Upload
candice-howard
View
214
Download
2
Tags:
Embed Size (px)
Citation preview
© 2007 realtime North America, Inc.1
These are additional slides that can be added to the main Presentation on an
individual basis:www.tinyurl.com/biolockppt
NOTE !!!!
April 18, 2023
© 2007 realtime North America, Inc.2 April 18, 2023
to Protect Critical Data
for SAP Customers
with Biometrics
to Prevent
Fraud
The bioLock Mission Statement
bioLock’s mission is…
In short: Data Loss Prevention for SAP – or www.DLP4SAP.com
bioLock protection goes far beyond the ability of single sign-on or access control!
© 2007 realtime North America, Inc.
Actual Financial Losses in 2008
The so called “occupational fraud” (also known as internal theft) and abuse imposes enormous costs on organizations. The median loss caused by the occupational frauds in this 2008 ACFE study was $175,000. More than one-quarter of the cases caused at least $1 million in damages. U.S. organizations lose 7% of their annual revenues to fraud (up from 5% in 06). This is over $994 billion dollars a year!
Read the full study at: http://www.acfe.com/RTTN/2008-rttn.asp(Source: 2008 Study - Association of Certified Fraud Examiners – www.acfe.com)
Average single loss was $175,000
25% caused at least $1 million in losses
US companies lose 7% of revenue to fraud
This is over $994 billion in losses!
Schemes continue for years before detected
Mostly committed by upper management or accounting
Many are first time offenders – especially due to economy
3 April 18, 2023
© 2007 realtime North America, Inc.4
Good guys versus bad guys
“Things” are not always the way the look…
This guy might cause
$7,000
(Seven Thousand)
In damages
This guy caused over
$7,000,000,000
(Seven Billon Dollars)
In damages
April 18, 2023
© 2007 realtime North America, Inc.5
Largest fraud case in history – so far!
• French Trader Jerome Kerviel stole computer passwords that allowed him to enter his phony deals into various trading systems and to bypass security measures
• He misappropriated IT access controls belonging to operators
• Kerviel overstepped his authority and bet 50 billion Euros ($73 billion) - more than the bank's market value
• This practice costs his employer, France's Societe Generale, $7.2 billion in losses
• Judges have filed charges against Jerome for forgery, breach of trust and unauthorized computer activity
• Investigators questioned Societe Generale's chief executive who is ultimately responsible for his employees actions
• There are many rumors about the banks future / the industry is speculating, that it could be bought out or broken up
• Poor IT Security is blamed for the losses and a special committee has recommended to immediately introduce stronger security systems, including biometric authentication, to prevent a recurrence.
Source SAP Info: http://www.sap.info/public/INT/int/index/Category-28813c6138d029be8-int/0/articlesVersions-30698479ee4768f8a0
Source SAP Info: http://www.sap.info/public/INT/int/index/Category-28813c6138d029be8-int/0/articlesVersions-3038947c29f746dbbe
April 18, 2023
© 2007 realtime North America, Inc.6
Lawyers call it SODDILawyers call it SODDI
Biometrics is the only true protection since the user will be UNIQUELY identified!!!
Smart Cards and Tokens can still be lost, stolen or passed on – and the user can not be identified or held responsible…
Password are historically accepted to attempt protecting computer systems…
They offer limited protection and no identity management at all !!!
Lawyers love these 2 ways and call it:
SODDI
SOME OTHER DUDE DID IT – not my client of course…*
*Like in the multi million dollar case of UBS Paine Webber
April 18, 2023
© 2007 realtime North America, Inc.7
bioLock – the SAP border controlbioLock – the SAP border control
Let’s compare the SAP User Profile to a car crossing the border…
Allowing “entry” based on a password is like looking at the license plate and assuming that only Joe could be in that car since it is registered to Joe!
bioLock will be the border patrol for your SAP System and any function
When crossing the border, the border patrol will compare the passport picture with the drivers face to uniquely identify the actual driver with biometrics (manual face recognition) before allowing access
April 18, 2023
© 2007 realtime North America, Inc.
Why invest in biometrics?
• Prevent expensive lawsuits, image loss and bad press
• Protect your company from monetary damages and espionage
• Comply with mandatory regulations such as:
Biometric technology will prevent most attacks,
log uniquely identified users and their activities,
and ‘scare off’ potential attackers !!!
