In this webinar, join security experts from Microsoft and SECUDE, a well-established security provider specializing in SAP, to learn how enterprises can embrace cloud and mobility, while ensuring that corporate assets are well protected.

1. Solving Security, Collaboration and Mobility
Challenges in SAP with Microsoft Technologies
WEBINAR
September 17, 2014
1 © 2014 SECUDE AG

2. Today’s Speakers
Tim Davis
Principal Program Manager Lead
Microsoft
Aparna Jue
Technical Product Manager
SECUDE
2 © 2014 SECUDE AG

3. Agenda
1 Challenges SAP Companies Face
2
3
4
Microsoft Enterprise Mobility Suite
Extending Microsoft Technologies to SAP
Demo
3 © 2014 SECUDE AG

4. 1 Challenges SAP Companies Face
4 © 2014 SECUDE AG

5. SAP at the Heart of the Enterprise
Trade secrets
Secret formula
Pricing strategy
HR
PII
SSN
Salary
CO
Balance sheets
Cash flows
Accounts payables &
receivables
FI/FHCM
Bank account numbers
Budgets
Invoices
BW
Strategy details
SD
Revenues
Billing
QM Vendors and resources
Product specs
PP
CRM
Client info
Credit card numbers
Trade process secrets
5 © 2014 SECUDE AG

6. Today’s Challenges
Cloud & mobility Business collaboration Security
:
Data breaches on
the rise
Eroding enterprise
perimeter
IT consumerization
Loss of control over
corporate data
Cloud-based and
file-sharing tools
No balance between
sharing and security
6 © 2014 SECUDE AG

7. There is NO Stopping Cloud & Mobility
• 77% of IT leaders report cloud-based infrastructure
in their companies (Forbes)
• 71% require technology that enables their staff to
work anywhere at any time (Microsoft)
• The BYOD market will increase to $181 billion by
2017 (MarketsandMarkets)
• 84% of employees use personal devices for
business use (IBM)
7 © 2014 SECUDE AG

8. Bring Your Own DISASTER
9 out of 10
employees don’t
use password
security on their
devices
(Osterman Research)
51%
have had data
loss due to
insecure devices
(Websense)
81%
admit accessing
their employer’s
network without
their employer’s
knowledge or
permission (Juniper
Network)
46%
who use a
personal device
for work have let
someone else
use It
(Harris Poll of US Adults)
66%
who use a
personal device
for work say that
their
organization
doesn’t have a
BYOD policy
(Harris Poll of US Adults)
8 © 2014 SECUDE AG

9. The New Collaboration: Changing the Workplace
54% worry
about safety of
their
information
when using
collaborative
tools (Athento)
49% of
organizations
use document
collaboration
tools
(Computer Weekly)
On average,
people send
and receive
15 emails with
attachments a
day (Microsoft)
62% lose files
sent to them
in attachments
(Microsoft)
6 copies of
every shared
document are
created on
average (Silversky)
9 © 2014 SECUDE AG

10. Data Security Concerns
Fast-Paced Technology
Explosion supports the success
of your business
That success is tied to
your greatest asset -
DATA
How will you protect
your assets?
10 © 2014 SECUDE AG

11. Borderless IT
• Corporate perimeter is
eroding/has eroded
• Knowing where your data has
become a challenge
• Keeping track is next to
impossible
• Data exists to be consumed and
shared
– Locking everything down and
disallowing employees to use data
is counter-productive
– Data itself should be protected for
secure movement and usage
Partner
Employees
11 © 2014 SECUDE AG

12. The Risk is Real
$5.85 million
Average cost of data breach in USA in 2014
Source: 2014 Cost of Data Breach, Ponemon Institute
Financial consequences of a data breach
Divided by categories
29%
21%
Reputatio
Lost
n
productivity
damage
12%
Forensics
19%
Lost
revenue
Cause of Data Breach
Malicious attack System glitch
Human error
42%
30%
29%
10%
Technical
support
8%
Regulatory
Source: IBM
Source: 2014 Cost of Data Breach, Ponemon Institute
12 © 2014 SECUDE AG

