Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ultimate Data Loss Prevention, Risk and Compliance © 2006 TK Consulting, LP 1-877-bioLock +1-813-283-0070

Published byMariah Perkins Modified over 8 years ago

Similar presentations

Presentation on theme: "Ultimate Data Loss Prevention, Risk and Compliance © 2006 TK Consulting, LP 1-877-bioLock +1-813-283-0070"— Presentation transcript:

1 Ultimate Data Loss Prevention, Risk and Compliance © 2006 TK Consulting, LP 1-877-bioLock +1-813-283-0070 info@bioLock.us www.realtimenorthamerica.com Indisputable Data and Transaction Protection for SAP www.tinyurl.com/bioLockppt Download the latest version of this presentation here : Additional links on the last page !

2 © 2007 realtime North America, Inc. bioLock Highlights Summarized adds additional layers of security to the SAP system protects organizations from the risk of MILLION dollar losses customers: Governments, Treasuries, Fortune Companies is a proven technology backed by over 100 employees was developed by realtime (est. 1986 by SAP Managers) is implemented and up and running in a few days requires minimal training, configuration or maintenance has an immediate ROI in the first year and very low TCO is the only certified biometric technology available for SAP* 2October 15, 2015 *SAP ERP 4.6 certified in 2002 / SAP NetWeaver certified in 2006

3 © 2007 realtime North America, Inc. 3 Business Pain Points at Every Organization October 15, 2015 93% of fraudsters were first time offenders A company’s average loss was 7% of their revenue The first single incident cost companies $239,000 in damages* Fraud schemes continued for years - many are NEVER detected Bad Press could decrease revenue and shareholder value Most catastrophic fraud is committed with a stolen user profile! The financial damage of the “first single incident” increased from $175,000 in 2008 to $239,000 in 2009! Damages reach billions! The Association of Certified Fraud Examiners (ACFE) 2008 Fraud Study – links on the last page!

4 © 2007 realtime North America, Inc. 4 Technical Pain Points at Every Organization October 15, 2015 Extensive password sharing Overwhelmed with access control efforts for all users Gaps in Security Roles tend to "over permit" users (statistics)statistics No technology to protect critical functions or the actual data SAP only identifies the SAP User profile - NOT the actual user The result is: No “true” SoD’s and no clear accountability Most organizations understand that they DON’T have true SoD’s but they are not aware of a solution to address the problem! I will give you my password if you tell me yours! IT will cost you dinner! Password1

5 © 2007 realtime North America, Inc. 5 Increase Security & Accountability for SAP 82% of all SAP passwords are written down (SAP-Info Online) October 15, 2015 Use a combination of 2 or 3 methods for ultimate security and accountability! Smart Cards can still be lost, stolen, copied and shared and they offer no indisputable accountability The indisputable accountability will be much stronger using biometric technology #1 Pain Point at any SAP customer is “Password Sharing”

6 © 2007 realtime North America, Inc. Level I bioLock 5 Level Protection bioLock 5 Level Protection Level II Level III Level V Dual Signature Level IV Exceeding Values 6 bioLock enhances SSO and Access Control Protect Critical Data Other technologies protect the outside while bioLock technology will protect your system from the INSIDE Inside SAP AFTER you access SAP: October 15, 2015 In addition to Access - Outside SAP Before you access SAP: Single Sign On Access Controls Identity Management Microsoft Forefront Kerberos / Tokens Smart Card / CAC Active Directory Etc. Existing/Ongoing/Future Projects

7 © 2007 realtime North America, Inc. 7 Your Security Guard Uses Biometrics Daily Even though this guy identifies himself as “Tom N.” on his space suit… Your security guard will definitely stop this guy at the main gate!!! Without using biometrics we can only identify “Space Suits” with names on them (SAP User Profile Names) walking around in the most critical part of our organization – the SAP System. You have NO WAY of identifying WHO is using the space suit or SAP user profile! October 15, 2015 Your security guard will ask to compare his face (biometric features) with his photo ID (biometric template) and perform a manual face recognition process to confirm ID. bioLock will uniquely identify the USER behind the “Space Suit” (User Profile)

