The only SAP ® -certified fingerprint authentication, identity and risk management for SAP ® systems Bulletproof SAP ® security at your fingertips! Marketing Overview © 2011 realtime North America Inc., Tampa, FL. All Rights Reserved.
Founded in 1986 by former SAP ® managers Certified software, services & special expertise partner Specializing in governance, risk and compliance (GRC) Serving many industry sectors including food, pharmaceutical, chemical, automotive, aerospace, defense, engineering, government and more Flagship software product, certified by SAP ® since 2002 is Bulletproof SAP ® security at your fingertips! Who is realtime?
Selected realtime clients 3M, AIRBUS, Alcan, BASF IT Services B.V., Bayer, Bayer CropScience, Brevard County Government, California State University, Campbell's, GlaxoSmithKline, Harman Kardon Music Group, Krupp Bilstein, Linde, Loewe Opta, Marathon Oil, Océ Document Technologies, Polk County School District, Purdue Pharma, Siemens, ThyssenKrupp Michigan, Toyota, United States Army… Over 200 global clients served!
What were these users looking for? was developed to provide these benefits demanded by users: Dramatically increase SAP ® security capabilities Manage user identities via indisputable biometrics Control access to functions down to the field level Enforce true Segregation of Duties (SoD) Ensure meaningful compliance with: Sarbanes-Oxley, HIPAA, ITAR and more
Is your system bulletproof? Standard Version + Bulletproof VersionBulletproof Protection Standard Protection
According to the ACFE’s 2010 Report to the Nations on Occupational Fraud and Abuse, based on global data, organizations lose about 5% of annual revenue to fraud. Schemes can go undetected for years and frequently involve first-time offenders. Association of Certified Fraud Examiners #1 Risk: Fraud is a growth industry
Risk of Financial Fraud? HIPAA Compliance? Sarbanes-Oxley (Section 404)? ITAR? Industrial Espionage? Other regulations? Are you concerned about…
Financial loss? Negative publicity? Lawsuits? Loss of intellectual property? Decline in stock price? How would an incident affect you?
Are you still relying on this? User password SAP ® Software Passwords are written down, borrowed, stolen, misused Provides “perimeter” security but no additional layers! Traditional SAP ® log-on process uses passwords
Biometric technology offers the highest security Fingerprint Scan = Maximum Security
How to Bulletproof your system: SAP ® log-on profiles are enhanced with fingerprint interface User is prompted via bioLock software as shown above Various hardware devices can be used to securely scan fingerprints - while protecting users’ privacy! SAP ® Software Encrypted scan User’s fingerprint X
What devices can verify user identity? Plus one of these … (optional) + Potential Future Development
bioLock is compatible with over 80 laptops (with built- in fingerprint sensor) and over 50 independent devices like mice, keyboards, or PCMCIA Cards. is hardware independent is hardware independent Cherry ID Mouse Convenient Touch Sensor bioLock ID Mouse Powered by Secugen Leading Laptops 23% have Swipe Sensors Secugen Hamster FIPS 201 Compliant UPEK Eikon Low-cost Device Cherry Keyboard Smart Card Option Zvetco P5000 High End Device
log-on & system access with SAP ® log-on & system access with Logon authorized Logon blocked Logon bioLock checks authentication rules bioLock user/ function bioLock prompts you for fingerprint Fingerprint comparison with table bioLock templates bioLock identifies unique points (minutiae) within a fingerprint and creates an encrypted, digital template – no images of fingerprints are ever stored! Note:
5 Extra Levels of Security “Bulletproofing” with I)Authenticate user log-on based on fingerprint II)Lock down any transaction (e.g. SE38 or ME21N) III) Protect “infotypes”, fields, buttons according to customizable profiles (e.g. HR infotype 167) IV) Require authentication if a field value exceeds a trigger amount (e.g. a transfer > $10,000) V) Require dual user authentication for critical SAP ® functions, viewing sensitive data or intellectual property Existing SAP® Security Consists of Password Log-On
Perimeter Security - Level I Transactions – Level II Fields - Level III All levels can be controlled using fingerprint scan! Bulletproof Security requires 5 Levels Financial Limits – Level IV Dual Approval – Level V
Log-on to a Profile (e.g. Admin) Transactions (e.g. HR / PO / Finance) Infotypes (e.g. 008/167 etc.) Buttons (e.g. Print / Export / Execute) Display (e.g. Balance Sheet) Execute (e.g. prevent execution of anything…) Tables within SE16/SE16N Programs within SE38 Values (e.g. wire transfer of a certain amount) Screens (e.g. export control / ITAR ) Dual Authentication Mask Fields (e.g. make data invisible) Example – Masking Field Data: Multiple Control Points per User
