SAP Field Level Security – what are my options?

By Ashwin Bhaskar, Senior Software Engineer at NextLabs

Today’s ERP systems demand tight security controls at multiple levels of the application design. Most ERP systems, including SAP, are transactional in nature. Our customers have frequently asked us about extending security controls beyond transactions at a field level. For example, take a digital product catalog used by multiple departments within an enterprise, the view screen hides pricing information for products from a customer support rep that just needs to view technical product information. Whereas, a sales rep viewing the same product catalog would be able to view both technical and pricing information, but cannot make modifications.   Granted another level of access. is the pricing team, that can view and modify the price fields of the product catalog. more “SAP Field Level Security – what are my options?”

Can we turn off Snowden’s access after the fact?

By E.K. Koh

In my last blog, Would data-level controls have stopped Snowden, I highlighted the importance to separate system rights from data rights. But what if Snowden was using a login credential that in fact grants him rights to sensitive data? Accounts vary, but in the blog What the Snowden affair taught us , Anand alluded to the fact that Snowden gained access by stealing credentials of users with higher privilege. Unfortunately, even a system with fine grained data entitlement capabilities will not be able to stop Snowden, under his new identity, from copying sensitive data. more “Can we turn off Snowden’s access after the fact?”

Attributes is the new role?

By Sandeep Chopra.

“Attributes” is the new Role?

In the last Gartner Identity and Access Summit in Nov 2013, Gregg Kreizmann, Research VP in Gartner, made a prediction that by 2020, 70% of all businesses will use attribute-based access control (ABAC) as the dominant mechanism to protect critical assets, up from <5% today.

In Oct 2013, NIST published their report titled “Guide to Attribute-based Access Control Definition and Consideration”, which we discussed in an earlier blog. This is recognition that organizations, including the federal government, need to govern how information is shared across systems, applications, and organizations. more “Attributes is the new role?”

The Politics of Export Control Reform: Why Less Licensing = More Complexity

by Gary Stanley

Just as with past export control reform efforts in the Clinton and Bush II years, the Obama Administration started with the best of intentions to make U.S. export and re-export control rules more straightforward and less burdensome.  Without dispute, it has pushed through broader changes than any of its predecessors.

Like its predecessors’ changes, however, the Obama Administration’s may have reduced the licensing burden, but at the expense of making U.S. export and re-export controls more difficult to understand and administer.  The reason lies in the politics of U.S. export controls. more “The Politics of Export Control Reform: Why Less Licensing = More Complexity”

Managing Export Compliance with Trade Management IT Systems

By Soujanya Madhurapantula.

Let’s start with what a trade management system is, what it does, and what are some of its shortcomings.

What is a Trade Management System

Export control can get pretty messy, especially when you consider how a typical company will be operating according to the rules of multiple jurisdictions at any given time.  Businesses that must comply with Export Control regulations like ITAR often maintain license and distribution information in a central Trade Management System (TMS).  more “Managing Export Compliance with Trade Management IT Systems”