HIPAA
The California Act
Data Protection Act
FDA (Part 11-Electronic Records)
Sarbanes-Oxley Act – Section 404
8 April 18, 2023
© 2007 realtime North America, Inc.
The California State University uncovers…
• Even if your company is compliant, it is still exposed to fraud
• DuPont was 100% compliant and all auditors signed off
• They had a $400 Million internal fraud case
• Companies blame and “sue” external auditors
• Insurances reject policies and payments
• More than the minimum requirements by mandatory regulations have to be done to protect assets and investors
• Without biometrics there is no true compliance!!!
• As a result biometrics is now taught in classes
Download the complete research paper at: http://business.fullerton.edu/resources/biometrics/
This study was published around the world from different sources: http://www.securityworldmag.com/head/weekly_view.asp?idx=1227
A Research Study by Harvard Educated Professor and Accounting Expert, Paul Foote, uncovers:
9 April 18, 2023
© 2007 realtime North America, Inc.10
Where else is biometrics in use?Where else is biometrics in use?
US Visit program – Tourist have to enroll a picture of their face as well as two fingerprints at immigration
Fun Parks (Disney, Busch Garden, MGM, Adventure Island etc.) for multiple day visitors
Pay by Touch to pay with your finger in grocery stores, gas stations, beer gardens or in the school cafeteria
Door locks, garage door openers, mice, weapon safes, smart drives (as seen in the “sky mall magazine”)
Membership Clubs, Dealerships, Government Buildings
Watches, Suitcases, Purses, Cars, Guns, Keys, Remote Controls, Phones, Vending Machines and more:http://pagesperso-orange.fr/fingerchip/biometrics/types/fingerprint_products_misc.htm
April 18, 2023
© 2007 realtime North America, Inc.11
Why biometrics for your SAP SystemWhy biometrics for your SAP System
Biometric security for system, transaction and field level data
Biometric security for user logon with convenient single sign on to multiple systems
Enhanced user/transaction audit trail
Easy 4-eyes principle and supervisor approval functionality
Secure and convenient “Fast User Switching “
Proof, who did what and when in the SAP System with a biometric log file
April 18, 2023
© 2007 realtime North America, Inc.12
Verification versus IdentificationVerification versus Identification
Old Verification:
SAP User/
Password
Smart card or Logon /
Biometrics
Advanced Identification:
Searches Database of 100’s or 1000’s of biometric templates
Uniquely identifies Thomas and launches Thomas System
Might identify and reject Thomas based on authorization
Thomas Tasks or Attempts will be logged in an auditing log file
April 18, 2023
© 2007 realtime North America, Inc.
Customers Demand Biometric Devices
23% of all corporate laptops shipped in 2007 had a build in fingerprint sensor!
Laptops with finger print sensors Top two request from
corporations for laptop manufacturers in 2007 were factory hard drive encryption and a biometric fingerprint reader
Over 100 different laptop models have build in fingerprint sensors (compatible with bioLock)
Fingerprint leads biometric technologies among security-conscious as it is the most accepted technology and the cheapest for mass roll-out.
Many USB devices like mice, keyboards or other are being sold for $80-$250
13 April 18, 2023
© 2007 realtime North America, Inc.14
Many Devices can protect 5 Security LevelsMany Devices can protect 5 Security Levels
Level ILevel ISECURITYSECURITY
Level IILevel II
Level IIILevel III
Protect The King*Quote Keynote Speech RSA 2007 with Bill Gates
- Not The Castle!*
Level IVDual Signature
Level IVExceeding Values
April 18, 2023
© 2007 realtime North America, Inc.15
Pain Point – Fast User Switching
Challenge:
5 employees use 3 different computers and don’t have the time to log in and out when switching places
SAP User Profile
bioLock User
Teller PC1 Thomas
Teller PC1 Amanda
Teller PC1 April
Teller PC1 James
Teller PC1 Peter
Teller PC2 Thomas
Teller PC2 Amanda
Teller PC2 April
Teller PC2 James
Teller PC2 Peter
Teller PC3 Thomas
Teller PC3 Amanda
Teller PC3 April
Teller PC3 James
Teller PC3 Peter
The Solution:
Critical functions on all 3 computers are protected with bioLock
The biometric templates of all 5 users are assigned to all 3 computers so the 5 authorized users can switch between computers and execute protected functions
Unauthorized colleagues or customer can not execute the functions even if the computer is logged on since the template is not assigned
Example: Bank, Hospital, Warehouse, Customer Service, Call Center etc.
