can you continue to ignore data encryption in sap?

© 2013 Dolphin.

Can you Continue to Ignore

Data Encryption in SAP?

James Baird, Dolphin

© 2013 Dolphin. 2

DOLPHIN AT A GLANCE

Focus: SAP Customer Only

Proven: SAP certified solutions for the SAP customer

leveraging SAP technology

Stature: 1/3 of all Fortune 100 companies running

SAP are Dolphin customers

Stability: Employee owned; private; independent of other

stakeholders; organic growth;

Longevity: Founded in 1995

Global Solutions : Hundreds of scalable, flexible

and cost effective deployments

© 2013 Dolphin. 4

WHAT IS ENCRYPTION

Encryption – Using keys or algorithms so only those people

with the right credentials can see the data (all or partial)

Masking – No one is able to see the data as it is completely

covered with no way to remove the masking for a specific

audience

Key Terms

© 2013 Dolphin. 5

Why is Data Security and Encryption Necessary?

Business data is the heartbeat of any business

Data can harm a business reputation if:

- Business Data misused

o BOM copied

- Employee Data misused

o Example – Identity fraud

- Vendor Data misused

o Credit information misused

Legal precedence requirements

- To meet legal and business precedence, data needs to be

protected in the database as well as when archived

© 2013 Dolphin. 6

Benefits for Encryption

Secure business sensitive or legally protected data (e.g. SSN,

Court Payouts, Credit Card Numbers, Medical Records…)

Meet regulatory compliance

Add security to data and not the device it resides on

Protect data even if the system is breached

Provides confidence to confidentiality of data

Provide security for companies reputation

Can pin-point data to specific audience in any system

(Production, QA, Test, etc.)

© 2013 Dolphin. 7

Reasons for Encryption and Terminology

PII Personally Identifiable Information

PIPEDA Personal Information Protection and

Electronic Documents Act

HIPPA Health Information Protection Act

(USA HIPAA)

PCI DSS Payment Card Industry Data Security

ITAR International Traffic in Arms Regulations

© 2013 Dolphin. 8

Examples

2013 - Chinese hackers reportedly accessed U.S. weapons

designs (recent on CNET)

2012 - Massachusetts provider settles HIPAA case for $1.5

million (hhs.gov)

In June 2011, Citigroup disclosed a data breach within

their credit card operation, affecting approximately

210,000 or 1% of their customers' accounts. Which cost

company financially and it reputation. (Wikipedia on data

breach)

Recent release of data on Government programs and that

data (Snowden)

Recent Examples of Breached Security

http://en.wikipedia.org/wiki/Citigroup

© 2013 Dolphin. 9

AUDIT, SECURITY AND COMPLIANCE

Protect and manage your data to meet your governance,

compliance and business requirements (i.e., PCI, PII and

regulatory compliance)

Leverage your corporate encryption investment

Secure data down to the lowest level - database

Secure data even if database tools are used to see and

extract data, for example: TOAD, SQL Tool Sets…

User will not be able to see unsecured data using Query

tools

– SAP user will still see secure data using SQ00,

SQ01, SE16, SE16N, IDOC…

Provide optional software for SAP data archiving strategy

for seamless business access to secure data

© 2013 Dolphin.

Encryption of Database Data

© 2013 Dolphin. 11

CREDIT CARD DECRYPTION

© 2013 Dolphin. 12

DEMO SLIDES – Screen Shots

© 2013 Dolphin. 13

CREDIT CARD ENCRYPTION –

DATABASE LEVEL

© 2013 Dolphin.

Encryption of Archived Data

© 2013 Dolphin. 19

SUMMARY

Single most important reason for using encryption is to preserve

confidentiality of the data and protect the business and people

they serve

Support corporate and legal compliance mandates

Effectively compete

Avoid risk

Why Encryption

© 2013 Dolphin.

DOLPHIN CONTACT INFORMATION

For more information:

[email protected]

www.dolphin-corp.com

888.305.9033

Questions?

CONTACT INFORMATION