InfoShuttle® Data Security is a solution for SAP® customers who need to protect confidential data contained in non-production environments. Data Security enables organizations to use, customize and create sophisticated rules for masking or obfuscating sensitive information that has been moved into testing, training and other sandbox environments.

Protecting Confidential Data in Non-Secure Environments

With regulatory and legal requirements for protecting personal and business data becoming more stringent every day, corporate security departments are increasingly concerned about the many unprotected copies of confidential data that exist across the enterprise. Data Security enables organizations to achieve compliance by automatically applying protection schemes to sensitive data while maintaining test validity, thus eliminating the need for organizations to find every instance of a data element in SAP’s complex data structures.

With InfoShuttle Data Security, SAP users can identify the sensitive fields within three main data objects: employee master, customer master and vendor master records. The types of sensitive data that can be obfuscated include:

• Contact information such as employee and vendor numbers, names, addresses and -telephone numbers.
  
  
• Identity information such as bank account information, credit card numbers and social security numbers.
  
  
• Personal history information, such as family information and garnishments.

To ensure high integrity data protection, Data Security automatically accesses the InfoShuttle Content Library, the world’s most extensive repository of SAP objects and relationships, to detect all related fields for identifying and masking confidential data on the current system.

Minimize Risk of Data Breach

Beyond meeting legal requirements imposed by data privacy regulations, such as the Health Insurance Portability and Accountability Act (HIPAA) and Sarbanes-Oxley requirements, maintaining data security on development, test and training systems can lower exposure to legal costs incurred in defending lawsuits by avoiding circumstances where sensitive data is lost, stolen or inappropriately accessed and used for illegal purposes.

Data Security provides the means to make data safe for test environments, while meeting stringent legal requirements. Data Security is unique in its ability to provide in situ obfuscation of existing data by different rules. A variety of obfuscation rules can be applied to:

• Build cross-reference entries for key and non-key fields for consistency across-multiple tables.
  
  
• Shuffle existing key fields within required groupings based on business objects.
  
  
• Replace non-key fields with a unique generated number that remains consistent across-multiple tables.
  
  
• Employee and vendor names can be replaced by a number that will appear everywhere-the person or entity is accessed.
  
  
• Replace non-key field with a specific value.
  
  
• Scramble a field by randomly shuffling its contents.

To download a data sheet on Data Security, click here.