BizInsider xCon
SAP Personal Data Access Logs and Access Control Solution
BizInsider xCon is an SAP protocol-based access log solution that analyzes and stores all user activities within the SAP system. When a user handles personal data, the system separately records the accessed personal information to comply with the safety regulations outlined in the Personal Information Protection Act.
BizInsider xCon
SAP Personal Data Access Logs and Access Control Solution
BizInsider xCon is an SAP protocol-based access log solution that analyzes and stores all user activities within the SAP system. When a user handles personal data, the system separately records the accessed personal information to comply with the safety regulations outlined in the Personal Information Protection Act.
BizInsider xCon
BizInsider xCon is an SAP protocol-based access log solution that analyzes and stores all user activities within the SAP system.
When a user handles personal data, the system separately records the time, IP address, username, and accessed personal information
to comply with the safety regulations of the Personal Information Protection Act.
BizInsider xCon
BizInsider xCon BizInsider xCon is an SAP protocol-based access log solution that analyzes and stores all user activities within the SAP system. When a user handles personal data, the system separately records the time, IP address, username, and accessed personal information to comply with the safety regulations of the Personal Information Protection Act.
BizInsider xCon Key Features
Check out the four Key Features of BizInsider xCon.
BizInsider xCon
Key Features
Check out the four Key Features of BizInsider xCon.
BizInsider xCon Special Feature
Introducing INSPIEN's unique features and advantages.
Compliance with applicable legal regulations
· Technical protection measures for personal information management to comply with the "Personal Information Protection Act."
· Access records for personal information within the SAP system.
· Legal retention period for logs, with features to prevent tampering.
Support for all SAP environments.
· Support for SAP ECC and SAP S/4 HANA.
· Logging for SAP GUI, RFC, UI5, FIORI, and WEBGUI.
· Monitoring of security protocols (SNC/HTTPS).
· Certified SAP products.
Provision of access records for detected user actions and personal information.
· Access records of user actions and personal information without program changes.
· Log storage of input/output and action information processed during tasks, along with SAP screen reproduction.
· Anomaly detection through real-time log monitoring.
· Provision of reports in Excel format containing data of interest to the customer.
Access control for SAP systems.
· Access control for SAP systems based on SAP user ID, IP address, and duration.
· Analyzing security policy violations by users accessing the personal information processing system to detect and respond to illegal attempts at personal information leakage.
BizInsider xCon
Special Feature
Introducing INSPIEN's unique features and advantages.
Compliance with applicable legal regulations
· Technical protection measures for personal information management to comply with the "Personal Information Protection Act."
· Access records for personal information within the SAP system.
· Legal retention period for logs, with features to prevent tampering.
Support for all SAP environments.
· Support for SAP ECC and SAP S/4 HANA.
· Logging for SAP GUI, RFC, UI5, FIORI, and WEBGUI.
· Monitoring of security protocols (SNC/HTTPS). · Certified SAP products.
Provision of access records for detected user actions and personal information.
· Access records of user actions and personal information without program changes.
· Log storage of input/output and action information processed during tasks, along with SAP screen reproduction.
· Anomaly detection through real-time log monitoring.
· Provision of reports in Excel format containing data of interest to the customer.
Access control for SAP systems.
· Access control for SAP systems based on SAP user ID, IP address, and duration.
· Analyzing security policy violations by users accessing the personal information processing system to detect and respond to illegal attempts at personal information leakage.
Case Study
Check out various implementation cases.
Sales
We have implemented Bizinsider xCon as a means to check access records for SAP ERP and track internal users. The customer has numerous critical tasks linking SAP ERP to their web server, so they have recorded RFC information connecting to the ERP. They are also monitoring the personal information query history on the web server using the employee number information included in the RFC. Additionally, they are monitoring unauthorized data changes through debugging in the operational system, which is used for tracking and identifying the causes of issues when they arise.
Features
· Mapping employee number information within the RFC to track personal information usage records outside of ERP.
· Reporting performance at the end-user level to identify tuning points for SAP ERP.
