More

    ABAC: Why is it Critical for ERP Data when Corporate Networks are Vulnerable?

    The dark web is perceived primarily as a place where hackers indulge in buying and selling personal information such as credit cards, login credentials, social security numbers, and other personally identifiable information (PII). However, as per a recent “Access for Sale” report from Positive Technologies, the dark web has been seeing a flurry of activity for offers to buy access to corporate networks.

    Corporate Network Access: The Buzzword among Cybercriminals

    According to the study, a year ago, cybercriminals were keen on selling, for as little as $20, access to private individuals’ servers. An exponential surge of interest in selling access to corporate networks is evident since the second half of 2019. In Q1 2020, the number of advertisements selling access to these networks rose by 69 percent compared to the previous quarter. Prices also increased to around $5,000 for privileged access to a single corporate network. With a significant percentage of employees working from home, the instances of cyberattacks have also increased manifolds. 

    We firmly believe the following tips on implementing attribute-based access controls (e.g., SAP ABAC) will help you keep your ERP data secure even if hackers manage to penetrate your corporate network.

    Attribute-Based Access Controls (ABAC): Strengthening ERP Data Security 

    Roll-based access controls are already being leveraged by businesses that use ERP systems. These controls, which match data access rights with job function resources, provide a framework for data governance. With a large remote workforce, however, organizations need to create more detailed and dynamic access controls policy.

    A company can incorporate additional contexts such as geo-location, time of day, and IP address with attribute-based access controls (ABAC). SAP ABAC is a case in point. This ensures the appropriate user accesses the resources and simultaneously prevents users from having more access than they need.

    Such granular, data-centered access privileges enable an enterprise to ensure that users – internal or malicious – do not have much access to sensitive ERP data, thus minimizing the possible negative consequences of a hacker intrusion into the corporate network.

    ABAC Must Be Paired with User Activity Monitoring 

    Attribute-based access controls (ABAC) allow companies to establish roles and permissions that decide who, what, where, when, and how employees can access ERP data and what transactions they are permitted to execute.

    Companies are now monitoring user access, but it must go beyond manual audits of the pages displayed and application login and log out instances. For security policy enforcement and to ensure visibility and control over enterprise data, it is critically important to understand data access, use, and transactions executed.

    We believe that the following five parameters need monitoring by organizations: 

    1. Who – Details of data-accessing user
    2. What – Details of the accessed data
    3. Where – Location of the user accessing the data
    4. When – Time of the day when the user accesses data
    5. How – Details of the device accessing the data

    The usefulness of data lies in the insights provided by it. A critical requirement for data security is the use of an analytics platform that delivers granular access details, rapid aggregation, and visualization of users’ access to data.

    Conclusion

    It is well-known now that hackers are trying to gain access to corporate networks, taking advantage of security lapses. The “Access for Sale” study serves as an essential reminder that hackers are willing to go to any extent to gain an advantage. Companies must deploy a range of ERP data security protocols apart from the traditional role-based access controls.

    Through ABAC and user-activity tracking, Appsian has helped hundreds of companies that utilize traditional ERP systems, including PeopleSoft and SAP ECC, improve their data protection posture.

    Recent Articles

    Identity and Access Management: Some Challenges

    In today's digital age, there are more apps that are cloud-based, more resources, more devices, and more users. 94 percent of Chief...

    Insider Threats: Some Ways Of Detection and Prevention

    The leading cause of data breaches worldwide is insider attacks, and it is also among the most expensive. As per a recent...

    Strategies To Deal With Identity Management Oversights

    In today's digital age, the foundations of companies' cybersecurity are focused on 'identity.' In fact, the new digital perimeter is identity. Businesses...

    Tips To Prevent Business Risks in SAP Transactions With Access Control

    Since SAP's controls that are harnessed by fraudsters have certain crucial vulnerabilities, SAP transactions could be a fertile ground for data theft...

    Tips To Enable Easy Access To ERP Applications

    In this digital era, enabling mobile access to ERP data is one of the main priorities for many enterprises. And it has...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox