SAP has developed a new product, SAP UI Data Security, to support data protection requirements in the SAP environment. UI Data Security comprises two components: UI Masking and UI Logging.
UI Masking permits users to conceal individual fields to protect their data from being made available outside a selected group of people. Whenever field content configured for masking is to be shown on the screen, an authorization control determines which users are permitted to see the data in plain text and which users see the masking. The authorization control supplements the existing SAP authorization concept, adding more components and supporting increased data protection.
UI Logging reduces data misuse
UI Logging offers detailed logging for configurable data fields via user interfaces and technical interfaces. By contrast to other technologies, it is possible to trace when a data record was displayed – in addition to when it was created or edited. Creating awareness among employees can lower the probability of data misuse. The analysis function is another feature that cuts down follow-up effort in the case of actual misuse.
Little effort is necessary to implement UI Data Security in production. For example, it is possible in just a short time to mask and log dialog transactions, remote function calls, and web dynpro applications. The only thing that is missing is masking and logging for the F4 Help.
Protect sensitive data with UI Data Security
The UI Data Security functions provide options for approaching the data protection requirements for employee and customer data, and for sensitive business data. To achieve this, the challenge is to identify, for example, critical transactions and reports in the customer’s system landscape and to use UI Data Security to mask and log the fields requiring protection.
Do you want to learn more about your options for securing your SAP systems with UI Data Security? We will be more than happy to advise you and provide support for your targeted rollout. Get in touch with us today: sast@akquinet.de Check out our SAST SOLUTIONS website for more information on our portfolio.
Thomas Tenberge (SAP Security Consultant, SAST SOLUTIONS)
This might also be of interest to you:
10KBlaze and SAP Security II: Hype & Scaremongering
SAP Security & Compliance: Challenges in the Context of S/4HANA, Code Security, and the Cloud