Home | Dynamic Security for Cloud | DAE as a Service

DAE

as a Service

Protect data and ensure need-to-know access anywhere & everywhere

Ensure privacy & protection of data with real-time filtering & masking controls

NextLabs Data Access Enforcer (DAE) for SAP allows companies to dynamically enforce policies independent of UI, API, Microservice, Batch job, Report, Transaction, and Fiori app, regardless of how the data are being accessed.

CloudAz as a Service

Unified policy management platform with Dynamic Authorization Policy Engine.

SkyDRM as a Service

Persistent protection of critical files and documents stored and shared anywhere.

Application Enforcer as a Service

Secure applications, externalize entitlement, protect data, and simplify access management.

Helping Enterprises Achieve

Enforce Data Privacy

Dynamically enforce data masking and filtering controls

Automate Compliance

Comply with industry regulations including GDPR, ITAR/EAR, & SOX

Improve
Agility

Secure any SAP ERP data with a single policy

Reduce Security Costs

Reduce compliance mgmt. costs, with the elimination of custom code

Why Data Access Enforcer?

Data Access Enforcer (DAE) controls access to your sensitive information at the data access point, so no unauthorized access can occur, regardless of the approach.

  • Field-Level Data Masking: Data masking is the process of hiding original data with modified content to protect data that is sensitive. Data Access Enforcer (DAE) for SAP ensures that users can only view the fields on the record to which they have been granted access. For those not granted access, the value of the field will be masked.
  • Record-Level Data Filtering: DAE for SAP shields data from unauthorized users until access is granted. Authorization can be determined based on the industry, location, department, position, project assignment, or any other attribute of the user.
  • Transaction-Independent Data Manipulation Control: DAE uses attribute-based policies to control Create, Read, Update and Delete (CRUD) operations regardless of how or where the data is being accessed. Users can be given permission to view a set of data and other entities while being authorized to edit, create, or delete only a subset of these records.
  • Rapid Time to Value: DAE can be deployed and configured for your specific use cases in under 4 weeks, much quicker than alternatives. This is because policies are managed centrally, and no custom code is required.

Features

DAE provides unmatched flexibility and security in defining and enforcing data access controls

Attribute-Based Security

Access to data based on policies that examine attributes of the data being accessed, the context of the request, and user identity. DAE for SAP dynamically applies the relevant policies, factoring in changes in the attributes of data or the user to always enforce fine-grained security controls to mask, protect, and segregate data. Rules are validated in real-time when a user attempts to access data, before granting permission to access.

Dynamic Field-level Data Masking

The need for data masking is more crucial than ever due to the various requirements mandating the protection of sensitive data, such as personally identifiable information (PII), customer data, financial data—the list goes on. Through a policy-driven approach, DAE for SAP ensure that users can only view the fields on records they have been granted access to and masks the information that they have not been authorized to view. Centrally managed policies define masking patterns and rules to determine who, what, when, where, and why to mask field(s) in real-time.

SAP Business Object, User Attributes, and Identity Management Integration

SAP Business Object attributes and metadata can be combined with user attributes from existing sources, including SAP Central User Administration, Identity Management, Human Capital Management, and other third- party identity management providers, directory servers, or federated identities. These attributes are dynamically accessed at runtime to allow access to the data.

Granular Record-level Data Filtering

DAE for SAP’s comprehensive dynamic data filtering capability guarantees that users can only view records that they have been authorized to access. Authorization can be determined based on user attributes such as industry, location, department, position, project assignment, etc. and attributes of data accessed like the sensitivity level or the type of transaction. Policy can be written to make authorization decision by comparing user attributes against the attributes of data. For example, you can filter data in charts and reports to only allow authorized users to see the inventory and pricing data in US for the Consumer Electronics business unit.

Dynamic Runtime Policy Enforcement

Using contextual information (e.g., location, device, department), DAE for SAP can determine if a user is authorized to access data at runtime and virtually compartmentalizes the data with field-level security controls for added granularity. This approach of enforcing policy based on attributes also simplify role administration as attributes and conditions change.

Centralized Policy Management

Authorization policies can be centrally managed and reviewed across all an organization’s SAP applications, substantially reducing administration costs.

OOTB Support of Custom Applications and API Calls

In addition to native support of several SAP applications, DAE for SAP supports batch programs, reports, and custom applications (aka “Z Programs”) without code modifications.

Transaction-Independent Data Manipulation Control

DAE for SAP uses policy to grant users permission to view certain records while being authorized to edit, create, and delete, only a subset of these records. Policy is enforced regardless of the business transaction used to access the data. For instance, a finance manager may be given permission to view detailed cost information on all oil pipeline projects in North America but only allowed to create and edit information for similar projects in Texas.

Centralized Audit and Monitoring

DAE for SAP tracks and stores user activities and data access across all SAP applications in a central audit server, simplifying compliance management. Analytics for user behavior and access patterns are provided via dashboards, reports, and automated monitoring facilities.