Manufacturing
Due to the customer's policy, personal information is not stored within the SAP ERP system. However, when a user inputs personal information into the system, xCon sends an email to the personal information manager with a screenshot of the SAP screen used by the user. Based on this information, an investigation is conducted to determine the circumstances of the input. If the entered information is found to be personal information, appropriate actions are taken to delete it, thereby managing the internal data of SAP ERP.
Features
· Using SSO through the SAP portal to match employee number data for accurate user analysis.
· Login control based on IP and ID.
· Sending an email to the security manager with the SAP screen when accessing personal information.
Public
An external contractor without authorization used a full-time employee's ID and password to perform tasks, which was uncovered during an audit. In response, SAP access records were requested for investigation. However, due to the lack of internal access tracking features in SAP, it was ineffective in identifying unauthorized access or determining accountability during incidents. As a follow-up action after the audit, xCon was implemented to retain SAP access records for 18 months and control SAP access using a combination of IP, MAC, and ID. Additionally, checks are being conducted on former employees to verify any potential internal information leaks.
Features
· Retention of SAP access records for 18 months (21TB).
· Login control based on IP, MAC, and ID.
Finance
A customer using SNC for encrypted communication in SAP has implemented xCon to retain access record information for SAP ERP for one year. Since account query information is critical, when a specific GL account is queried, cumulative totals are monitored, and notifications are sent to the responsible person if the queries exceed a certain threshold.
Features
· Monitoring applied for encrypted communication between the SAP server and users.
· Email notifications sent for login failure screens when account lockouts occur.
· Cumulative events triggered when querying specific GL accounts.
Case Study
Check out various implementation cases.
Sales
We have implemented Bizinsider xCon as a means to check access records for SAP ERP and track internal users. The customer has numerous critical tasks linking SAP ERP to their web server, so they have recorded RFC information connecting to the ERP. They are also monitoring the personal information query history on the web server using the employee number information included in the RFC. Additionally, they are monitoring unauthorized data changes through debugging in the operational system, which is used for tracking and identifying the causes of issues when they arise.
Features
· Mapping employee number information within the RFC to track personal information usage records outside of ERP.
· Reporting performance at the end-user level to identify tuning points for SAP ERP.
Manufacturing
Due to the customer's policy, personal information is not stored within the SAP ERP system. However, when a user inputs personal information into the system, xCon sends an email to the personal information manager with a screenshot of the SAP screen used by the user. Based on this information, an investigation is conducted to determine the circumstances of the input. If the entered information is found to be personal information, appropriate actions are taken to delete it, thereby managing the internal data of SAP ERP.
Features
· Using SSO through the SAP portal to match employee number data for accurate user analysis. · Login control based on IP and ID.
· Sending an email to the security manager with the SAP screen when accessing personal information.
Public
An external contractor without authorization used a full-time employee's ID and password to perform tasks, which was uncovered during an audit. In response, SAP access records were requested for investigation. However, due to the lack of internal access tracking features in SAP, it was ineffective in identifying unauthorized access or determining accountability during incidents. As a follow-up action after the audit, xCon was implemented to retain SAP access records for 18 months and control SAP access using a combination of IP, MAC, and ID. Additionally, checks are being conducted on former employees to verify any potential internal information leaks.
Features
· Retention of SAP access records for 18 months (21TB).
· Login control based on IP, MAC, and ID.
Finance
A customer using SNC for encrypted communication in SAP has implemented xCon to retain access record information for SAP ERP for one year. Since account query information is critical, when a specific GL account is queried, cumulative totals are monitored, and notifications are sent to the responsible person if the queries exceed a certain threshold.
Features
· Monitoring applied for encrypted communication between the SAP server and users.
· Email notifications sent for login failure screens when account lockouts occur.
· Cumulative events triggered when querying specific GL accounts.
CONTACT
INSPIEN aims to be a business partner that prioritizes enhancing customer value,
drawing on the accumulated experience and technical knowledge of all our employees.
CONTACT
INSPIEN aims to be a business partner that prioritizes enhancing customer value, drawing on the accumulated experience and technical knowledge of all our employees.