April 18, 2023
© 2007 realtime North America, Inc.16
Pain Point – unlocked computer
Customer goes over personal data with adviser on advisors computer
The customer or any unauthorized user could take over the computer for unauthorized task, wire transfers or to change data
The solution could be to protect critical functions with bioLock to prevent that anybody, except the computer owner, can execute those functions
Advisor prints documents and leaves the office to make copies in the back room
April 18, 2023
© 2007 realtime North America, Inc.
The Challenge:
Groups of people had access to many parts of the finance system The client needed to uniquely identify the “actual user” and log activities Management requested that 2 individuals would authorize certain tasks
The oldest central bank in the world had multiple critical tasks in their financial application including opening balance sheets, approving budgets and issuing wire transfers
The Solution:
bioLock with the dual confirmation group was installed
2 people have to authorize tasks
Both will be uniquely identified…
…and logged in the log file
Case Study: Banking / Finance System Case Study: Banking / Finance System
17 April 18, 2023
© 2007 realtime North America, Inc.
The Challenge:
A secretary used the principals user profile to approve herself overtime It could not be uniquely identified who logged on and who approved overtime The school had significant financial damages but had a hard time to prove it In addition - Password are written down and posted near computers at alarming rate
The Solution:
Protect logon to principals user id with bioLock
Uniquely identify if principal or secretary is logging onto the system
Only allow the principals biometric template to approve overtime and prevent that secretary can execute that function
Case Study: School DistrictCase Study: School District
At the Polk County School District, a secretary legally had access to her superiors SAP User Profile to do his work but abused her privilege and approved herself overtime
18 April 18, 2023
© 2007 realtime North America, Inc.
The Challenge:
Logging into the SAP System Approving certain workflows within the system – Electronic Signature! Authorizing purchase orders over certain amounts
The Solution:
1000 active users were equipped with bioLock
The workflow and PO’s were protected
A log file can proof, who did ‘what’ and ‘when’
EnBW - One of Europe’s largest Energy companies had the requirement to uniquely identify users for certain workflows
Case Study: Energy CompanyCase Study: Energy Company
19 April 18, 2023
© 2007 realtime North America, Inc.
The Challenge:
Brevard County Government, home to NASA and theKennedy Space Center is running SAP including HR
Multiple employees had access to extremely critical HR data Misuse of the data by employees and others was easily possible Brevard needed to protect and uniquely identify the actual SAP USER
The Solution:
Rick Meshberger (left) installed biometrics
Access and changes are limited to uniquely identified users
A log file can proof, who did ‘what’ and ‘when’
Case Study: Government HR / HIPAACase Study: Government HR / HIPAA
20 April 18, 2023
© 2007 realtime North America, Inc.
The Challenge:
Purdue Pharma L.P., a pharmaceutical company focused on meeting the needs of healthcare providers and the patients in their care
Financial workflow approval within SAP guaranteeing only executives can approve
bioLock was required to work within a web based system (browser based) An email send to s supervisor had to trigger biometric approval in a web browser
The Solution:
• Purdue is using bioLock for workflow payment approval • An automated workflow sends an email with a link to approver • Approver clicks the link and bioLock pops up a window• bioLock asks the user to authenticate themselves • bioLock approves the transaction in the web browser• Once done, the payment is immediately approved within SAP.
Case Study: Pharmaceutical CompanyCase Study: Pharmaceutical Company
21 April 18, 2023
© 2007 realtime North America, Inc.22
1. Prevent Jail Time for your Corporate Executives
2. Stop Identity Theft, Financial Damages and Espionage
3. Avoid Expensive Lawsuits, Bad Press and Perception Damage
4. Enhance and Complete your Sarbanes-Oxley Compliance Efforts
5. Comply with Other Mandatory Regulations
such as Data Protection Act
6. Protect your IT System, Recover Monies
and Send a Clear Message to Employees
7. KEEP YOUR COMPANIES HONEST PEOPLE HONEST!
7 Reasons why to get bioLock
Please see our “Value Proposition Document” at www.bioLock.us for details
April 18, 2023
© 2007 realtime North America, Inc.
7 Key Points to share with the team
• SAP Security and ALL compliance efforts (SoD’s) are solely based on password protected USER Profiles
• Passwords are not secure and offer very limited protection and no accountability at all
• