1. 1. Solving Security, Collaboration and MobilityChallenges in SAP with Microsoft TechnologiesWEBINARSeptember 17, 20141 2014 SECUDE AG
2. 2. Todays SpeakersTim DavisPrincipal Program Manager LeadMicrosoftAparna JueTechnical Product ManagerSECUDE2 2014 SECUDE AG
3. 3. Agenda1 Challenges SAP Companies Face234Microsoft Enterprise Mobility SuiteExtending Microsoft Technologies to SAPDemo3 2014 SECUDE AG
4. 4. 1 Challenges SAP Companies Face4 2014 SECUDE AG
5. 5. SAP at the Heart of the EnterpriseTrade secretsSecret formulaPricing strategyHRPIISSNSalaryCOBalance sheetsCash flowsAccounts payables &receivablesFI/FHCMBank account numbersBudgetsInvoicesBWStrategy detailsSDRevenuesBillingQM Vendors and resourcesProduct specsPPCRMClient infoCredit card numbersTrade process secrets5 2014 SECUDE AG
6. 6. Todays ChallengesCloud & mobility Business collaboration Security:Data breaches onthe riseEroding enterpriseperimeterIT consumerizationLoss of control overcorporate dataCloud-based andfile-sharing toolsNo balance betweensharing and security6 2014 SECUDE AG
7. 7. There is NO Stopping Cloud & Mobility 77% of IT leaders report cloud-based infrastructurein their companies (Forbes) 71% require technology that enables their staff towork anywhere at any time (Microsoft) The BYOD market will increase to $181 billion by2017 (MarketsandMarkets) 84% of employees use personal devices forbusiness use (IBM)7 2014 SECUDE AG
8. 8. Bring Your Own DISASTER9 out of 10employees dontuse passwordsecurity on theirdevices(Osterman Research)51%have had dataloss due toinsecure devices(Websense)81%admit accessingtheir employersnetwork withouttheir employersknowledge orpermission (JuniperNetwork)46%who use apersonal devicefor work have letsomeone elseuse It(Harris Poll of US Adults)66%who use apersonal devicefor work say thattheirorganizationdoesnt have aBYOD policy(Harris Poll of US Adults)8 2014 SECUDE AG
9. 9. The New Collaboration: Changing the Workplace54% worryabout safety oftheirinformationwhen usingcollaborativetools (Athento)49% oforganizationsuse documentcollaborationtools(Computer Weekly)On average,people sendand receive15 emails withattachments aday (Microsoft)62% lose filessent to themin attachments(Microsoft)6 copies ofevery shareddocument arecreated onaverage (Silversky)9 2014 SECUDE AG
10. 10. Data Security ConcernsFast-Paced TechnologyExplosion supports the successof your businessThat success is tied toyour greatest asset -DATAHow will you protectyour assets?10 2014 SECUDE AG
11. 11. Borderless IT Corporate perimeter iseroding/has eroded Knowing where your data hasbecome a challenge Keeping track is next toimpossible Data exists to be consumed andshared Locking everything down anddisallowing employees to use datais counter-productive Data itself should be protected forsecure movement and usagePartnerEmployees11 2014 SECUDE AG
12. 12. The Risk is Real$5.85 millionAverage cost of data breach in USA in 2014Source: 2014 Cost of Data Breach, Ponemon InstituteFinancial consequences of a data breachDivided by categories29%21%ReputatioLostnproductivitydamage12%Forensics19%LostrevenueCause of Data BreachMalicious attack System glitchHuman error42%30%29%10%Technicalsupport8%RegulatorySource: IBMSource: 2014 Cost of Data Breach, Ponemon Institute12 2014 SECUDE AG
13. 13. 2 Microsoft Enterprise Mobility Suite13 2014 SECUDE AG
14. 14. Introducing the Enterprise Mobility SuiteWindows IntuneMobile devicesettings managementMobile applicationmanagementSelective wipeMicrosoft Azure Active Directory PremiumSecurity reports, andaudit reports, multi-factorauthenticationSelf-service passwordreset and groupmanagementConnection betweenActive Directory andAzure Active DirectoryMobile devicemanagementMicrosoft Azure Rights Management serviceInformationprotectionConnection to on-premisesassetsBring your own key14 2014 SECUDE AG
