Avoiding GDPR Data Breach A guideline for SAP ERP business systems
Arola, Pasi (2019)
Metropolia Ammattikorkeakoulu
2019
All rights reserved
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-201902192485
https://urn.fi/URN:NBN:fi:amk-201902192485
Tiivistelmä
The purpose of this study was to create a handbook how to technically configure a SAP ERP system to avoid Data Breach attempts with selected non-licensed SAP-tools. This requirement of protecting the personal business data comes from the EU legalization of Global Data Protection Regulations. This is EU wide Data Protection Regulation and it came into effect 25th of May 2018. Example Company-X of this thesis is a big international IT-company, which operates in Finland and all examples concerning SAP-tools are related to its SAP department locating in Finland.
Existing knowledge was created to understand current situation about Global Data Protection readiness among of SAP customers related to Company-X, and to have understanding about Global Data Protection Regulations and SAP-tools concerning data breach. Three separated SAP tools were chosen, for this purpose. These three selected SAP-tools were not licensed products. Reason for this was, that they are available for all who have installed SAP ERP systems. Licensed products have been taken into account very shortly, and mentioned in the existing knowledge, but main focus is on the non-licensed SAP-tools. Conceptual framework tells background and version information about the SAP-tools, background information about Global Data Protection data breach regulations, and also includes current state analysis. Data for the current state analysis was collected by the survey interviews, inside of the Company-X, and for the Global Data Protection Regulations and SAP-tools existing knowledge collected by literature. Current state analysis and existing knowledge were combined together to build a framework for configuring chosen SAPtools to avoid Data Breach attempts in SAP ERP systems.
The outcome of this study is a handbook: Instructions using SAP tools concerning Global Data Protection Regulations. Three selected SAP-tools: Read Access logging, Table Logging and Security Audit logging, were chosen to be configured. Technically instructions have been demonstrated with pictures, for each one of the tools. With instructions given in the proposal section it is possible to set those tools working, and make any SAP ERP system to be Global Data Protection Regulation compatible, concerning the data breach. Validation of the proposal has been demonstrated on Company-X demo systems as well in some live customer systems, and all given instructions have been also validated by specialist’s working with these issues. The author recommends these instructions to all who are working with Global Data Protection Regulations and data breach in SAP environments.
Existing knowledge was created to understand current situation about Global Data Protection readiness among of SAP customers related to Company-X, and to have understanding about Global Data Protection Regulations and SAP-tools concerning data breach. Three separated SAP tools were chosen, for this purpose. These three selected SAP-tools were not licensed products. Reason for this was, that they are available for all who have installed SAP ERP systems. Licensed products have been taken into account very shortly, and mentioned in the existing knowledge, but main focus is on the non-licensed SAP-tools. Conceptual framework tells background and version information about the SAP-tools, background information about Global Data Protection data breach regulations, and also includes current state analysis. Data for the current state analysis was collected by the survey interviews, inside of the Company-X, and for the Global Data Protection Regulations and SAP-tools existing knowledge collected by literature. Current state analysis and existing knowledge were combined together to build a framework for configuring chosen SAPtools to avoid Data Breach attempts in SAP ERP systems.
The outcome of this study is a handbook: Instructions using SAP tools concerning Global Data Protection Regulations. Three selected SAP-tools: Read Access logging, Table Logging and Security Audit logging, were chosen to be configured. Technically instructions have been demonstrated with pictures, for each one of the tools. With instructions given in the proposal section it is possible to set those tools working, and make any SAP ERP system to be Global Data Protection Regulation compatible, concerning the data breach. Validation of the proposal has been demonstrated on Company-X demo systems as well in some live customer systems, and all given instructions have been also validated by specialist’s working with these issues. The author recommends these instructions to all who are working with Global Data Protection Regulations and data breach in SAP environments.