Secure enterprise data without compromising productivity
PFCG roles are not designed to protect data everywhere, at granular level, taking into consideration the context of the user, of the data (classification).
Given the growing importance to protect privacy data, transfer data, customer data, technical data, financial data, etc., the need for a simple systematic data masking approach is as crucial as ever.
Without data masking, organizations increase the risk of being non-compliant with applicable regulations, in addition to jeopardizing security through the inadvertent or intentional disclosure of sensitive or confidential information.
The new approach allows to mask and filter data at DB level, at runtime, based on dynamic policies: Any applications using Hana DB, Oracle DB or any JDBC/ODBC DB will be protected systematically, in any UI, any users (even administrators), any modes (debugging..).
Policies are preventative, therefore making more efficient controls than detective, after-the-fact controls.
Policies are external to the applications, applying rules on top of the existing roles, not replacing those. Because they are external, logs about cross-application protections are automated, allowing natural automated reporting about cross-application protection (impossible before).
This solution enables organizations to prevent data loss or leakage from critical applications
Enable access control & protects data within applications, data leaving applications (files) and on the move (files), with policies.
Data Masking and filtering
Perform field-level data masking and filtering based on dynamic attributes
Customizable Policy
Centrally manage policies with customizable masking patterns and rules to determine who, what, when, where, and why to mask field(s) in real-time
Centralized Policy Management
Support any UI, Fiori application, transaction, or microservice with a single set of policies within a single solution
Centralized Audit & Monitoring
Monitor, track, report, and alert on risky access activities to critical field(s)
The US Standard NIST (National Institute of Standards) has strongly promoted the principles of the architecture of this solution, called “Attribute Based Access Control” (ABAC). ABAC as per the standard from US NIST is residing on top of existing Roles (Role Based Access Control, PFCG Roles), adding control layers on top, which traditional roles are not designed to perform.
With Enterprise Data Insight Data Protection you can quickly and easily detect, identify and fix your exposure. The dynamic data masking process can be applied across all core and/or industry-specific modules.