sap cybersecurityanddataprotection › resources › documents › cyber... · sap enterprise...

PUBLIC

SAP Cybersecurity and data protection

Amit Bajaj, SAPNanette Baber, SAP

2020-03-03

2PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ

ü UI masking for SAP [ECC; SAP S/4HANA]*

ü UI logging for SAP [ECC; SAP S/4HANA]*

ü SAP Enterprise Threat Detection*

ü SAP Fortify by Micro Focus

ü SAP Data Privacy Governance

ü SAP Data Custodian

ü SAP NetWeaver AS, add-on for code vulnerability analysis

Enterprise risk and compliance

Access governance

International trade

Cybersecurity and data protection

Agenda- SAP security product portfolioEmbed GRC and security in SAP [ECC; SAP S/4HANA]

*IBSO security suite

ProActive

ProActive

ProActive

ReActiveRealTime

RealTime

ProActive RealTime ReActive

Security (Re-)action times: From ProActive to RealTime to ReActive

ProActive


SAP GRC solutionsSolution mapping to key themes

SAP Process Control

SAP Risk Management

SAP Audit Management

SAP Regulation Management by Greenlight

SAP Business Integrity Screening

SAP Access Control

SAP Cloud Identity Access Governance

SAP Dynamic Authorization Management by NextLabs

SAP Access Violation Management by Greenlight

SAP Identity Management

SAP Single Sign-On

SAP Enterprise Threat Detection

SAP Enterprise Digital Rights Management by NextLabs

UI field masking

UI logging

Code vulnerability analysis

SAP Fortify by Micro Focus

SAP Global Trade Services (SAP GTS), export management

SAP GTS, import management

SAP GTS, identity-based preference processing

Special customs procedures

SAP S/4HANA for international trade

SAP Watch List Screening

Access governanceEnterprise risk and compliance

Cybersecurity and data protection

International trade management


The Insider Threat: underestimated & difficult to tackle


Cost of data breach report by IBM conducted by Ponemon institute

Cost of data breach report highlights

Internal

SAP CVA and SAP Fortify by Micro Focus

02, 2020 Proactive


Percentage of applications containing at least one critical or high vulnerability.2

1 U.S. Department of Homeland Security’s U.S. Computer Emergency Response Team (US-CERT)2 2017 Application Security Research Update” by the HPE Software Security Research team, 2017 3 2018 Application Security Research Update, Micro Focus® Fortify Software Security Research Team

of security incidents from exploits against defects in the design or code of software.1

90%

of mobile applications had at least one critical or high-severity issue (vs. 66% last year) 3

79%

89%

of web applications had at least one critical or high severity issue (vs. 80% last year) 3

Application security is more important than everMajority of security breaches today are from application vulnerabilities


Your Digital Enterprise

App

Are those users secure ? Are those applications secure ? Is the data secure ?

Attacks going to employee’s for example via a

malicious emailaka :Trojan horses, Login Spoofing, Virus, Worms , DoS, Man-in-the-middle*

Was access revoked / deactivated ?

Logic BombsTrap Doors*

……

Temporary workers to seasonally expand workforce – potentially limited security

validation, wrong access provided

Negligent/unintentional or unknowinglyemployee executes steps they are not

supposed to do

Security considerations for Internal only applicationsExamples of attacks on internal only applications


Customer challenges with application security


Developers have traditionally resisted security for a reason


*SANS Institute, 2015 State of Application Security: Closing the Gap

Security Spending

% of Attacks % of Dollars

84% 90%

16%

10%Web Applications

Network Servers

of All Information Technology Attacks are directed at the Web Application Layer

of All Applications Are Vulnerable

84%

2/3Gartner

Web Applications

Intellectual PropertyCustomer DataBusiness ProcessesTrade Secrets

Attacks vs Security Spending – what are drivers for AppSec ?


The approach today: expensive and reactive

Somebody builds bad software.

In-house Outsourced Commercial Open source

IT deploys the bad software.

1

2

Breach, Pen Test or Code Scan proves our

code is bad.

3

We convince and paydevelopers to fix it.

4


Ideal approach: cheap and Security built-in

Somebody builds SECURE software.

In-house Outsourced Commercial Open source

IT deploys the secure software.

1

2

Pen testproves our code is

good.

