“Upcoming Webinar: Next Generation Security Considerations for SAP”

KPMG - Securing the ERP Webcast

SAP security requirements are becoming increasingly complex.
Security threats, data restrictions, emerging regulations, and innovation in
technology is leading traditional approaches to security and access governance
to become costly, unmanageable, and without adequate risk coverage in many
cases. As your technology landscape evolves, so should your approach to
managing security and access governance.

KPMG, a NextLabs partner, will be hosting a webcast, “ERP Risk Series – Next Generation Security
Considerations for SAP” on
July 11,
2pm ET
. They’ll discuss strategies for evolving your access governance and
next generation SAP security considerations. The webcast will be hosted by
Brian Jensen (Managing Director of the Oracle Risk Management Team), and the
featured presenter will be Jonathan Levitt (Director Advisory, GRC Technology).

One CPE credit will be available to U.S. participants who
meet the eligibility requirements.

So, click here to secure your spot today!

NextLabs Deepens Its Microsoft Support

Microsoft Dynamics 365

In keeping with our extensive support for Microsoft
applications, NextLabs now announces the release of its latest version of Entitlement
Manager for Microsoft Dynamics 365
(EM for Dynamics), Microsoft’s CRM
application.

We listened to our customers, looked at where the market was
headed, and added features consistent with the NextLabs mission of protecting
data whether at rest or on the move. This latest release also reflects our deep
commitment to the Microsoft stack, augmenting our current support for SharePoint,
Exchange,
and Outlook.

EM for Dynamics reinforces that commitment with even more
granularity and flexibility for Dynamics CRM. 

“Refresh my memory . . . what is Microsoft Dynamics again?”

Microsoft Dynamics CRM is a multi-faceted platform where
everything you need to develop, enhance, and retain your client relationships
is stored. It centralizes customer information, business intelligence, the ability
to track sales opportunities, and more in one application. EM for Dynamics sits
on the Microsoft Dynamics CRM Server and works with both on-premises and cloud
deployments of Dynamics.

“What are the potential landmines of Dynamics?”

The ease with which Dynamics CRM enables collaborators to
share data and manage their own fine-tuned access controls can lead to serious
risk exposure in terms of inappropriate data access, distribution, and loss.

To address this challenge, EM for Dynamics was developed to
enhance compliance and security for this leading CRM application. It enforces
policies on the application across different Dynamics entities, such as
contact, account, and so on. Based on policies, EM for Dynamics filters entity
records by user attributes and entity attributes. For example, the application
can enforce policies to allow account executives to view only those accounts
that match their business unit and industry.

“You’ll get nothing and like it . . .”

If your company has very strict controls over who can access
what in Dynamics, NextLabs now enables you to shut off access to any records in
Dynamics by default. With this policy turned on, users can’t access any
records unless explicitly allowed by policy. Thus, users won’t be able to View,
Create, Edit, or Delete without permission.

With this approach, enterprises ensure that that their users
can only access the Dynamics 365 data they need to do their jobs and are not
inadvertently given access to sensitive, classified, or regulated data.

“You can go to prom, but you gotta be back by 1am”

If you don’t want to opt for the “you’ll get nothing and
like it” approach to data security and prefer some flexibility, EM for Dynamics
now allows you to filter data either at the record level or the field level.
You can even make authorization decisions based on user attributes from the
native CRM user records.

These new features ensure enterprises have the flexibility
to control access to data as granularly as needed by the business or as
required by policy – either at the object or field level. They also give
enterprises an easy way to make actionable information available to users who would
otherwise be denied access to data by policy.

Here are some other examples of the flexibility now afforded
by EM for Dynamics:

  • Apply
    Security Filter
    : Allows the filtering of entity records based on the user
    attributes and the entity attributes
  • Display
    Policy Violation Message
    : Displays a message to users when a policy
    violation happens.
  • Inherit
    Policies From
    : Allows the filtering of entity records subject to the policy
    against its “secured” direct parent entities.
  • Apply
    Security Filter Based on Parent Attributes
    : Allows the filtering of entity
    records subject to the attributes against its “secured” direct parent entities.
  • Mask
    Fields
    : Allows the masking of specific fields in a record.

For more info . . .

If you’re interested in learning more about NextLabs’
solutions for the entire Microsoft stack, and not just Dynamics, click
here
.

Words of Wisdom: How to Ensure a Successful ABAC Implementation

Attribute-based access control (“ABAC” for short) has reached the point of mass adoption with respect to access control technologies. In fact, the National Cybersecurity Center of Excellence developed a reference design for ABAC that provides organizations “greater efficiency, flexibility, scalability security.”[1] To ensure that those benefits are realized, however, it’s essential to establish best practice guidelines when it comes to implementing ABAC successfully.

ABAC can be instrumental in reducing enterprise risks such as insider threats, loss of customer data and personally identifiable information (PII), leakage of trade secrets and intellectual property, and fraud. The use of context in access decisions can also lead to substantial cost savings since ABAC systems enable more efficient policy management and regulatory compliance. Furthermore, organizations can continue to leverage much, if not all, of their previous investment in existing IT infrastructure. more “Words of Wisdom: How to Ensure a Successful ABAC Implementation”

Could Your Car Be Hacked? It’s More Possible Than You Think.

When you’re driving your car, you view it as something completely protected. You’re driving it, and if you’ve maintained it, it’s going to likely drive as it should. I recently spoke with a friend who said he views his car as a ‘black box’; he drives it, but he relies on his mechanic to tell him if something is wrong with it. The unfortunate reality is that now, even while you’re driving, your car could potentially be taken over by a rogue hacker.

While it may sound like something out of a spy thriller or sci-fi novel, over the last few years, hackers have found numerous ways to hack into a vehicle, from taking over the on-board navigation system through an unsecured WiFi network designed to look like a public network, to hacking into a local mechanic’s diagnostic system then using that system to access the car’s on-board diagnostics.  more “Could Your Car Be Hacked? It’s More Possible Than You Think.”

GDPR: A Lens into the Bigger Picture of Digital Transformation

LensThe General Data Protection Regulation (GDPR) has been receiving much press the last couple years on both sides of “the pond” and for good reason.  It impacts companies not just in Europe but potentially anywhere in the world.

We’re doing business in a world that’s increasingly globalized and intertwined, much more so than it’s ever been.  Large multinational companies have offices throughout the globe.  more “GDPR: A Lens into the Bigger Picture of Digital Transformation”

Why Dynamic Authorization Is a Big Deal in Data Security

CollaborationIf you’re unfamiliar with dynamic authorization, be prepared for an epiphany of sorts.  It could very well be the biggest little secret you’ve never heard of with respect to data security.  What with all the cloud apps, mobile devices, Big Data, and productivity tools that consume our professional lives these days, legacy access control solutions are having a difficult time keeping pace. more “Why Dynamic Authorization Is a Big Deal in Data Security”

Policy Based Security for Microsoft Dynamics CRM

As corporate security, data sharing, and compliance requirements increase, managing access to customer data in Microsoft Dynamics CRM has become more important than ever.  These changing requirements can result in increased administration overhead and complexity.

NextLabs Enforcer for Microsoft Dynamics helps simplify this management by extending the existing Dynamics security model through attribute based policies.  more “Policy Based Security for Microsoft Dynamics CRM”