English | Deutsch | Español

SAP Interfaces and GDPR

April 29, 2019 | From Dr. Oleksandr Panchenko

Virtual_Forge_InterfaceProfiler_ScreenIn a real SAP®-system landscape hundreds of communication partners exchange thousands of messages. As you can imagine, it results in a huge amount of data that is transmitted. The Virtual Forge InterfaceProfiler can monitor all the data flows and summarize the monitoring data at one central place. But wait, who is going to screen all this mass of data?

Fortunately, the Virtual Forge InterfaceProfiler can do it for you. For each communication event some meta data is collected and stored. If you tell the InterfaceProfiler what kind of data is important for you, it can select the corresponding events that exchange such data. Let me show it on an example:

You want to see what systems exchange bank account data or credit card numbers. For that you need to pick corresponding data elements (DTELs) from your SAP data dictionary and mark them in the InterfaceProfiler’s repository as important for an analysis. You can compare this action with well-known tagging. That is basically all you have to do. Now, InterfaceProfiler can (transitively) look where the data elements are used and filter corresponding events out of millions of collected events.

 

Does it mean someone needs to tag all data dictionary elements to make this work? No. SAP has already taken care of most of standard elements, such as data elements and function modules. They are assigned to an application component, for example FI-GL for Financials is assigned to General Ledger Accounting or MM-IM for Material Management gets assigned to Inventory Management. This already gives a good approximation of what data dictionary element corresponds to what area. These application components can be used as tags for search.

Furthermore, Virtual Forge has taken care of security relevant data dictionary elements. There is an extensive content that is delivered together with InterfaceProfiler. It includes hundreds of data elements and functions that we think you should keep an eye on. Personal data (such as a birth day of an employee), critical infrastructural data (such as authorization and roles), critical security data (such as credit card numbers) – all this is included into the content delivery. So, you can start working with prepared tags right away. Merely the last part should be done by you – maintaining your own data dictionary elements, basically covering your Z*-namespace.

This feature can provide insights into the data flows in your software system landscape and give you the necessary transparency to fulfill the EU GDPR requirements.

In addition to these insights there is another feature that can help to focus on important communication partners. This is the InterfaceProfiler Rule Engine. It provides a possibility to black list or to white list connections between certain systems. Once the rules are defined the communication will be constantly monitored and the violations will be reported. It can be compared to a firewall rules, but the important difference is that the actual communication stays untouched. The connections violating rule sets will be just reported, not blocked. However, this feature provides a possibility to define a blueprint of the system landscape and check if the actual communication fits into it and how it evolves over time.

Naturally, the rule engine works with both our reporting options: the classic ABAP® lists and the interactive System Landscape Map in the web browser.