3


Application Security needs to be seamless to keep up with the pace of development


Ensure application security with an end-to-end solutionwith SAP Fortify by Micro Focus and SAP Code Vulnerability Analysis

Dynamic application security testing Static application security testing

Find vulnerabilities in the running application

Manual application penetration testing

Automated application vulnerability scanning

Find vulnerabilities analyzing the sources

Automated source code analysis

Manual source code review

SAP Fortify by Micro Focus and

SAP NetWeaver Application Server, add-on for code vulnerability analysis

non-ABAPnon-SAP

ABAP

Finding security issues at design time instead of in production is easier and less expensive!

Management platform for monitoring, auditing, analysis, reporting

SAP Fortify

integrates with CVA


SAP Security - Static Code Analysis for ABAPSAP NetWeaver AS, add-on for code vulnerability analysis

Created by THE ABAP experts for SAP internal use

Scan efficiently� Scanning directly from within the ABAP development environment� Scan throughout the Development lifecycle - Governance� Full range of predefined checks

Developer guidance� Prioritization of found vulnerabilities� Detailed help and explanations to all errors� Assistance to find the right location for the fix� Approval workflows for false positives included

Integration� Integrated into standard ABAP check frameworks,

SAP transport system and ABAP Test Cockpit (ATC)� Zero installation required� Check your Development to same level as SAP Core� Integrated into SAP Fortify by Micro Focus


Demo1:00 min

SAP Security - Static Code Analysis for ABAPSAP NetWeaver AS, add-on for code vulnerability analysis

SQL Injection attack


Real life example: CVA security scan result of all custom objects in a medium sized SAP enterprise customer in APJ.


Recommended Setup – Automated Source Code Review with CVA

Application ServerABAP (DEV1)

Application ServerABAP(DEV2)

Developers

Developers

Transports

Application ServerABAP (Consolidation)

Scan Transports

Q Gate

TransportsMass/Full Scan

Q Gate

Q-experts run mass checkand distribute results

One Quality Standard for Q GateDevelopers run

static/unit/scenario tests on their objects

Periodic check runsto validate code ofDEV team


Static Security Scanning – non-ABAPSAP Fortify by Micro Focus - Static Code Analyzer (SCA)

Static analysis – find and fix security issues in your code during development

Features:

• Automate static application security testing to identify security vulnerabilities in application source code during development

• Pinpoint the root cause of vulnerabilities with line of code details and remediation guidance

• Prioritize all application vulnerabilities by severity and importance

• 3 ways to scan; in IDE, via cmd or via Audit Workbench


SAP Fortify by Micro Focus - Static Code AnalysisTool & Integrations

Audit Workbench• Security auditor’s toolkit including scanning, remediation

guidance, and reporting

Security Assistant• Instantly find vulnerabilities in real-time as developers code

Developer IDE plug-ins• Scan, view results, and manage remediation.

Scan Wizard• Easy scan configuration and build integration.• Scan from a cmd line (schedule scans)

Rules Editor• Build custom scan rules.• Customize Software Security Center to fit your SDLC.


SAP Fortify by Micro Focus - Broadest Technology Support

Static analysis supports 21 languages and growing

• ABAP (via CVA)• C#• Classic ASP• Cold Fusion• HTML 4&5• JavaScript/AJAX• Objective C• PL/SQL• T-SQL• VB6• XML

API SupportMore than 720,000 commonly used APIs are understood and supported by SCA

• ASP .NET• C/C++• COBOL• Flex• Java• JSP• PMicro Focus• Python• VB.NET• VBScript

Mobile application security solution covers• Objective C• Android• Blackberry• Microsoft

VulnerabilitiesDetects over 556 unique categories of vulnerabilities

S/4HANA relevant


A Mature Deployment Model

Hands-onAutomatedDevelopers

• Fortify on workstations• CVA in ABAP WorkBench• Scan and Remediate code

Code RepositoryCheck-in/out

1

Scan Machine• Entire app scanning• Can be automated• “Official” Results

2

•Work with latest scan results• FIX and re-scan• Repeat

5

Agency/Dept – Security• Review and Triage• Prioritize

4Executive ManagementCISO/PMs• View metrics• Generate reports•Measure and manage risk

6

Fortify SSC Server

3

Results Uploaded


Demo1:00 min

SAP Fortify by Micro Focus - Static Code Analysis

Hardcoded password


SAP Application Security Solution – Component BreakdownEnd to end integrated solution

SAP Quality Center by Micro Focus


• Reduce risk with minimal effort and operational costs

• Deliver measurable business and strategic value

• Meet government and industry compliance regulations

• Build a security culture throughout your organization

Application security benefits

Minimizing risk, driving business agility

Internal

SAP UI Logging and SAP UI Masking

02, 2020

ProactiveRealtime

Tackling the insider threat: two step approach


UI Data Security: two step approach to protect data from insiders

keep data accessible – and create a broad + deep log of data access

è induce compliant behavior è identify & prove irregular data usageè Baseline for decision on actions

conceal specific data –unless required for tasks

è make sensitive data unavailable for data abuse

UI Masking UI Logging

lock it… …or log it!


