Monday, November 21, 2011

DLP For SAP: Protecting ERP Data Across The Organization

Many global organizations operate in highly competitive markets, including countries known to aggressively target intellectual property. A significant amount of sensitive information, including intellectual property (IP) resides in enterprise resource planning (ERP) systems such as SAP and Oracle. Traditionally, the security around this information has been limited to the capabilities of the ERP system through access control, segregation of duties, and monitoring within the ERP system.

However, an authorized user can extract this information – and into many different formats. Once extracted, this information is constantly accessed and modified and so it becomes difficult to protect this information from data loss once it leaves the ERP system. How can you create policies for a DLP solution if you do not know what to look for?

It is also very challenging to identify what data in an ERP needs protection.  A lot has to do with the complexity of ERP databases and the fact that sensitive data can typically be spread out across many tables in the database. Making it easy to focus protection on ERP data elements that are sensitive would be appealing to organizations.

Until recently, there were no effective solutions in the market to allow an organization to easily identify sensitive data in ERP systems and track this sensitive data once it has been extracted from the ERP. A lot worse, there was no easy way to prevent this potentially sensitive information to leave the organization.

With a goal of reducing the risk of losing this valuable ERP data, organizations have been looking for ways to correlate what a user is doing inside of the ERP system with what that user is doing outside of the ERP system.

This is one of today’s more pressing DLP challenges – and it is being solved for a leading chemicals company with an innovative solution using McAfee Data Loss Prevention and Saviynt Access Manager.  With this joint solution, an organization can identify sensitive information as it leaves the ERP system, dynamically create DLP policies to protect that information, and analyze user activities to detect high risk behaviors. Organizations will now be able to track ERP data seamlessly from the ERP to the various data loss points in the organization’s network.

We’ve got this solution working at a leading chemicals company. You can get more details about this implementation in our December 7 webcast.

By: Nikfar Khaleeli