For enterprises running SAP, the data security challenge has never been more pressing.
GDPR has ushered in new guidelines for managing sensitive data—and significant penalties
for mishandling it. It’s why enterprises are re-examining their roles, processes, and policies
for handling it across their SAP landscape: from production to non-production, from SAP
data to non-SAP data, and from on-premise to cloud.
GDPR presents SAP enterprises with an evolving, fluid environment of what to anonymise,
how to anonymise it, and new best practices like pseudonymisation.
Yet amidst change, many non-production SAP instances still aren’t masked or anonymised,
due to the time, cost, and complexity required. Organisations can no longer trade-off
security for time-to-market. It’s why many SAP administrators are now struggling with
how to meet GDPR requirements. Worse, legacy masking tools themselves are often
arcane, and opaque, raising concerns over exactly how well and comprehensively data
has been de-identified. In many cases, SAP administrators just don’t know where to start,
given SAP’s table and field complexity. Not to mention the time and resource practicalities
of refreshing SAP non-production instances given all the performance bottlenecks created
by subsetting, physical data copies, and SAP APIs.
It’s no wonder then, that a recent leading industry analyst report forecasted a big shift,
noting that companies are moving towards a more comprehensive approach to masking,
obfuscating, and tokenising sensitive data across SAP and non-SAP silos, foreseeing 40-
percent of enterprises to have made the shift by 2020, up from less than 5-percent today.