8 © 2007 realtime North America, Inc. 8 Override ANY SAP Authorizations with bioLock October 15, 2015 With bioLock you can place swinging door bars anywhere in the SAP system and override existing authorizations. A user needs specific permission from bioLock to access protected functions and data. In a hotel you access your room with a key card How many other people have key cards that open YOUR door? Before you go to sleep in a hotel room, you lock the swinging “door bar” and “override the access” for other, normally-authorized users How do you protect yourself, your family or your valuables at night?

9 © 2007 realtime North America, Inc. Independent Additional Protection Authorized SAP User Profile Access bioLock permits users via biometric template, password or smart card – the protection is defined in bioLock and “blocks” the SAP User Profile Access 9October 15, 2015 Override SAP Security Password and / or

10 © 2007 realtime North America, Inc. Only bioLock Power Users with specific permissions will have access 10 Permit VIP Power Users – Not all Users Before bioLock you had to worry about protecting access for ALL SAP Users… Normal Users - and ALL OTHERS - will always be denied October 15, 2015 Now you identify and protect selected critical functions in your system You PERMIT Power users that you WANT to “access critical functions” ALL OTHERS will not be able to access them – even SAP ALL Functions can either be protected Globally or on an Individual Basis You only have to “permit” a few 100 Power Users

11 © 2007 realtime North America, Inc. 11 Limit Access to Permitted VIP bioLock Users Example: 6000 Named SAP Users 2000 Users with any roles to “somehow” critical data 1000 Users with restricted roles to critical functions Access with a stolen or cracked password October 15, 2015 External Employees Former Employees Foreign Hackers Terrorist Groups Access with a stolen or cracked password External/Internal Consultants VIP Only: 500 Permitted bioLock Users for most critical functions Ultimate Data Protection

12 © 2007 realtime North America, Inc. An Additional Integrated Layer of Security Additional bioLock Security bioLock will never “touch” or change your existing security roles or profiles! Existing SAP Security Note: bioLock is installed into realtime’s own name space (/realtime) within your SAP system via SAP transports. It is completely integrated into SAP! bioLock is completely integrated into SAP and adds an additional layer on top of your existing security: 12October 15, 2015

13 © 2007 realtime North America, Inc. Protect “Anything” Valuable in the SAP System 13October 15, 2015  Logon to a User Profile  Transactions  Infotypes  Buttons  Display  Execute  Tables  Values  Screens  Mask Fields  and more… bioLock can quickly and easily secure: Lock “anything” within the SAP system by simply installing a predefined ABAP code (the swinging door bar) Every “door bar” has a unique id number and can now be activated and controlled via bioLock Allow a few 100 Power Users to “open” the “door bar” with biometrics and/or smart card authentication (CAC)

14 © 2007 realtime North America, Inc. Proof is Always in Writing for the Auditors 14October 15, 2015 SAP’s log file can only identify the SAP User Profile You only know that “space suit” Tom N was used bioLock uniquely identifies the ACTUAL USER with biometrics bioLock rejects and shows in the LOG files which UNAUTHORIZED user tried to use colleagues SAP user profiles

15 © 2007 realtime North America, Inc. The technology can only identify the conflicts based on user roles Bad guys simply logon with different user profiles to overcome SoD’s They circumvent SoD’s and it is difficult to prosecute, as criminals use multiple user profiles to commit fraud Even if fraud is identified, criminals can still point fingers at others The Challenge with role based SoD Efforts 15October 15, 2015 bioLock enforces SoD’s: bioLock prevents logon to other user profiles bioLock identifies and permits authorized users for tasks True SoD’s can be established based on biometric templates The log file shows identified users, establishes indisputable accountability and helps to convict violators and intruders bioLock deters fraud by requiring users to identify themselves The Challenge of Role Based SoD’s: GRC technology (or competitive products) identify and prevent that one SAP user can create a purchase order, approve it and issue a payment

16 © 2007 realtime North America, Inc. The simple solution is to require a biometric identification at the logon level. In addition to the user name and password a biometric verification is required. In addition to the password the logon is protected with the finger (Security Level I) of Mr. Neudenberger.

