Home

|

|

Adaptive Data Masking for Extended Data Protection

Adaptive Data Masking for Extended Data Protection

Data Masking in SAP

The Industrial Analysis on Data Breaching –

The various reports & publishing articles suggest out of 10 data breaches, the reason for 6 breaches is insiders & only 4 are from outside world. While there are several tools and techniques that are always deployed to mitigate the outsiders, hardly any internal controls are developed / monitored to mitigate the insiders. We always think that hacker sitting at home in front of several screens and using cryptic commands to hack into corporate networks, there are several reasons to it and an importance reason is because of prospection from web series, Hollywood, and Indian movies. As far as the security of SAP systems is concerned, insider attacks are by far the greater problem.

The research results –

  • (37%) of insider’s attack are because of extended authorization granted too generously, we all know foundational logic of SAP application are developed using roles & authorization.
  • (67 %) of insider’s attacks are because of vulnerability covers standard users who have not changed their default passwords, or an unprotected SAP gateway left open like a barn door.
  • Increasing complexity and a growing number of Cloud solutions such as On-Premises systems must somehow be integrated with each other. There are very few companies, however, who have a central instance that maintains an overview of all the interfaces that are in use. The SAP system offers an excellent starting point here, and not only because of its central importance. Appropriate solutions facilitate an overview of all interfaces.

What is Adaptive Algorithm?

Standard authentication methods, including Multi-Factor Authentication (MFA), ask users for specific credentials whenever they try to log in or access corporate resources. Adaptive Authentication asks for different credentials, depending upon the situation—tightening security when the risk of breach is higher.

When users always log in with standard credentials, such as a username and password, it makes them vulnerable to cyberattack. Authentication tools for identity and access management, such as MFA provide better security by requiring additional credentials, such as a code generated from a smartphone app. More factors help, but it’s still too easy for cybercriminals to acquire or hack the user’s various credentials and then use them to gain access. Adaptive authentication intelligently changes the requirements, making it much harder for a hacker to gain access to the enterprise because some of the signals that are used are difficult for an attacker to circumvent.

When you implement risk-based authentication in your organization, you determine the baseline login requirements for a given user or set of users. You might have stricter requirements for users in certain locales or users in roles that permit them access to sensitive information. Adaptive authentication works by creating a profile for each user, which includes information such as the user’s geographical location, registered devices, role, and more. Each time someone tries to authenticate, the request is evaluated and assigned a risk score. Depending on the risk score, the user may be required to provide additional credentials or, conversely, allowed to use fewer credentials. For example, if a user tries to access applications via an unregistered device, they may be prompted to register it. If the user logs in from a geographical location other than their office, they may have to answer a security question.

IT determines the response to requests with different risk scores. In any given scenario, the user may be allowed to authenticate, may be prevented from accessing, or may even be challenged to prove his or her identity.

Multitude – Data Masking for Data Protection.

Utility Example Screen shot –

The Execution of T Code will display the below screen-

1. If you select Global Parameter tab, it will display enable parameter screen.

2. And if you select Excluding user list tab, it will display maintain the user list for display entry.

3.Also, if you select Report master field tab, it will display maintain the program field.

4.If you select Masking field list tab, it will display maintain the program name and Program field and masking ID.

Screen Example –

Example 1 – If we don’t want to show the sales order price

Example 2 – Prefer not to show the gender in business partner

Conclusion: Through this blog you have come to know how important is to keep sensitive data beyond security control. DataNub expertise developed a solution using predictive analytics with power of AI & ML in SAP space. This solution enables Data Masking without any additional licensing (SAP UI Masking) through our tailor-made solution with AI infusion to it (Using Adaptive Algorithm).

Please reach out to sr@datanub.in / info@datanub.in for a live demo.

Scroll to Top