Beskyttelse af følsomme data i SAP® systemer

!  Der er allerede krav om
beskyttelse af sensitive data
!  Nye EU-regler er på vej –
krav til beskyttelse af
sensitive data er skærpet
!  Data Secure kan maskere et
hvilket som helst felt – også
Z-felter
!  Maskering kan sættes op på
tværs af SAP landskabet
Beskyttelse af følsomme data i SAP® systemer
Karin Ejstrup – Business Development Manager, EPI-USE Labs
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Agenda
!  Kort om EPI-USE Labs
!  Hvordan beskytter man ikke-produktive systemer
!  Værktøjet hertil; Data Secure™, en del af suiten Data
Sync Manager ™
!  “Right to be forgotten” – hvordan man kan
“glemme” noget i et produkt system
!  Questions & Answers
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Introduktion til EPI-USE Labs
Part of the EPI-USE group
1000+ employees
specializing in SAP® and
SuccessFactors®
SAP data-solution experts
Dedicated and innovative
employees of
which 35% in R&D
Services
Implementation, reporting,
landscape optimization,
product support, and more
Cloud managed hosting
Cloud project expertise
SAP-certified products
Third-party solutions for SAP
ALM, HCM and more
Custom development
Unique solutions, mobile apps,
and integration of different
systems with SAP
environments
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Vores produkter
Application Lifecycle
Management
!  Data Sync Manager (DSM)
!  System Builder
!  Client Sync
!  Object Sync
!  Data Secure
!  EPI-USE Cloud Platform (ECP)
Human Capital Management
! 
! 
! 
! 
Query Manager
Variance Monitor
Pay Recon
Advanced Time Process
Manager
ERP, CRM, SRM, GTS, BW, SCM, NW
(HANA compatible)
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Vores services
Landscape Transformation
Solution as a Service (SaaS)
!  Company-code carve-outs
!  HR system splits
!  Mergers and Acquisitions
! 
! 
! 
! 
! 
S, BW, SCM)
Periodic test-system refreshes
New system provisioning
Ad-hoc data requirements
Software-as-a-Service
HCM-report writing
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Vores support
Dedicated
in-house team
24 hours
80% tickets resolved
in < 24 hours
every workday
Wide language
support
700+ customers
globally
Satisfied
customers
“The support I get from your company has been and continues to be some of the best I have
seen in years of working with software companies.”
Global electronics manufacturing company, Florida (USA)
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Nogle af vores kunder
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
The Landscape Management
challenge
!  System or Client copies are no longer feasible or quite
expensive because of the size of production systems
!  Test data is outdated or not sufficient
!  Sensitive data is being made available in low security
systems
!  All or nothing approach!
8
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Common landscape challenges
Disk space
Sensitive data
Down time
BDLS
Testing environments
System refreshes
Basis resources
Upgrade testing
Data size
Problem simulations
Config testing
Out-dated test data
Functional team needs
Training scenarios
Partial refreshes
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
En typisk opbygning
Requires up-to-date Data
Transactions
Development
Configuration
SAP Support
packs
Testing
Training
interfaces
Testing
DEV
Latest configuration/
development
Transactions
Master data
changes
Master data
changes
Incoming
interfaces
Incoming
QA
PRD
Latest application
data
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Dette er
Data Sync
Manager
▪  Certificeret af SAP
▪  Ingen særskilt server eller
middleware
▪  Implementeret på få dage
▪  Virker til alle SAPapplikationer (ERP, BW, SRM,
CRM, SCM, GTS, NW; incl.
HANA) og brancheløsninger i
ERP
▪  VIRKER ! - spørg vores
kunder
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Masking with Data Sync Manager
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Copying with Data Sync Manager
Integrated solution for SAP System, Client and Object copying
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Client Sync reducerer behovet for
diskplads og kan sortere følsomme
data fra
!  selectively copy and scramble data on demand selectively copy and
scramble data on demand
!  save data storage space - up to 80%!
!  minimise the need for full refreshes and eliminate manual data
entry
4TB + 4TB + 4TB
= 12 TB
0.7TB 1TB + 4TB
= 5.7 TB
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Data Sync Manager for HCM
Sikker og let kopiering af SAP HCM data
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
✓  Få det hele med
▪ 
▪ 
▪ 
▪ 
▪ 
▪ 
▪ 
▪ 
▪ 
▪ 
▪ 
Infotype data - including custom Infotypes and relationships
Payroll - including FI Postings and Payments files
Time - including CATS / CATSDB
All PD data (including PD Mass Copy)
Appraisal Records (PHAP / HRHAP)
Learning Solution / LSO Participation documents
Trip / Travel Management
Archive links
Compensation Planning
Custom Infotypes and relationships (PA and PD)
PU12 interface data
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Complete Integration
▪  Transfer of dependent information from EMPLOYEE Object:
▪  Related Cost Centres,
▪  Organisational Structures / Cost Centre Hierarchy
▪  LSO Participation Documents
▪  User (MSS/ESS)
▪  Vendor
▪  etc...