UI Data Security High level solution architecture

SAP Backend SystemSAP UI (user)

Dynpro ProcessorRequest

Response

Database LayerBusiness Logic

UI Maskingvalidate authorization &

apply masking rules

masked data

original data

UI Logging

alerting Log AnalyzerSAP Enterprise Threat Detection

Business Benefits


Key business needs addressed by UI Masking and UI Logging

Reliable control who gets sensitive information displayed in SAP transactions and applications, in a quick and low-effort fashion1

Introduce a dynamic determination of data access authorizations based on the context, at runtime2

Increase protection of sensitive data against theft and abuse where access must be provided to privileged insiders3

Detect potentially problematic access to sensitive data rapidly (in near-real time), and conduct a meaningful analysis in order to take the right actions4

Better comply with business or legal requirements for tracking whoaccessed sensitive data (PII, BOMs, prices, customer information)5

33Customer

1


Benefits for GDPR requirements

Data De-Personification and Reduction of Data Access • Decrease the risk of leaking sensitive data

• De-personize information – options for further processing of data (test scenarios, data export)

• psychological barrier against non-task related data access

Data Access Transparency• identify & understand unauthorized, non-compliant or malicious activity à adequate reaction

• supports 72h notification requirement in case of a breach involving personal information

Key solution capabilities

UI Masking


• configurable scope of data to be protected • configurable way how protection is required (security actions)• configurable additional authorizations for “clear” access▫ roles (RBAC)▫ attributes and rules (“policies”) (ABAC)

§à configurations evaluated at runtime §à security actions applied to the UI layer only

UI Masking: configurable data protection in SAP UIs


UI Masking: configurable data protection in various SAP UIs


UI Masking: Comparison Suite vs. S/4HANA offering

“classic” UI Masking solutions

S/4HANA “UI data protection masking”

Where to use ECC, classic CRM scenarios, HEC, (S/4HANA as „compatible“ solutions, potential limitations)

S/4HANA

How to get Separate installations per required UI technology

Unified technical installation

Configuration Separate configurations per required UI technology

Unified config, automated with data elements;consistent application of protective actions over all supported UI technologies.

Protective actions Masking of values in fields Masking of values in fields emptying/hiding/disabling fields/linkssuppression of lines in table displaysdata blocking

Authorization paradigm Role based; attribute/rule based authorizations through BAdI implementation

Role basedPolicy based (attributes and rules)

Additional features Reveal on Demand (2-step authorization)


UI Masking: Data Protection applied in SAP Fiori – examples fie

ld m

aski

ng

field

rese

t

Dis

ablin

g of

fiel

ds

“Rev

eal o

n D

eman

d”

41PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ© 2016 SAP SE or an SAP affiliate company. All rights reserved. 41Customer

UI Masking: Data Protection applied in SAP GUI – examples fie

ld m

aski

ng

field

rese

t

disa

blin

g of

fiel

ds

“Rev

eal o

n D

eman

d”

hidi

ng o

f fie

lds

“Attribute based” access control


Use case Attribute Based Access Control (1)Context dependent access: organizational splits

One organization, one IT system, one workforce…

…developing into a situation of two organizations co-existing in the same IT system – which, unless it can be physically split, must support a virtual distinction to reliably prevent access to data by users who are not entitled to see them


Use case Attribute Based Access Control (2)Legal restrictions for moving data “offshore”: IT support from outside of EU

A multinational enterprise coming into a situation where legal requirements forbid the access to specific data (e.g. PII in HR, sales, customer relationship management) pertaining to “inlanders” by “users abroad” à it becomes necessary to distinguish between users, and ensure that “abroad” users get access to data they need for their tasks, but not to inlanders’ PII.


“Attribute based” access control in UI Masking: examples (1)

The state of the attribute “marital status” (“family status” determines whether and how the place of birth value is treated.

The logic is configured in “policies”, which are highly versatile and enable more differentiated treatment of field values based on additional attributes – pertaining to the user (e.g. HR employee associated to the company code), the data object ((e.g. employee older than 65 years), or other system-borne as well as external variables.


