10x25_CF17_en_half_white.pngHOME  Deutsch | English

Data Leak Prevention (DLP):
Detecting potential information leakage

Eduard Lorenz, KPMG AG Wirtschaftsprüfungsgesellschaft 

The undesirable loss of sensitive data from SAP poses major financial and legal risks for companies. A new approach is getting to the root of the problem, that is: at the program code. In SAP system environments, data leakage can occur at several points. When ABAP programs are being executed, the required information is read out from the SAP database tables and made available to the users via various communication channels. These range from classic output lists through specific SAP interfaces right up to modern Web services. In addition, users can create an e-mail from an ABAP program and then send the SAP data as an attachment to the mail.

Conventional Data Leak Prevention (DLP) methods and tools monitor the data flow precisely at the points where the users can obtain the information or where the information leaves the system environment entirely through technical interfaces. The DLP solutions are set up at different levels of the IT infrastructure. There are tools with which companies can monitor which information is stored by employees on mobile devices such as USB sticks. What all tools have in common is that they raise the alarm as soon as business-critical information leaves the company, or has left it, without authorization. 
  • Get insights into risks of data leakage
  • Learn about general technical reasons for data leakage
  • Get opportunities for action
Eduard_Lorenz.jpgEduard Lorenz has been working in the context of SAP HCM, since 2008. He is well experienced with SAP ABAP programming, SAP customizing, SAP authorizations and defining processes related to SAP HCM.  

In further projects he develops IT solutions, methods and processes to ensure data confidentiality. He is also regularly involved in KPMG’s annual audits with focus on IT compliance and IT security. Within KPMG he works on development project with tax and HR consulting departments. The aim of these projects is to take requirements and needs from the business perspective – and to design tailored IT solutions. A major part of these projects is the development of HR data analytics.