17 © 2007 realtime North America, Inc. 17 Pain Point – Fast User Switching Challenge: 5 employees use 3 different computers and don’t have the time to log in and out when switching places SAP User Profile bioLock User Teller PC1Thomas Teller PC1Amanda Teller PC1April Teller PC1James Teller PC1Peter Teller PC2Thomas Teller PC2Amanda Teller PC2April Teller PC2James Teller PC2Peter Teller PC3Thomas Teller PC3Amanda Teller PC3April Teller PC3James Teller PC3Peter The Solution: Critical functions on all 3 computers are protected with bioLock The biometric templates of all 5 users are assigned to all 3 computers so the 5 authorized users can switch between computers and execute protected functions Unauthorized colleagues or customer can not execute the functions even if the computer is logged on since the template is not assigned Example: Bank, Hospital, Warehouse, Customer Service, Call Center etc. October 15, 2015

18 © 2007 realtime North America, Inc. User ‘Neudenberger’ selects the transaction bioLock Administration… The task - as well as the uniquely identified user - is logged in the log file, completely independent from the SAP User profile that was used. …and successfully confirms his identification with his finger (biometric template).

19 © 2007 realtime North America, Inc. The Challenge: Purdue Pharma L.P., a pharmaceutical company focused on meeting the needs of healthcare providers and the patients in their care Financial workflow approval within SAP guaranteeing only executives can approve bioLock was required to work within a web based system (browser based) An email send to s supervisor had to trigger biometric approval in a web browser The Solution: Purdue is using bioLock for workflow payment approval An automated workflow sends an email with a link to approver Approver clicks the link and bioLock pops up a window bioLock asks the user to authenticate themselves bioLock approves the transaction in the web browser Once done, the payment is immediately approved within SAP. Case Study: Pharmaceutical Company 19October 15, 2015

20 © 2007 realtime North America, Inc. The Challenge: A secretary used the principals user profile to approve herself overtime It could not be uniquely identified who logged on and who approved overtime The school had significant financial damages but had a hard time to prove it In addition - Password are written down and posted near computers at alarming rate The Solution: Protect logon to principals user id with bioLock Uniquely identify if principal or secretary is logging onto the system Only allow the principals biometric template to approve overtime and prevent that secretary can execute that function Case Study: School District At the Polk County School District, a secretary legally had access to her superiors SAP User Profile to do his work but abused her privilege and approved herself overtime 20October 15, 2015

21 © 2007 realtime North America, Inc. The Challenge: Groups of people had access to many parts of the finance system The client needed to uniquely identify the “actual user” and log activities Management requested that 2 individuals would authorize certain tasks The oldest central bank in the world had multiple critical tasks in their financial application including opening balance sheets, approving budgets and issuing wire transfers Case Study: Banking / Finance System 21October 15, 2015 The Solution: bioLock dual confirmation group was enabled 2 people have to authorize tasks Both will be uniquely identified… …and logged in the log file

22 © 2007 realtime North America, Inc. The Challenge: Brevard County Government, home to NASA and the Kennedy Space Center is running SAP including HR Multiple employees had access to extremely critical HR data Misuse of the data by employees and others was easily possible Brevard needed to protect and uniquely identify the actual SAP USER The Solution: Rick Meshberger (left) installed biometrics Access and changes are limited to uniquely identified users A log file can proof, who did ‘what’ and ‘when’ Case Study: Government HR / HIPAA 22October 15, 2015