“Attribute based” access control in UI Masking: examples (2)

Reveal on Demand


S/4HANA Masking: “Reveal on Demand”: value add

UI Masking

Trace

Reveal on Demand

“self service”

UserImplementation

options

Approval workflow

Multi factor authentication

Consent management

UI Masking introduces an intercept point for a user’s access to data based on a determination of authorization.“Reveal on Demand” constitutes a second intercept, refining and basing authorization on additional conditions. In an RoD scenario, data are always protected initially. A user action triggers an additional determination of authorization including a bespoke trace of the event and result. RoD authorization could be based e.g. on approval, additional authentication or, in a case the data subject of PII has given her consent for her data to be used under the given conditions.


Look & Feel: “Reveal on Demand”

SAP

GU

IFi

ori a

pp

UI Logging


• configurable scope of data to be protected on transaction/application/service level

• configurable list of users subjected to logging• configurable alerts on specific (critical) data accesses• configurable log reasons and retention time• Log Analyser UI for researching the log file• Integration with SAP Enterprise Threat Detection

UI Logging: configurable logging of data access in SAP UIs


UI Logging: Log access, get notified, take action

4. Aggregate & detect (SAP ETD)

1. Log data access

2. Automatic alert

3. in-depth analysis


UI Logging: Alerting scenarioConfigurable mail notification for critical data access

email alert

message definitionalerting definition

temporary log filedata access


UIL

UI Logging: Integration with SAP Enterprise Threat DetectionTransfer of log to ETD

ETD System

Transfer Log to ETD (call standard TA SECM_LOG_2_ESP)

Configuration (technology/UI channel specific)

No Transfer to ETD

Temp. Log relevant for Alerting

Ext. Repository relevant for Alerting

Temp. Log

Ext. Repository

Enterprise Threat Detection plans to provide UIL-specific patterns as of SP8 (plannedH1/2019, cf. official ETD Roadmap)

https://www.sap.com/germany/products/roadmaps.html%3Fsort=title_asc&search=threat

UI Logging Analysis Apps Screen Views


DPO Cockpit: Fiori Applications

© 2016 SAP SE or an SAP affiliate company. All rights reserved. 56Customer

UI Logging users (e.g., security office, data protection officer) leverage Fiori apps for keeping an overview, conducting deep dive analysis into data usage, and managing lists of users whose data access they have identified as noteworthy.


DPO Cockpit: UI Log Status and Statistics


UI Logging users can get an overview of system status as well as statistics concerning data usage (top n logged users, top n accessed critical data fields (data types), top n triggered actions, and more)

…


DPO Cockpit: Analysis of UI Logs


UI Logging users can conduct exploratory analysis of access to data types. They gain a comprehensive view on data usage as multiple screen fields of the same type (e.g., social security number) can be aggregated or grouped by “tags”. Additional filter criteria allow for a more granular display of accessed data objects as well as accessing users.


DPO Cockpit: Analysis of UI Logs


UI Logging users can identify users whose data access and actions are worth noting, and can add them to a list of “users of interest” which can be edited until it is “published” (for handing over to other departments who may take additional steps).


DPO Cockpit: Manage user lists


UI Logging users can edit user lists until they finish their research and decide to “publish” them, e.g. for taking further steps on the identified users.


Classic Analysis: TagAnalyzing

61

In addition to the Fiori based analysis apps, analysis can be conducted through the classical tools if desired. Relevant roundtrips are grouped by user sessions (Extended Passport). Per roundtrip, the relevant log data is displayed in the bottom left section, and additional data fields that may be assigned to tags are specified in the top right section.

Demo1:00 min

UI Logging and UI Masking

Role/Policy based Masking

TAG and LOG analysis

Internal

SAP Enterprise Threat Detection02, 2020 Realtime

Preventative



Customer Feedback• „SAP systems are seen as a ‚Black Box‘ if it comes to security aspects and suspicious

behavior in SAP systems“• There were critical incidents at customers that could have been avoided if the

preparation phase would have been discovered (see below)

SAP decided to create the product SAP Enterprise Threat detection

• SAP ETD is the real-time Security Event Management and Monitoring solution giving insights into SAP Systems out of the box.

• It supports the customer to detect, analyze and neutralize cyber-attacks as they are happening, and before serious damage occurs.

• Providing a very high performance analyzing thousands of log entries in real time using a SAP HANA in Memory Database.