bioLock will always identify and log the uniquely authenticated, actual users – independent of their SAP User profiles Sometimes multiple users share workstations, for example: Hospitals, Warehouses, Financial Institutions, etc. Due to time constraints, logging on/off is impractical, but re-authentication via fingerprint scan is practical. bioLock allows all users to authenticate on all workstations at the beginning of a work session, using only fingerprint authentication after the initial verification. Fast User Switching
Example: Who Has Access? External Employees Former Employees Hackers Criminals The threat comes from the inside and outside! Consultants Auditors 6,000 Named SAP Users 2,000 Users with potential access to critical data 1,000 Users with restricted roles to critical functions Fraud is mostly committed by stealing or cracking a password to access profiles with critical, extended authorizations VIP Only: 500 Permitted bioLock Users for most critical functions Bulletproof Data Protection
Unaffected by SAP ® versions or upgrades Existing SAP ® passwords and authorizations are unchanged Compatible with all SAP ® versions from 4.x onward Profiles are 100% customizable on a user-by-user basis You decide what aspect of your system needs to be protected and how stringently! - Seamless Integration Bulletproof bioLock Security
Only a minority of users are enrolled, depending on their security risk profile and management’s policies One-time user enrollment takes only a few minutes Use is very intuitive, no training required Ongoing use consists of occasionally providing a fingerprint scan – each user profile can be unique Fingerprint images are never stored – privacy is protected What is the impact on users?
User is prompted for a fingerprint scan to complete log-on (Security Level I) User logs on using their SAP User Profile and password Example – what a user sees…
User selects the transaction “ME21N” to create a purchase order NOTE: This could be virtually any R/3 transaction such as SE16 or SE38 User is prompted for a fingerprint scan to complete the activity (Security Level II) Example – what a user sees…
Infotype 167 (field level) is protected for HIPAA compliance, so user is prompted for fingerprint scan (Security Level III) User attempts to look up Health Plan information under Infotype 167 Example – what a user sees…
Installation is done by simply downloading bioLock transports into its own /realtime namespace within SAP ®. bioLock is compatible with SAP ® 4.x and higher, and is unaffected by version upgrades. Configuration and training is done in several days with the support of realtime consultants or partners. Roll-out to selected users can be done quickly, slowly or in phases as desired, or even by automated installation. As users are activated, a fingerprint scanning device is installed at their work station. A robust audit trail is automatically generated within SAP ®. - What is the impact on IT?
Log File Enhanced activity logging Sorted by error / threat category Audit trail is greatly enhanced Example: Unauthorized attempt to log on with another user’s Password SAP USER user profile… …and the REAL USER as identified by fingerprint
Sample Success Stories - Achieve compliance with HIPAA by protecting private employee / HR information Ensure proper approvals for purchasing by automating workflow with external browser access for senior executives International bank prevents fraud with dual authentication and strong financial controls, masking data from unauthorized viewing School Board prevents payroll and personal expense fraud which went undetected for years European power plant protects all purchase orders and workflow for several thousand users
Benefits of The entire installation and configuration of bioLock can be done quite rapidly. Only minimal training is required, and the impact on both users and IT support staff is minimal, both during installation and in use. Since bioLock is certified by SAP ®, ongoing compatibility with different versions is assured. In a very short time, you can start enjoying benefits such as: 1.Dramatically increased SAP ® security capabilities 2.Manage users ’ identities via indisputable biometrics 3.Control access to functions down to the field level 4.Enforce true Segregation of Duties (SoD) 5.Attain meaningful compliance with SOX, HIPAA & ITAR Statistically, a starter package could cost less than a single fraud incident.
bioLock is SAP certified - SAP certified since SAP ® certified since 2002 Visit:
realtime North America, Inc. WORLD TRADE CENTER 1101 Channelside Drive, Tampa, FL T: F: Web: Martin Lum Director of Business Development, Northeast Please contact us for a demonstration or pilot installation: bioLock