Posted by: Dr. Werner Hopf
Much to the dismay of consumers and businesses around the world, data security breaches continue to occur regularly. Increasingly, Personal Identifying Information (PII) and Payment Card Information (PCI) are being revealed publically. Sometimes it is exposure through maliciousness, but often times it is also through carelessness.
With the explosion of ecommerce and electronic records, retailers, government agencies and the medical industry – among others – are struggling with the effective management of terabytes of personal and business data. For companies that capture, analyze and store PII and PCI data, there is an urgent need for encryption and hiding information fields.
Countries, states and other regulatory bodies are enforcing stricter laws that dictate how companies handle sensitive information. One of the methods used to secure this data is encryption. More than ten states now have such laws on the books; in addition, stringent regulations are already in place in Canada and Europe. Business organizations that do not comply face large monetary fines. As a result, CIOs and CFOs are keeping a close eye on this area.
Typically encrypting active data can be a challenge, but data that has been archived in SAP® databases can be equally or more challenging, and often forgotten altogether. Why? Often data will “lose” its encryption when it is archived in SAP systems. Many enterprises are unaware of this, which makes them vulnerable to fines or a breach if one occurs. There is a growing need to properly encrypt both data when it is archived as well as that which was archived long before mandates were ever enacted. This can be a daunting task. The addition of advanced encryption should not serve as a deterrent to a robust archiving strategy.
Government organizations are also beginning to more vigorously enforce regulations, especially those related to HIPPA, PII, PCI and others which support encryption. This is causing many corporations to scramble to meet audit and data encryption obligations. The risks, both financial and to public image, are significant. As Big Data exponentially increases the amount of information organizations create, access, store and archive, the challenge to manage it securely only gains more urgency.
That’s not all. What about business data that is audited for Government, Risk and Compliance (GRC) purposes? Even more so than PCI and PII, it is imperative that data needed for any audit or legal requirement be immediately available in order to prove compliance and avoid penalties.
Tackling risk and compliance requires a data management platform which offers a combination of traditional SAP archiving and other SAP-certified software to meet GRC obligations. The optimal solution uses the standard archiving process, with minimal system performance degradation. For data retrieval, it can update SAP Tcodes for end users and auditors to read the archive data, making both online and archived data available.
Archiving becomes increasingly important as the cost of IT storage infrastructure continues to escalate and storing data in an active database can be expensive regardless of your SAP system. The challenge becomes even more complicated for those planning to transition to SAP HANA™. HANA utilizes disk space on a “pay-as-you-grow” basis and in-memory blades have already developed a reputation for being rather expensive. The best way to control HANA costs is to operate a lean active database by utilizing nearline storage and eliminating unnecessary information as aggressively as possible.
Whether used for eCommerce, GRC or for sensitive intellectual property, the importance of data encryption cannot be overstated. As the Big Data explosion continues, the trend of states, countries and regulatory bodies enacting tougher laws governing data encryption will only continue to expand. For this reason, organizations must take a closer look at not just their encryption strategy but also their overall archiving strategy to ensure that both can function in a complementary manner to get the most from their SAP investment, optimize system performance and to ensure organizational risk mitigation.