13. 2 Microsoft Enterprise Mobility Suite
13 © 2014 SECUDE AG

14. Introducing the Enterprise Mobility Suite
Windows Intune
Mobile device
settings management
Mobile application
management
Selective wipe
Microsoft Azure Active Directory Premium
Security reports, and
audit reports, multi-factor
authentication
Self-service password
reset and group
management
Connection between
Active Directory and
Azure Active Directory
Mobile device
management
Microsoft Azure Rights Management service
Information
protection
Connection to on-premises
assets
Bring your own key
14 © 2014 SECUDE AG

15. Mobile Device Management (MDM)
Enable your users
Access company resources
consistently across devices
Simplify device registration and
enrollment
Synchronize corporate data
Protect your data
Protect corporate information by
selectively wiping applications
and data from retired or lost
devices
Use a common identity for
accessing resources on-premises
and in the cloud
Identify compromised mobile
devices
Unify your environment
Manage on-premises and cloud-based
devices from a single
console
Get simplified, user-centric app
management across devices
Get comprehensive settings
management across platforms,
including certificates, VPNs, and
wireless network profiles
15 © 2014 SECUDE AG

16. Azure Active Directory Premium
Take advantage of a
directory in the cloud
Group-based application access
assignment and provisioning to
thousands of software-as-a-service
(SaaS) applications for single sign-on
Company branding
Enterprise SLA of 99.9 percent
Built on top of a free offering
Robust set of capabilities for empowering enterprises with
demanding identity and access management needs
Usage rights for Microsoft Forefront Identity Manager server
licenses and CALs
Empower users
Self-service password reset
Delegated group management
Monitor and protect
access to applications
Security reports based on machine
learning
Application usage reports
Multi-factor authentication
16 © 2014 SECUDE AG

17. Windows Intune
Enterprise Mobility Suite
Mobile device
settings management
Self-service password
reset and multi-factor
authentication
Selective wipe
Microsoft Azure Active Directory Premium
Group management,
security reports, and
audit reports
Mobile application
management
Connection between
Active Directory and
Azure Active Directory
Microsoft Azure Rights Management service
Information
protection
Connection to on-premises
assets
Bring your own key
17 © 2014 SECUDE AG

18. Enabling Data to Flow from One Org to
Another
Sharing data
Securely share any file type,
from within common user
experiences
Between organizations
Authenticate users from other
organizations (without having
to implement point to point
federation)
Maintain control
Enlightened applications such
as Office and PDF readers offer
the ability to enforce rights.
18 © 2014 SECUDE AG

19. Our approach
Protect any file type
Delight with Office docs,
PDF, Text, and Images.
Important applications
and services are
enlightened
Delight with Office docs,
PDF, Text, and Images.
Share with anyone
B2B sharing is most
important with
B2C on the rise
CSOs and Services can
‘reason over data’
Delegated access to data
with bring-your-own-key
Protect in place,
and in flight
Data is protected all the
time
Meet the varied
organizational needs
Protection enforced in the
cloud, or on-premises; with
data in both places.
19 © 2014 SECUDE AG

20. Microsoft Rights Management
Client integration
User
Authentication
Integration
Authentication and
collaboration
BYO Key
Client integration
20 © 2014 SECUDE AG

21. Rights Management 101
Usage rights +
symmetric key stored
in file as ‘license’
Secret
Cola Formula
Water
HFCS
Brown #16
Secret
License
protected by org-owned
RSA key
Cola Formula
Water
HFCS
Brown #16
Use Rights +
#!@#!#!@#!
()&)(*&)(@#!
#!@#!#!@#!
()&)(*&)(@#!
#!@#!#!@#!
()&)(*&)(@#!
Protect Unprotect
File is protected
by an AES
symmetric key
21 © 2014 SECUDE AG

22. Rights Management 101
Use Rights +
#!@#!#!@#!
()&)(*&)(@#!
#!@#!#!@#!
()&)(*&)(@#!
#!@#!#!@#!
()&)(*&)(@#!
RMS-enlightened apps
enforce rights, Generic
Protection offered by
the RMS App
Enlightened apps use
the RMS SDK which
communicates with the
RMS key management
servers
File content is
never sent to the
RMS
server/service
22 © 2014 SECUDE AG

23. Questions?
23 © 2014 SECUDE AG

24. 3 Extending Microsoft Technologies into SAP
24 © 2014 SECUDE AG

25. Microsoft RMS and SAP - Challenges
• End-user Interaction is
required
• SAP’s Roles and
Authorization Model vs.
RMS Protection Templates
• Gap in Protection
• Lack of Audit Trail
25 © 2014 SECUDE AG

