social security numbers in an SAP system. These systems are therefore often targeted for misuse, with unauthorized access to one system potentially leading to a mass breach of highly valuable social security numbers. The consequences of this can be catastrophic and potentially life-changing for victims if this information is extracted from an SAP system.
Government: Tax evaders
Information on individuals evading taxes is stored in SAP systems by tax authorities. Despite tax specialists being directed to handle SAP data confidentially and restrictively, obtaining a comprehensive list of tax evaders is a simple process. Due to this, we have over the years witnessed numerous instances where high-profile tax evaders were leaked to the media.
Finance: Salaries and pensions
Information regarding salary, pensions and bonuses is a very common piece of data to store in an SAP system. Even though it is a violation, such information occasionally gets printed out and forgotten at the printing machine, allowing confidential information to get disclosed to a broader audience. In such cases, it would be useful to know:
- Who had access to this information?
- Which accounts have been accessed in the last few days?
- Who printed the data and why?
HR/Operations: Job changes
Job rotation is a welcome and standard part of most thriving companies, where employees hold different positions in multiple business units and departments. Nevertheless, this practice can present a significant security risk if authorizations are not appropriately updated. The risk arises when new privileges are granted without removing the old ones. For instance, an employee transitioning from the HR department to the Legal Department may retain and utilize privileges associated with both roles, yielding interesting combinations of entitlements that could compromize data privacy and the entire legitimacy of a company.
Have full control over your sensitive data with BCS for SAP
Due to the widespread of sensitive information stored in an SAP system, data privacy protection has grown into a major topic for SAP. To ensure compliance, it is important to:
- Restrict access to data by establishing role-based access controls and segregating duties. These parameters ensure that only authorized accounts can access sensitive data.
- Continually monitor access to sensitive data to ensure swift response to data breaches.
However, traditional SAP logs are insufficient for conducting thorough and accurate monitoring, required to meet the GDPR compliance standards. Therefore, we decided to develop a comprehensive security and compliance solution that eases governance, improves transparency, and allow organizations to continuously monitor all essential metrics:
With BCS for SAP you no longer need to operate in the dark to meet the compliance regulations. With centralized monitoring, we provide you with landscape-wide insights, allowing you to effectively mitigate compliance risks before they turn into liabilities.