23 © 2007 realtime North America, Inc. At Brevard bioLock protects the SAP System down to the field level (Security Level III) by locking the Infotype 167 to protect Health Plan Information. The Infotype 167 is protected with biometrics based on the value (input) – all other Infotypes can be accessed as usual. Other examples could be money transfers, that would be executed as usual, until the entered amount is larger than a predefined value. If the field input requires biometric verification the system will ask for a fingerprint…

24 © 2007 realtime North America, Inc. Expert Statements – SAP TV Movie http://realtimenorthamerica.com/download/Expert_statements.wmv Other SAP movies including bioLock: http://www.realtimenorthamerica.com/saptv.shtm l http://www.realtimenorthamerica.com/saptv.shtm l You are invited to view some expert statements at your convenience: 24October 15, 2015 2010 NBC Crime Tracker NEWS interview at realtime’s headquarters: http://www2.tbo.com/video/2010/jan/07/fingerprint-security--15050/video-news/ http://www2.tbo.com/video/2010/jan/07/fingerprint-security--15050/video-news/

25 © 2007 realtime North America, Inc. 25October 15, 2015 bioLock Review bioLock is the next logical step in addition to Single Sign on and Access Control efforts Enables powerful protection of confidential information and data within the SAP System. Prevents unauthorized actions and illegal access far more effectively than other security measures. Effectively blocks consultants, administrators, and anyone that should not be permitted access to certain sensitive functions and data regardless of existing security permissions Establishes indisputable accountability and “true” SoD’s

26 © 2007 realtime North America, Inc. IT Consultants 26 bioLock permits Good Guys - blocks Bad Guys Even if your company has 1000’s of named SAP Users… October 15, 2015 Only a few hundred VIP Power users…. Need to be permitted with their “finger” (biometric templates) Terrorist Groups Outside Hackers Insider Theft bioLock will protect your entire SAP System from anyone else: Former Employees  Most companies only need to protect a few hundred Power Users  Installation takes a few days and no user training is necessary  Minimal ongoing maintenance required

27 © 2007 realtime North America, Inc. 27 It is Critical to Update your Security NOW Passwords established 1963 bioLock established 2001 October 15, 2015 Contact us to discuss your scenarios and challenges: Toll Free 1-877-bioLock Intl. +1-813-283-0070 info@bioLock.us Continue this presentation to learn more about your companies actual business risks and technical challenges… Continue for additional, more detailed information on related subjects!

28 © 2007 realtime North America, Inc. Passwords Become Easier to Obtain Before the Internet intruders had to physically break into a company first Password crackers, computers and technologies get faster every day * Hacking tools are now legally sold in stores as Password Recovery tools Physical and logical key loggers can be implemented without detection Hidden cameras and even cell phones can easily video tape passwords Surveillance cameras are everywhere where users log on (example: airport) Algorithms can decrypt passwords just based on sound (record it) Users have too many passwords and are forced to write them down Systems require frequent password renewal (forcing users to write them down) Users are forced to create more complex and longer passwords (can’t remember) Passwords have been around since the first computers in 1963, and while they might have been fairly secure back then, technology is evolving and is making them more vulnerable on a daily basis: * Recent News: Computer clustering allows the cracking of complicated passwords in 20 minutes instead of 5 days! 28October 15, 2015

29 © 2007 realtime North America, Inc. Many Ways for Intruders to Get Passwords Look in desk drawers or on the “yellow sticky note” Look over shoulders of co-workers (shoulder surfing) Videotape it - watch for people with a cell phone around you Ask colleagues – 40% admit to sharing passwords Get emergency password (administrators / security guard) Call hotline to get password reset for any user Associate with owner (pet, family, hometown, birthday) Check unencrypted.ini files Try SAP default password for SAP* - 06071992 Key Catcher, Password Cracker – Now: Recovery Tools Monitoring / Sniffers (transfer from GUI not encrypted) Download the “Fishing for Passwords” document at www.showpasswordsthefinger.comwww.showpasswordsthefinger.com 29October 15, 2015

