SAP UI Logging & Masking

Why SAP UI Logging & Masking?

Enterprises today are exposed to an ever-broadening range of IT security threats, from emailed viruses, to targeted phishing-style attacks that trick employees into clicking on dangerous links that install malware, steal credentials, or in some other way jeopardize the security of the enterprise. As threats have evolved over time, new approaches to threat detection and remediation have become necessary for organisations that are at risk.

What is UI Masking?

  • Sensitive data are masked on the server side and editing is blocked in SAP user interfaces; resulting in consistent protection also in table display, value help, export, download, print etc.
  • provides unmasked data to specifically authorized users/roles only –on top of existing authorization system (PFCG)
  • Small-scale, auditable, archivable “access trace” in case of access to protected data fields

How does it work?

  • Extensive configuration options on field level:
  • Which fields are masked in which way –including mass configuration report for a quick start.
  • Which users/roles are shown clear data
  • Which accesses are traced
  • Complex business logic (e.g. attribute based masking, based on SAP-internal attributes) can be implemented via BAdI
  • Highly performant –minimal system requirements

What is UI Logging:

Benefits: Data Anonymization & Data Minimization

  • Data access transparency
  • Logging based on roundtrips (frontend server)
  • Protocol of user input and actions
  • Detailed and comprehensive protocol of data a user actually received
  • Data base accesses are implicitly logged (search / read / store / update)
  • Meaningful usage of the log –real time alerts, on-demand investigation, automated analysis with ETD
  • Lightweight, uncomplicated, secure solution
  • Rapid and efficient implementation, no changes to system functionality
  • Optimal performance of logging in the background; minimal impact on system resources
  • Strong filtering and archiving functions; optimized log file size, omit potentially sensitive data values
  • Encryption and recursive logging of log file access; further protection of sensitive data

As a side note, many clients are using UI field masking and logging solutions to strengthen their GDPR governance.

Click here to find out about Winterhawk’s “GRC Synergy” adaptable solution for clients wishing to deploy one or more of the SAP Governance, Risk and Compliance (GRC) suite of applications.

Get in touch

Looking to protect your data with UI Logging / Masking, drop us a line to learn more.