More than 120 SAP customers worldwide in all industries protect their SAP landscape with SAP Enterprise Threat Detection.

Most of those companies are listed within the DAX 30, DOW 30, or come e.g. from the defense sector.

SAP Enterprise Threat Detection is supported by the world leading auditing companies.

We have implementation partners in many regions of the world.

Partners are e.g.:


• Ernst & Young,• KPMG,• Turnkey,• IBS Schreiber,

• Asconsit, • PWC, • SAPNS2,• Deloitte

• Accenture,• Infosys,• Xiting…


Real Time Correlation of SAP,Non-SAP Logs w/ Log Learning

User/system behavioral analysisAnomaly detection

Forensic analysis

Ready to use content and regular content delivery & modelling of attack detection patterns

Leverage machine learning to refine anomaly detection

How does SAP Enterprise Threat Detection work

Atomization of log reading to collect event and context information

Normalization, enrichment and pseudonymization of log entries

Drill down into subsets of events, alerts, configuration

checks and health checks

Visualization of data in suitable charts

Automated attack detection


Benefits of SAP Enterprise Threat Detection

Intellectual Property Reputation Sensitive Data PartnerSevere Penalties

Proactive Threat Monitoring and Treat Hunting leads to an Early Interception of Threats

Real Time Threat Visibility in Complex SAP Scenarios

Centrally Audited SAP Security Controls

High Manipulation Safety of SAP Systems

SAP system Transparency with respect to Security- and Compliance-Events

Business Future


Use cases included with SAP Enterprise Threat Detection

Manipulation of users and authorization

Critical changes to system configurations

Manipulation of critical database tables

Information disclosureMake sure that no extraction of confidential information takes place

Login attempts

Access to critical, blacklisted transactions

Remote calls of a productive System

Miss-use of debugging and error-analysis

Mis-use of critical reports and function modules

Manipulation of passwordsExtraction of confidential information (GDPR)

Assignment of critical authorization

Monitoring SAP security notes

File manipulation (Parameter configuration, Transports)

Suspicious user behaviour (Technical and dialog users)

Read access logging as additional data source

Special patterns related to attacks related to SAP Security Notes

What else did the user do?

Threat hunting

Forensic analysis

Account sharing

Log-in from an inappropriate network segment

Correlation of different accounts to one person


Demo2:00 min

SAP Enterprise Threat Detection demo – Employee data download


SAP Enterprise Threat Detection 2.1

Some of the New Features & Benefits: •Splunk integration: Security teams can now work together in their native environments to track and eliminate bad actors.

• Enterprise Threat Detection can now publish an event to Splunk in JSON format including all needed details. • The SAP alert then appears in Splunk Enterprise Security where you can drill into the evidence to determine the right action. • Splunk feeds alerts back to SAP ETD e,g, a suspicious IP address identified in Splunk can be added to the details of an

investigation in SAP ETD. •Integration to other solutions: All ETD alerts can now be published in CEF, LEEF, JSON format. •Increased Efficiency and Accuracy in Analysis incl. Artificial IntelligenceMonitoring Enhancements: • Show number of Original Data and Unrecognized logs Enhancements on streaming engine: • Add support for SSL encryption of JDBC connection • Provide HTTP endpoint on log collector for plain text messages New Log types for more detailed analysis:

• SOAP WebServices can now be integrated via Kernel API

2019 – Recent Innovations



Some of the New Features & Benefits: • Step by step integration of SAP Cloud Solutions gaining more transparency across SAP products. e.g. SuccessFactors, Ariba,

Hybris, Concur. • Protection against known unpatched vulnerabilities. • Security patch state gives the user transparency about actions that need to be immediately taken in order to close a security incident

(e.g. patch the system). • Graphical state of the nation report including state of compromise. • ETD health checks e.g. log outages, system outages, errors of pattern jobs, query performance etc. • Detection of malware spreading attacks. • Tools for a convenient continuous delivery of content packages. Increased efficiency and accuracy in analysis incl. artificial intelligence: • Anomaly detection

Warning on activation if referenced data is too huge.Visualize of the distribution of values under different settings when creating an evaluation. Displaying the status of an anomaly detection if no result is available.

