Safeguarding Your Crown Jewel: UI Data Protection

Data protection and privacy have always been important, but the desire to execute has become more crucial as sensitive data is digitized and shared online.

“Data is the new oil,” according to Clive Humby in 2006. In 2017, Jim Barbaresso said, “Data is the currency of the digital age.” The world has recognized the value of data in how people do business in the 21st century.

More than 400,000 companies are using SAP to run their business where often their most important data is processed.

Last year was one of privacy compliance, where many organizations were fined enormous amounts due to lack of data privacy processes and governance. This led to data protection and privacy regulations being constantly updated to suit the ever-changing threat landscape and required controls. Therefore, it is expected that these updates be implemented in 2022 and beyond.

SAP has been working on innovative options to protect its customers’ “crown jewel” — not just from external threats but those closest to it, such as employees, business partners, and other users who have privileges to access sensitive information.

As the new currency, data is worth a significant amount when stolen and sold on the black market or abused for money or any malicious intent. Industries and governments have therefore put in place regulatory and legal compliance requirements to help ensure that such sensitive information is not misused to cost companies their business or economies worldwide. The growing concerns and possible repercussions for neglecting to safeguard such data can lead to incidents where recovery is difficult.

A best practice for companies to proactively address data protection is to help employees avoid inadvertent data breaches. SAP addresses this with UI data protection masking and UI data protection logging packages developed by the Customer Innovation & Maintenance organization at SAP.

“With the increase in remote workers, companies are challenged with securing sensitive data while allowing employees to access information and execute business processes seamlessly,” said Thomas Ruhl, head of Product Management for Customer Innovation & Maintenance at SAP. “This is only one example of the growing data protection needs of our customers. That’s why we created the new UI data protection masking and UI data protection logging software, which enables them to safeguard their data using dynamic rules that can address complex business scenarios.”

Proven SAP Solutions Help Customers with Data Protection

UI data protection masking and UI data protection logging empower businesses to have control over which data, if deemed sensitive, should remain visible for a user to fulfill his or her job. It keeps an audit trail of user access and analyses it, helping eliminate the need to micromanage.

UI data protection masking and UI data protection logging target insider threats — be they intentional or unintentional. Rules can be set to obfuscate or reveal specific data to users according to nominated authorization levels.

The process of masking happens on the server side but only at the user interface layer and does not impact the application or data base layers. Masking is commonly used in concealing data such as personally identifiable information (PII), HR, financials, intellectual property, customer information, trade secrets, and anything that can be subject to harmful intent or mistake, thereby putting the business at significant risk.

UI logging is the ability to gather audit logs, allowing tracking and tracing of the journey of the data, including users who accessed them. It is synonymous to leaving a fingerprint at every turn. This is ideal for audit and investigative processes.

UI masking and UI logging also help address regulatory compliance requirements such as General Data Protection Regulation (GDPR). It may be EU-centric, but the regulation affects anyone or any entity outside of the EU who accesses, processes, or stores data of EU natural persons. More and more geographies are enacting similar legislation, often based on a similar direction as GDPR, such as the California Consumer Privacy Act (CCPA). Taking steps to be compliant will incur the least effort and cost as opposed to being fined for a significant amount. According to GDPR.eu, GDPR fines totaled US$63 million in its first year.

A use case that is becoming increasingly popular is data access by employees from separate entities, such as demergers, sharing the same application instance. This is when attribute-based authorization is relevant and less cumbersome without the need to modify the application nor provide an additional instance.

Here are questions that can help identify whether UI data protection masking and UI data protection logging are relevant to your business:

  • Does your organization use SAP?
  • Is sensitive information such as PII, trade secrets, IP, and business plans processed in SAP?
  • Is the sensitive information valuable enough to be protected?
  • Are there any data protection and privacy compliance requirements?
  • Is your organization’s business in the process of merging/demerging?
  • Do you find the static role-based authorization model insufficient?
  • Would a dynamic approach that offered better granularity be more appropriate?
  • Do you require a facility to investigate, spot data breaches, and ascertain who is responsible?

If the answer is yes to point one and to any of the following questions thereafter, then SAP would suggest:

  • Discovering what UI data protection masking and UI data protection logging for SAP can do from the UI Data Protection topic area on the SAP Community.
  • Contacting your SAP account manager to arrange an initial discovery call with the product team or SAP experts.
  • Planning the next steps together with the SAP team, such as solution value for your business case, solution demo, and more.