Leaks are problems you don’t want in your infrastructure. While this is clear for water pipes, it is not so clear for digital data. Copying is a part of the process, and copying data is what your systems do all day. A leak comes into existence when someone without access privileges gets hold of data. The industry has coined the term data leak/loss prevention (DLP) for products trying to stop intruders from ex-filtrating your precious files. Just like other defence mechanisms DLP systems cannot be bought and switched on. You have to know where your data lives, which software you use, what data formats need to be protected, and so on.
We invited Andreas Wiegenstein to talk about data loss prevention in SAP systems. His presentation was held at the DeepSec 2013 conference and introduces a fundamentally new concept: Static Data Leak Prevention. While most DLP solutions analyze network traffic during runtime, S-DLP is designed to identify data leaks already during application development.
We recommend this talk to anyone running a SAP environment including additional applications (which will probably be everyone running SAP).