▪  Transfer/integration of other SAP module data
▪  GL Accounts
▪  Cost Centre Master
▪  Project (WBS Elements)
▪  Vendor
▪  Internal Orders
▪  etc....
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Screenshots OS for HCM - animation
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
What is scrambling?
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
The scrambling challenge
!  SAP customers from all industries are facing two big
questions:
What do we need to
scramble in which
non-production
systems?
How do we do it?
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Challenge 1: What do we scramble?
“If we scramble everything that an auditor feels could be
sensitive, the data will be useless for testing or training”
Functional consultant
“If we do not scramble enough of the sensitive information
we could be in breach of legislation. We have a responsibility to
our employees, customers and partners”
Auditor
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
A compromise is required
but how do I make sure it is the right one?
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
How do we scramble?
In-house solutions
can be time
consuming, difficult
to maintain and not
always compliant!
Some fields have
simple field
validation
e.g. postal codes
Upgrades and
enhancement packs
could add additional
sensitive information
Other fields directly
interact with other
properties of the data
e.g. Material price
information
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Vi klarer det med Data Secure "
!  Scrambling of data in non-production instances
!  Standalone - used on any client
!  Integrated - used with Client Sync
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Secure
✓  Standard SAP Authorisations
✓  Additional Data Sync Manager role based
authorisations
✓  Data Scrambling on ANY field
✓  Cloning of data
✓  Enhanced Audit Trails
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Customer performance
benchmarks
Data Secure scrambled a standard profile of Employees, Vendors,
Customers, Business Partners and Addresses for the following
companies in record time.
114 GB
0 hrs 12 mins
COOP (Denmark)
1.0 TB
2 hrs 23 mins
Ibermatica/ONCE (Spain)
1.24 TB
BlueScope (Australia)
2 hrs 44 mins
420 GB
Cuatrecasas (Spain)
0 hrs 52 mins
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
992 393 Customers
23 829 Employees
94 846 Vendors
System size of
3.1 TB
272 849 Business Partners
Scambled in:
1 600 000 Addresses
25 mins
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Summary
!  Scrambling is a compromise which attempts to satisfy
two needs:
!  Fit-for-purpose testing data
!  Data protection compliance
!  Design a non-production SAP landscape strategy that
determines, for each client, which data is permitted to be
present, and if necessary, which should be scrambled
!  Manage authorisations in line with the strategy
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Summary cont.
!  DSM Data Secure’s flexibility allows the best possible
testing data in each client while protecting the sensitivity
of the data
!  Commonly required routines are provided ‘out of the box’
!  Easy-to-use framework allows you to add extra routines
!  Performance is tuned to scramble complete clients in a
few hours
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
‘Right to be forgotten’
!  Removal of data in production!
!  SAP Archiving requires master data to have no
transactions before it can be removed
!  Example: Customer buys a product and then a
month later wants to be forgotten
!  Can’t delete -> must anonymise
!  Let’s take a look at how EPI-USE Labs
technology could assist…
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Roadmap for “Right to be forgotten”
!  Provide an interface to report on aged data and
activities across systems (ERP, CRM)
!  Selected records for approval
!  Call the anonymisation engine also used by
Data Secure with specific controls for GDPR
production in-place masking
!  Controlled anonymisation in production
!  Target availability: January 2016
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Client Sync implementering
▪ 
▪ 
▪ 
▪ 
▪ 
▪ 
▪ 
Execute Object Analysis Program
Solutions Consultant provides a document on the requirements
for the implementation
Install the DSM transport
Implement DSM - typically 5 days per module, 2 days for Data
Secure/scrambling
Tune performance and verify new target clients
Provide training to Basis and Technical users
Solutions Consultant supplies Summary Document with
recommendations and benchmarks
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
RS Components – savings
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Edwards – savings
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
En byttehandel?
!  Mod visse grundoplysninger om jeres SAP
systemlandskab – får I
!  Et dokument om scrambling
!  En demonstration af de løsninger, der kan være
relevante for jer
!  En systemanalyse der indikerer mulige besparelser i
tid og databasestørrelse
karin@labs.epiuse.com
+45 2348 5245
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.
Spørgsmål?
www.epiuselabs.com
karin@labs.epiuse.com
http://support.epiuse.com
@EPIUSELabs
EPI-USE Labs
EPI-USE_Labs
Copyright 2015 by EPI-USE Systems Limited. Confidential and proprietary.