Success Story

Log-in Record / Access Control xCon for SAP

Industry: Sales

[ Details ]

Our company has introduced xCon to check the access history of SAP ERP and track internal users. Concerned customer built a legacy system using SAP ERP as master data. We monitor even all the personal information retrieval histories of users who use the legacy system based on the employee number information contained in the RFC. In addition, our company monitors the data manipulation using unauthorized debugging in the operating system, and use xCon to track issues and identify causes when business issues occur.

[Features ]

  • Monitoring of private information utilization of NON-ERP by mapping employee number information in RFC
  • Reception of report of end-user performance, used as SAP ERP tuning point

Industry: Manufacturing

[ Details ]

By nature of customers, no personal information is retained inside SAP ERP. However, if a user enters personal information for operation, xCon transmits the SAP screen, used by user, to the personal information manager by e-mail. Then the input process is investigated based on concerned details. If the "entered information" is personal information, concerned details are deleted to manage the data inside the SAP ERP.

[ Features ]

  • Accurate analyses of users by matching the employee number data through SSO via SAP Portal
  • Login control based on IP + ID
  • Transmission of SAP screen by e-mail to security manager when private information is accessed

Industry: Public

[ Details ]

An outsourced employee without access privilege was found to have processed the works by using the ID and password(PW) of an employee on regular payroll. For investigation, the SAP access records were requested. However, the breacher could not be identified in the event of unauthorized access or incidents due to unavailability of the device to track the internal log-ins, besides the fact that there were only 3 days of log-in records.As a follow-up action after the audit, we introduced xCon and have kept the SAP log-in records for 18 months and have controlled the SAP access through IP&MAC+ID combination.In addition, we are verifying the leakage of internal information by those who retired.

[Features ]

  • SAP access history retained for 18 months(21TB)
  • Login control based on IP&MAC+ID

Industry: Finance

[ Details ]

The SAP ERP login record data have been kept for 1 year by using the xCon for customers using the SNC, the security channel of SAP. As the account inquiry information is important, we check the cumulative value during the inquiry of certain GL account, and alert to the person in charge when inquiry is made over certain level.

[ Features ]

  • Application of monitoring of SNC communication with SAP server
  • Transmission of the log-in failure screen by email when the account is locked
  • Cumulative event generated at the inquiry of certain GL account

Enterprise EncryptionSecureDB for SAP

Industry: Manufacturing

[ Details ]

Our company uses the SAP the most frequently nationwide. Our daily throughput is almost equal to monthly throughput of other companies. We've seen no problems occur such as SAP performance degradation in processing the works after encryption. We are proceeding with improvement process that aims to reduce the use of personal information by utilizing the personal information decryption audit records.

[ Features ]

  • The largest domestic company using the SAP ERP
  • First domestic company that introduced SAP DB personal information encryption

Industry: Finance

[ Details ]

As one of the largest insurance companies in Korea, we have kept multiple personal information of many individual customer, and processed massive amount of customer information in SAP, resulting in lower processing speed. To resolve such problem, we have satisfied the SLA required by customers through block pin, pre-encryption, data refinement, mass data distribution processing, etc.

[ Features ]

  • More than 4 billion pieces of personal information data are retained
  • Due to the nature of works, there are many processes for personal information processing
  • Encryption applied in SAP HANA DB

SAP Add-on EncryptionEnDB for SAP

Industry: Manufacture / Distribution

[ Details ]

Due to the nature of the company, it was not used for customer management. As a result, there was not much person data for a SMB that had only internal vendor information and personal information of sole proprietor and internal employees. The resident registration number, account number and credit card number were the targets of encryption. By the nature of EnDB, no degradation occurred in the communication with separate server, which created the advantage of quick processing without any changes in performance. So, it was introduced successfully.

[ Feature ]

  • Customer management not performed in SAP
  • Small amount of data targeted for encryption