15. 15. Mobile Device Management (MDM)Enable your usersAccess company resourcesconsistently across devicesSimplify device registration andenrollmentSynchronize corporate dataProtect your dataProtect corporate information byselectively wiping applicationsand data from retired or lostdevicesUse a common identity foraccessing resources on-premisesand in the cloudIdentify compromised mobiledevicesUnify your environmentManage on-premises and cloud-baseddevices from a singleconsoleGet simplified, user-centric appmanagement across devicesGet comprehensive settingsmanagement across platforms,including certificates, VPNs, andwireless network profiles15 2014 SECUDE AG
16. 16. Azure Active Directory PremiumTake advantage of adirectory in the cloudGroup-based application accessassignment and provisioning tothousands of software-as-a-service(SaaS) applications for single sign-onCompany brandingEnterprise SLA of 99.9 percentBuilt on top of a free offeringRobust set of capabilities for empowering enterprises withdemanding identity and access management needsUsage rights for Microsoft Forefront Identity Manager serverlicenses and CALsEmpower usersSelf-service password resetDelegated group managementMonitor and protectaccess to applicationsSecurity reports based on machinelearningApplication usage reportsMulti-factor authentication16 2014 SECUDE AG
17. 17. Windows IntuneEnterprise Mobility SuiteMobile devicesettings managementSelf-service passwordreset and multi-factorauthenticationSelective wipeMicrosoft Azure Active Directory PremiumGroup management,security reports, andaudit reportsMobile applicationmanagementConnection betweenActive Directory andAzure Active DirectoryMicrosoft Azure Rights Management serviceInformationprotectionConnection to on-premisesassetsBring your own key17 2014 SECUDE AG
18. 18. Enabling Data to Flow from One Org toAnotherSharing dataSecurely share any file type,from within common userexperiencesBetween organizationsAuthenticate users from otherorganizations (without havingto implement point to pointfederation)Maintain controlEnlightened applications suchas Office and PDF readers offerthe ability to enforce rights.18 2014 SECUDE AG
19. 19. Our approachProtect any file typeDelight with Office docs,PDF, Text, and Images.Important applicationsand services areenlightenedDelight with Office docs,PDF, Text, and Images.Share with anyoneB2B sharing is mostimportant withB2C on the riseCSOs and Services canreason over dataDelegated access to datawith bring-your-own-keyProtect in place,and in flightData is protected all thetimeMeet the variedorganizational needsProtection enforced in thecloud, or on-premises; withdata in both places.19 2014 SECUDE AG
20. 20. Microsoft Rights ManagementClient integrationUserAuthenticationIntegrationAuthentication andcollaborationBYO KeyClient integration20 2014 SECUDE AG
21. 21. Rights Management 101Usage rights +symmetric key storedin file as licenseSecretCola FormulaWaterHFCSBrown #16SecretLicenseprotected by org-ownedRSA keyCola FormulaWaterHFCSBrown #16Use Rights +#!@#!#!@#!()&)(*&)(@#!#!@#!#!@#!()&)(*&)(@#!#!@#!#!@#!()&)(*&)(@#!Protect UnprotectFile is protectedby an AESsymmetric key21 2014 SECUDE AG
22. 22. Rights Management 101Use Rights +#!@#!#!@#!()&)(*&)(@#!#!@#!#!@#!()&)(*&)(@#!#!@#!#!@#!()&)(*&)(@#!RMS-enlightened appsenforce rights, GenericProtection offered bythe RMS AppEnlightened apps usethe RMS SDK whichcommunicates with theRMS key managementserversFile content isnever sent to theRMSserver/service22 2014 SECUDE AG
23. 23. Questions?23 2014 SECUDE AG
24. 24. 3 Extending Microsoft Technologies into SAP24 2014 SECUDE AG
25. 25. Microsoft RMS and SAP - Challenges End-user Interaction isrequired SAPs Roles andAuthorization Model vs.RMS Protection Templates Gap in Protection Lack of Audit Trail25 2014 SECUDE AG