26. Where do We Extend Rights Management?
Employees
Competitor
Partner
File Server
26 © 2014 SECUDE AG

27. Halocore for SAP NetWeaver
Intercepts
data leaving
SAP
Data-centric
protection
Protection
Suggests or
enforces
classification
Protects data
encryption
+policy
Creates
audit trial
Mobile and cloud
security
Safe
collaboration
Compliance Audit
Halocore Benefits
• Provides data-centric
protection of sensitive SAP
information
• Minimizes risk of data
breaches, theft and loss
• Controls who has access to
sensitive information
• Boosts secure collaboration
• Enables compliance
• Offers advanced auditing
capabilities
27 © 2014 SECUDE AG

28. Powerful Architecture
• Halocore Client: Add-in for SAP NetWeaver ABAP
– LDAP and SOAP communication
• Halocore Server: Windows Service
– SOAP and FileProtection API
28 © 2014 SECUDE AG

29. Innovative Design
29 © 2014 SECUDE AG

30. Halocore Features
1 Encryption: each file downloaded from SAP NetWeaver-based
applications is protected with strong encryption
Data-centric
protection
Data/documents
themselves are
protected
30 © 2014 SECUDE AG

31. Halocore Features
2 Fine-grained access policies: based on SAP’s existing
roles and authorizations scheme, only authorized people
can access certain information
Policies
Owner-only
Department
Company
Partner
Consultant
31 © 2014 SECUDE AG

32. Halocore Features
3 Mobile & cloud data security: documents remain
protected when moved to mobile devices and the cloud
Persistent
protection
In case device is
lost or stolen or
cloud is hacked,
data is still
secure
32 © 2014 SECUDE AG

33. Halocore Features
4 Advanced auditing & reporting: complete audit trail of
all download activity
Audit log
filtering
User role
Functional area
Geographic region
Transaction type
33 © 2014 SECUDE AG

34. User View
• Choose from company
policy list
• Create own policy
• Save unprotected
• See nothing and do
nothing
34 © 2014 SECUDE AG

35. Auditing Capabilities - Customizing
Your View
35 © 2014 SECUDE AG

36. Auditing Capabilities - The Log File
36 © 2014 SECUDE AG

37. 4 Demo
37 © 2014 SECUDE AG

38. Demo: Protecting HR Data Leaving SAP
38 © 2014 SECUDE AG

39. Questions?
39 © 2014 SECUDE AG

40. Next Steps
Data Export Auditor for SAP
• Free tool to monitor all data leaving SAP
• Each and every download is tracked
• Intelligent classification
• Request download at http://www.secude.com/solutions/halocore-data-
export-auditor-for-sap/
40 © 2014 SECUDE AG

41. Additional Product Information
41 © 2014 SECUDE AG

42. Support Options
Service offerings
License and
subscription
support
Technical support Premier Support details
Azure Active
Directory Premium
Included in
subscription
Requires additional
paid support
Supported http://www.windowsazure.co
m/en-us/support/plans/
Windows Intune Included in
subscription
Included in
subscription
Supported https://support.microsoftonlin
e.com/default.aspx?productk
ey=intunesupp&scrx=1
Azure Rights
Management
Included in
subscription
Included in
subscription
Supported http://office.microsoft.com/en-us/
support/contact-us-
FX103894077.aspx
42 © 2014 SECUDE AG

43. Aparna Jue
Technical Product Manager
Office: +1 (404) 977-0940)
Aparna.Jue@usa.secude.com | www.secude.com
SECUDE IT Security, LLC
3331 Sundew Ct, Alpharetta, GA 30005, USA
43 © 2014 SECUDE AG

44. Copyright
SECUDE AG © 2014 All rights reserved.
All product and service names mentioned are the
trademarks of their respective companies. No part of this
publication may be reproduced or transmitted in any form or
for any purpose without the express written permission of
SECUDE AG. The information contained herein may be
changed without prior notice.
Microsoft, Windows, and Active Directory are the brand
names or registered trademarks of Microsoft Corporation in
the United States.
44 © 2014 SECUDE AG

45. 45 © 2014 SECUDE AG

46. 46 © 2014 SECUDE AG