In the last few years, cybersecurity has undoubtedly become one of the major preoccupations of businesses the world over. However, the increased focus has not resulted in a reduction of data breaches. In 2016 alone, over 2 billion records were stolen; hacking expertise is escalating, and there are threats everywhere. Hefty financial losses, loss of competitive advantage and intellectual property, brand damage and innocent victims are the result of an online war. A war that seems to just be starting.
According to a study released by Onapsis, 95% of SAP systems remain vulnerable to data criminals. The first malware targeting SAP occurred in 2013 and according to CSO, this was followed by several international incidents, and a US-CERT Alert in 2016 warning about attacks on 36 SAP systems.
Because of increased interconnectedness, SAP systems are no longer isolated from the outside world. Increased integration with third party systems and cloud solutions – along with increased focus on mobile and remote connections – can leave your SAP systems more exposed than ever. The potential attack surface (or number of possible attack points) in your IT environment has increased dramatically. As “the Internet of Things (IoT) becomes mainstream, this will only accelerate, and SAP themselves are looking to counter this with developments like SAP Leonardo.
The interesting thing is that hacks aren’t all from external parties. Nearly 50% of breaches are coming from within organisations, according to Verizon’s 2015 data breach investigations report. Effectively, anyone who has access to sensitive data has the potential to take advantage of their access rights. Although the technologies for securing systems from the outside world and encrypting traffic have become more robust, external attacks on systems are not always the largest concern. Data theft – both from trusted individuals within the organisation, and from attackers who gain access via social engineering – is becoming the preferred way of intruding. Limiting the scope of access to production data isn’t enough anymore; the focus should extend to securing non-production environments and addressing the data.
Non-production environments are on average three to four times the size of production environments. Each record is copied several times into test and development systems, increasing the attack surface. Sensitive information such as customer, employee, vendor, credit card and supplier costing information are potentially unsecured and accessible to anyone who has access to your systems. The variety of people accessing non-production systems is usually also greater than that in production. Contractors for projects, external test teams, developers on temporary assignment, offshore teams and many others have access. The increased data footprint and number of personnel accessing your data in non-production environments substantially increase your attack surface. A solution is needed to limit the amount of sensitive data that can be stolen.
“Scrambling and anonymising sensitive data is the solution that organisations are looking for,” says Tim Barker, EPI-USE Labs Managing Director for the Asia Pacific region. He has seen a steep increase in the number of organisations demanding Data SecureTM (the EPI-USE Labs SAP scrambling tool) in the past few months. This tool protects sensitive data by changing the values of fields, while maintaining the integrity of the data and ensuring production-like behaviour. The quality of test and training data remains the same, without exposing any confidential data. The Data Secure solution replaces sensitive data with anonymous, but fully functional, test data – thereby removing the criminals ‘prize’ (your data) and the risk. At the same time, wider access can be granted to the non-production systems to allow more thorough testing, which will benefit your organisation.
EPI-USE Labs, a partner organisation of Soltius, offer products aimed at creating more powerful and secure SAP systems that save customers time and money, as well as enabling fast, consistent and secure copying of SAP data.
Soltius provides the tool set from EPI-USE Labs to its New Zealand clients. If you find the content of the webinar interesting, and would like to discuss your own needs in more detail, please do not hesitate to reach out to one of our Account Managers or contact us at firstname.lastname@example.org.