26. 26. Where do We Extend Rights Management?EmployeesCompetitorPartnerFile Server26 2014 SECUDE AG
27. 27. Halocore for SAP NetWeaverInterceptsdata leavingSAPData-centricprotectionProtectionSuggests orenforcesclassificationProtects dataencryption+policyCreatesaudit trialMobile and cloudsecuritySafecollaborationCompliance AuditHalocore Benefits Provides data-centricprotection of sensitive SAPinformation Minimizes risk of databreaches, theft and loss Controls who has access tosensitive information Boosts secure collaboration Enables compliance Offers advanced auditingcapabilities27 2014 SECUDE AG
28. 28. Powerful Architecture Halocore Client: Add-in for SAP NetWeaver ABAP LDAP and SOAP communication Halocore Server: Windows Service SOAP and FileProtection API28 2014 SECUDE AG
29. 29. Innovative Design29 2014 SECUDE AG
30. 30. Halocore Features1 Encryption: each file downloaded from SAP NetWeaver-basedapplications is protected with strong encryptionData-centricprotectionData/documentsthemselves areprotected30 2014 SECUDE AG
31. 31. Halocore Features2 Fine-grained access policies: based on SAPs existingroles and authorizations scheme, only authorized peoplecan access certain informationPoliciesOwner-onlyDepartmentCompanyPartnerConsultant31 2014 SECUDE AG
32. 32. Halocore Features3 Mobile & cloud data security: documents remainprotected when moved to mobile devices and the cloudPersistentprotectionIn case device islost or stolen orcloud is hacked,data is stillsecure32 2014 SECUDE AG
33. 33. Halocore Features4 Advanced auditing & reporting: complete audit trail ofall download activityAudit logfilteringUser roleFunctional areaGeographic regionTransaction type33 2014 SECUDE AG
34. 34. User View Choose from companypolicy list Create own policy Save unprotected See nothing and donothing34 2014 SECUDE AG
35. 35. Auditing Capabilities - CustomizingYour View35 2014 SECUDE AG
36. 36. Auditing Capabilities - The Log File36 2014 SECUDE AG
37. 37. 4 Demo37 2014 SECUDE AG
38. 38. Demo: Protecting HR Data Leaving SAP38 2014 SECUDE AG
39. 39. Questions?39 2014 SECUDE AG
40. 40. Next StepsData Export Auditor for SAP Free tool to monitor all data leaving SAP Each and every download is tracked Intelligent classification Request download at http://www.secude.com/solutions/halocore-data-export-auditor-for-sap/40 2014 SECUDE AG
41. 41. Additional Product Information41 2014 SECUDE AG
42. 42. Support OptionsService offeringsLicense andsubscriptionsupportTechnical support Premier Support detailsAzure ActiveDirectory PremiumIncluded insubscriptionRequires additionalpaid supportSupported http://www.windowsazure.com/en-us/support/plans/Windows Intune Included insubscriptionIncluded insubscriptionSupported https://support.microsoftonline.com/default.aspx?productkey=intunesupp&scrx=1Azure RightsManagementIncluded insubscriptionIncluded insubscriptionSupported http://office.microsoft.com/en-us/support/contact-us-FX103894077.aspx42 2014 SECUDE AG
43. 43. Aparna JueTechnical Product ManagerOffice: +1 (404) 977-0940)Aparna.Jue@usa.secude.com | www.secude.comSECUDE IT Security, LLC3331 Sundew Ct, Alpharetta, GA 30005, USA43 2014 SECUDE AG
44. 44. CopyrightSECUDE AG 2014 All rights reserved.All product and service names mentioned are thetrademarks of their respective companies. No part of thispublication may be reproduced or transmitted in any form orfor any purpose without the express written permission ofSECUDE AG. The information contained herein may bechanged without prior notice.Microsoft, Windows, and Active Directory are the brandnames or registered trademarks of Microsoft Corporation inthe United States.44 2014 SECUDE AG
45. 45. 45 2014 SECUDE AG
46. 46. 46 2014 SECUDE AG