• Enhanced attack path automatic enrichment of information plus semi automatic pattern creation. New Log types for more detailed analysis: Support of Message Server Log Support of HTTP Client Log

2020 – Planned Innovations



Integration Continue integration with SAP products, platforms and Cloud solutions. Enterprise Threat Detection on SAP HANA Cloud Platform Artificial Intelligence Text analysis of threats described in the internet. Connect of Vulnerability Databases and automated creation of related Attack Detection Patterns. Automated Attack Detection Patterns creation based on results of manual analysis and of other input channels. SAP Enterprise Threat Detection becomes threat intelligence provider Advanced Persistent Threat detection. Machine learning for better alert qualification. Machine learning for easier log interpretation / log learning. Proactive protection based on industry-, technology-, and region-specific risks. Customer community providing threat signatures and attack detection patterns. Predictive threat notification based on publicly available information.

2022 – Product Vision


Send all masked dataUI Masking

Send all visible data displayed on screen

UI Logging

Reality and Vision: Protecting the Intelligent Enterprise: Unique integration Patterns – Kernel API

New UI Logging and UI masking patterns

Enterprise Threat Detection

Send logs via Kernel API

Some of the new Patterns

• Too Many reveal on demand

• Unmasked critical fields accessed

• Critical Employee data viewed

• Lookup many employees

• Download Employee data

Tamper proof Log Distribution


Send all masked dataUI Masking

Reality and Vision: Protecting the Intelligent Enterprise: Unique integration Patterns – Context Sensitive Control

New UI Logging and UI masking patterns

Enterprise Threat Detection

User press Reveal button

Is system under surveillance?

User Alert count + Severity?

Request: is reveal allowed?

Response: NoShow masked data

* * * * *

Response: Yes

Error Message


UI Masking

Reality and Vision: Protecting the Intelligent Enterprise: Integration Patterns – Business Rule based Control

Threat patternsEnterprise Threat Detection

User Alert count + Severity?

Business Rules

Logs

Logs

Logs

Reveal: Yes

Reveal: No

Show masked data

Error Message

Summary and further information


Introduction movie/use cases [4:30min]: https://www.sap.com/assetdetail/2017/01/a4d972a3-a37c-0010-82c7-eda71af511fa.html

Public presentation: https://www.sap.com/documents/2015/06/0a0d918e-5b7c-0010-82c7-eda71af511fa.html

UI Masking overview blog (product team): https://blogs.sap.com/2019/05/06/general-information-ui-masking-solution/

UI Logging introduction (partner blog) : https://xiting.us/blog/introduction-to-sap-ui-data-security/

UI Masking - SAP Help Portal: https://help.sap.com/viewer/p/UI_MASKING

UI Logging - SAP Help Portal: https://help.sap.com/viewer/product/UI_LOGGING

UI Masking official roadmap: https://www.sap.com/germany/products/roadmaps/finder-products.html#pdf-asset=8699fa20-1f7d-0010-87a3-c30de2ffd8ff&page=1

UIM + UIL partner introduction (more content forthcoming): https://winterhawk.com/sap-grc/ui-logging-masking/

Special scenario: Context based masking in ECC scenarios: https://blogs.sap.com/2018/10/31/context-based-masking-scenarios-for-field-masking-for-sap-gui/

Enterprise Threat Detection overview: https://www.sap.com/germany/products/enterprise-threat-detection.html

Further information

https://www.sap.com/assetdetail/2017/01/a4d972a3-a37c-0010-82c7-eda71af511fa.html

https://www.sap.com/documents/2015/06/0a0d918e-5b7c-0010-82c7-eda71af511fa.html

https://blogs.sap.com/2019/05/06/general-information-ui-masking-solution/

https://xiting.us/blog/introduction-to-sap-ui-data-security/

https://help.sap.com/viewer/p/UI_MASKING

https://help.sap.com/viewer/product/UI_LOGGING

https://www.sap.com/germany/products/roadmaps/finder-products.html

https://winterhawk.com/sap-grc/ui-logging-masking/

https://blogs.sap.com/2018/10/31/context-based-masking-scenarios-for-field-masking-for-sap-gui/

https://www.sap.com/germany/products/enterprise-threat-detection.html

Contact us

Nanette BaberBusiness Development

T +61 421891880E [email protected]

http://www.sap.com/innovbizsolutions

SAP Innovative Business Solutions, A/NZ/PH

Amit Bajaj Senior Consultant GRC/IDM

T +61401365501E [email protected]

http://www.sap.com/innovbizsolutions

SAP Australia, Governance Risk and Compliance

http://sap.com

http://sap.com

sap cybersecurityanddataprotection › resources › documents › cyber... · sap enterprise...

Documents