What is SAP/FPE Security?
What Is SAP
It integrates and manages businesses such as manufacturing, development, purchase, marketing, service, logistics, distribution, and accounting. General company activities such as finance, HR, sales, distribution, logistics, facility and construction management, medical security sector to manage patients’ personal information, and customer and sales management system of a mobile service provide…. the list is endless.
With the mixture of all information, the 365 x 24 operating SAP is the business activity of a company.
Why SAP Needs Security
It’s a common misperception that ERP (Enterprise Resource Planning) systems are completely safe due to being used inside a company. However, the internal and external corporate boundaries are disappearing as ERP systems are evolving to be integrated systems across the company. For example, SAP has integrated expansion packages such as CRM, SCM, and SRM with its ERP system.
As a result, the security issue of ERP systems has been expanded to the business level beyond the technology level.
SAP includes important information including the employees’ personal information, financial transaction records, and commercial confidentiality. This information is the very important commercial confidentiality that can destroy a company if the information is exposed. In addition, it is the information that must be encrypted in accordance with the Privacy Protection Act.
However, companies cannot encrypt ERP data like SAP. Due to the characteristics of data structure or the program, it is not easy to implement encryption for ERP data.
FPE Security
Penta Security also offers Format-Preserving Encryption (FPE) technology for our SAP solution, D.AMO for SAP.
FPE has taken a renewed interest because of the recent release of standards published by NIST. FPE allows data to maintain it’s schema without making changing to the database or applications. For example, when FPE is applied to a credit card number with 16 digits, it will produce a different 16 digit number. This will still protect a user’s Personal Identifiable Information (PII) in case of a breach. Companies can meet compliance for regulations such as PCI-DSS without taking on huge expenses to apply changes to internal systems such as SAP.
Due to the nature of encryption, when applying symmetric cryptography such as DES or AES to data, it expands the data beyond its original size and changes its format. This then requires changes in databases and business-critical applications to accommodate this new data. FPE provides a logical alternative to avoid unnecessary restructuring while providing protection for sensitive data.
Deployment
D.AMO for SAP utilizes technology created by Penta Security’s Security Technology Lab, which has researched encryption for over 20 years and possesses encryption know-how accumulated through over 2,000 references.
The most important thing for encryption is key management. In addition, as well as the repository, encryption of communication sections where data are transferred is very important.
D.AMO for SAP includes the exclusive key management server and SAP-certified encryption of communication sections.
By using FPE technology, safe key management through the hardware type exclusive key management server, and the certified communication encryption technology are possible.