30 © 2007 realtime North America, Inc. 30  Securely protect any confidential, private, classified or high-value data  Mask screens and protect any secret information  SAP Logon: Unauthorized users use or share SAP User ID’s even at different locations at the same time  Consultants: Internal and External consultants with limited loyalty to any company have extended access  HR: Protecting and securing HR info including health insurance, salaries and social security numbers  Finance: Prevent tampering with payment release, salaries, wire transfers, requesting or changing budgets  Balance Sheets: Access to critical company information  Research Data: Research data is stolen or changed (espionage)  Production Data: Components of critical production values such as chemicals in drugs are changed  Purchasing: Unauthorized users purchase unauthorized items  Workflow Approval: People use supervisors’ passwords  Fast User Switching: Users are supposed to log in and out (bank, hospital, warehouse etc.)  Access to critical functions that concern National Security such as power grids or water supplies  Remember multiple passwords that could require up to 15 characters each  True Identity Management / Compliance (Sarbanes-Oxley, Section 404, Internal Controls) General Pain Points for Customers October 15, 2015

31 © 2007 realtime North America, Inc. 31 bioLock is Compatible with Almost any Device October 15, 2015 All UPEK sensor devices including Fips 201 All Authentec Sensor Devices (true print tech.) Secugen Product Line with optical device Most Leading Laptop with build in swipe sensors Most smart card readers and keyboards Contact us for a compatibility list Devices cost between $50-$150 and are only needed for a few 100 Users Note:

32 © 2007 realtime North America, Inc. 32 The Business Challenge - Risk  The average fraud incident median loss is: $175,000 - bioLock's ROI occurs within a year!  A company’s average loss was 7% of their revenue or $994 Billion total (in the US)  Fraud was most often committed by the accounting department or upper management  Nearly all intruders were first time offenders (only 7% had prior convictions)  Occupational fraud schemes frequently continued for years before they were detected  Fraud cases were publicly exposed and caused companies irreparable publicity damage  Compliance violations often cost tens of millions and resulted in jail time for executives  Fraud exposure caused a decline in stock value and a loss of investor confidence From 2008 – some facts on unauthorized access and misuse of data: October 15, 2015

33 © 2007 realtime North America, Inc. 33 The Technical Challenge - Compliance  Outdated access control methods do not adequately protect information  Extensive password sharing allows fraudulent actions without accountability  No step up controls (users leave unlocked workstations)  No solution for fast user switching (multiple people who use one computer)  No technology in place to protect critical functions or the actual data  SAP only identifies the SAP User profile - NOT the actual user  No way to prove in the log file who actually used an SAP profile (clear accountability)  No way to prevent users from transferring excessive funds or creating unauthorized PO’s  Gaps in Security Roles tend to "over permit" users to execute too many critical functions Prevent unauthorized access of SAP user profiles and data loss at the function level October 15, 2015

34 © 2007 realtime North America, Inc. 34 The bioLock Solution - Ultimate Prevention  The logon to selected SAP user profiles requires biometric authentication  Critical transactions require additional re-authentication with biometric credentials  Add biometric protection to info-types, fields, buttons, tables, screens, and work-flow approvals  Protect Values - Example: an outgoing wire transfer over $50,000 requires biometric approval  A dual confirmation group can require two individuals to authenticate (true SoD)  A log file proves which actual user executed a critical function or task for clear accountability  bioLock saves money, by reducing the need to constantly redesign and audit security roles  bioLock increases security, accountability, and productivity and is easy to use! Use innovative biometric technology to securely protect the logon & specified critical functions: October 15, 2015

