Get your non-production data secure before you RISE with SAP

Why would you need EPI-USE Labs’ Data Secure™ solution?

The number of SAP customers migrating to the Cloud has risen sharply, and is expected to increase substantially over the next three years. This has been fuelled by SAP’s discontinuation of general support for SAP ECC by 2027 (with extended support available up to 2033 for larger enterprises that may need more time). Also, SAP customers want to accelerate their digital businesses and move with RISE with SAP to get the most out of SAP’s AI assistant, known as Joule. Securing your data before you migrate, however, is critical.

PII in non-production SAP systems is prohibited by SAP’s DPA

SAP is a proven technology, with over 400,000 global customers. Some of our largest clients have run SAP successfully for many years, and it is the backbone of their businesses. But if you want to move to SAP S/4HANA or SAP SuccessFactors, you now face the significant challenge of making sure you protect your data. SAP’s Data Processing Agreement (DPA) for their Cloud Services clearly stipulates that customers cannot store Personally Identifiable Information (PII) in non-production systems. So essentially, you need an effective solution to secure your data.

Traditionally, some clients have created their own custom SAP Z-programmes for scrambling. These do their best to mask sensitive data; but can they be trusted implicitly?

Back in my consulting days, I visited a client who proclaimed their non-production scrambling program was comprehensive. However, when I looked at an employee's Payroll results in the PCL2 cluster, the employee's name was still visible! An employee's name resides in multiple places in an SAP S/4/HANA or SuccessFactors instance. Without careful and ongoing attention, these could easily be missed.

SAP non-production systems are vulnerable

For many, moving to the Cloud offers greater flexibility and scalability. But it also raises security concerns. When you read the news, you’ll frequently come across another company announcing that they have been hacked, with sensitive PII data breached and potentially leaked to the highest bidder. In an SAP system instance, sensitive information typically resides in objects such as Vendors, Customers, Contact Persons, Business Partners, and Employees. In addition, there will also be customer/industry-specific scrambling requirements that pertain to, for example, customer-specific intellectual property.

Then, on top of this, you have SAP Sovereign Cloud. This is to help typically high-security organisations adopt cloud technologies while maintaining full control over their data, infrastructure, and compliance in line with local laws and regulations.

The takeaway is that your non-production systems are more vulnerable to hackers, as authorisations tend to be more flexible. These systems are not subjected to the same rigorous security controls.

Given both the macro-technological and micro-business factors, SAP clients should act now to secure their sensitive data before migrating.

Protect and scramble non-production SAP systems with Data Secure

Part of EPI-USE Labs’ Data Sync Manager™ (DSM) suite, Data Secure is an SAP-certified solution which has been developed specifically to improve SAP data security, and help our clients comply with data privacy legislation. It’s aligned with SAP’s DPA policies as it scrambles sensitive data in SAP non-production environments. Developed by experts with over 25 years of SAP data domain experience and knowledge, Data Secure allows the definition of specific scrambling rules to be defined and then executed across an SAP landscape. Policies are then created and stored for auditory purposes.

Scrambling can be executed either independently, or in conjunction with Client Sync and Object Sync, also part of the DSM Suite. These components enable users to copy Production system data to non-production systems, for testing, training and support purposes. Many companies have embedded SAP landscapes with data distributed across ERP, CRM, SRM, and external environments. Data Secure anonymises integrated data objects consistently on the different SAP systems.

To streamline your implementation, we offer standard scrambling areas to get you started. The table below shows the fields included in our standard Data Secure ‘Essentials’ package:

We always recommend a Data Privacy Assessment so that we can reconfirm if specific customisations will be required to extend the solution. Book your complimentary overview to get started on your data privacy journey, and find out how Data Secure can help you secure your data before you migrate.