In the first part of this blog we looked at the traditional view of ITAM maturity. Here we explore how ITAM is evolving to support the changing digital ecosystem that all organizations are faced with today.
Snow GDPR for SAP®
Monitor and Control Personal Data Risks Within SAP Systems
THE CHALLENGE OF COMPLYING WITH THE GDPR FOR SAP SYSTEMS
Data protection EU-GDPR
The May 25, 2018 enforcement deadline for GDPR compliance looms. Establishing compliance is a mountainous effort requiring personnel additions, process changes, and technology implementation. This is no different for those handling SAP systems, wherever personal data is stored, accessed or processed companies need to be in compliance with the new regulation or face drastic financial consequences.
The new Directive places considerably higher demands on accountability for the legally compliant handling of personal data which forces companies to pay full attention to the lifecycle of all data. For those handling SAP systems deleting and locking data will now have to be taken into account.
"Those who approach department heads to find out which personal data they need for which purposes in their processes can quickly encounter cluelessness. Companies will then have to cope with the failures of the last ten or fifteen years."
Volker Lehnert, SAP SE, Product Owner, Suite and S/4 HANA Data Protection & Privacy Program
Detect, Monitor and Control
Snow GDPR for SAP® detects and monitors how users work within SAP systems. This information can be used to identify and mitigate unauthorized behavior. The solution applies correct authorization settings so users cannot perform actions outside of their remit. With regards to the GDPR, this specifically refers to controlling their access to personal data.
With Snow, everything revolves around your security - in real time
Snow GDPR for SAP establishes security controls and detects data leaks. In real time, it will continually monitor and identify how all data is accessed by users, if there is a data breach, access can be denied automatically and the incident recorded.
Checking cross-client and cross-system authorizations.
Monitoring and evaluation of critical SAP authorizations, real-time SAP transactions, combinations, processes and function separation matrices (Segregation of Duty (SoD) rules) on the basis of pre-configured and freely configurable SoD matrices.
By defining a role, this module detects critical authorizations in real time.
Monitoring and evaluation of approx. 3,000 critical SAP parameters and system settings, such as passwords or insufficiently secured settings at the operating system level, databases, OSS Notes, patch level, and more.
- More than 3,000 checks in the standard scope of delivery
- Automated checks of security-relevant parameters and settings
- Analysis of all Basis platforms from SAP® R/3 through to NetWeaver 7.x
- Security report with clear guidelines for eliminating weaknesses
Management of risks and mitigating control.
Identified risks from the areas of authorization and SoD evaluation as well as the technical system check can be transferred directly from the analyzes to the risk memory for further processing by mouse click. Comprehensive risk management process with risk identification, risk assessment, risk elimination and risk reporting.
- Definition of audit scope
- Cyclical scheduling of checks
- Automated running of audits
- Detailed risk descriptions
- Management of mitigating controls
Risk Track offers you a complete mitigation reporting system
Module for analyzing and securing SAP system interfaces and cross-system evaluation with creation of a complete interface overview as graphic and table output (such as RFC connections outbound, HTTP connections, RFC trusts, SSO trusts, DBCON connections).