35 © 2007 realtime North America, Inc. Additional bioLock and Fraud Information 35October 15, 2015 SAP TV Movies on our website Movies from SAP TV, demo movie, fraud movie etc - great to share! Link Fishing for Passwords document How to get SAP passwords and how to explain it to the Management! PDF SAP Info Article Feb. 2009 Biometric Security for Financial Meltdown Solutions PDF Ultimate DLP/Risk and Compliance 1 Pager: bioLock is the ultimate Data Loss Prevention/Risk solution PDF Fraud Mitigation Document Executive Sum. why and how to use biometrics for mitigating fraud Link Maintaining Integrity of SAP Data 1 Page Executive bioLock Explanation/Value Proposition with pictures PDF NEW 2010 bioLock Flyer! 2 page detailed description about bioLock functionality PDF eWeek Article about Fraud* How Wall Street Can Mitigate Financial Fraud Using Biometrics Link SOX Compliance - $400 Fraud* SOX compliant Dupont has $400Mil Fraud Case - Study Link ACFE 2008 Fraud Study Actual alarming fraud statistics from 2008 - 7% of revenue is fraud! PDF 2009 Occupational Fraud Study Conclusion: Ensure proper fraud prevention procedures are in place! PDF NBC/Channel 8 Crime Tracker News Interview about the use of passwords to prevent corporate fraud PDF Threat from the Inside and Outside Cyber threats now targeting traditional companies (must read article) Link Note: You must be in Slide Show Mode to click on the links!

Download ppt "Ultimate Data Loss Prevention, Risk and Compliance © 2006 TK Consulting, LP 1-877-bioLock +1-813-283-0070"

Similar presentations

MFA for Business Banking – Security Code Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing these QT sheets.

MFA for Business Banking – Security Code Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing these QT sheets.
Travel and Expense Management Scenario Overview

Travel and Expense Management Scenario Overview
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Installation & User Guide

Installation & User Guide
Five Steps in 5 Minutes Close deals faster, more easily, more often! 1.Start a Quote: Input deal amounts and review the available lease options 2.Create.

Five Steps in 5 Minutes Close deals faster, more easily, more often! 1.Start a Quote: Input deal amounts and review the available lease options 2.Create.
Welcome to the Award Winning Easiest to Use & Most Advanced View, Manage, and Control Security, Access Control, Video, Energy & Lighting Systems, & Critical.

Welcome to the Award Winning Easiest to Use & Most Advanced View, Manage, and Control Security, Access Control, Video, Energy & Lighting Systems, & Critical.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
GALVESTON COUNTY, TX P-CARD TRAINING GALVESTON COUNTY.

GALVESTON COUNTY, TX P-CARD TRAINING GALVESTON COUNTY.
Privacy and Information Security Training (2006-07) VUMC Privacy Website www.mc.vanderbilt.edu/privacy.

Privacy and Information Security Training ( ) VUMC Privacy Website
Biller Direct Getting Started

Biller Direct Getting Started
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
ICT at Work Banking and Finance.

ICT at Work Banking and Finance.
Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.

Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.
1.7.2.G1 © Family Economics & Financial Education – Revised May 2005 – Financial Institutions Unit – Electronic Banking Funded by a grant from Take Charge.

1.7.2.G1 © Family Economics & Financial Education – Revised May 2005 – Financial Institutions Unit – Electronic Banking Funded by a grant from Take Charge.
ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.

ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.
Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.

Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.
The only SAP ® -certified fingerprint authentication, identity and risk management for SAP ® systems © 2011 realtime North America Inc., Tampa, FL. All.

The only SAP ® -certified fingerprint authentication, identity and risk management for SAP ® systems © 2011 realtime North America Inc., Tampa, FL. All.
Welcome to Florida International University Online J.O.B.S. Link Applicant Tutorial.

Welcome to Florida International University Online J.O.B.S. Link Applicant Tutorial.
Tele’Ware Software Application. Helping you manage your clients….

Tele’Ware Software Application. Helping you manage your clients….
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Similar presentations

Ads by Google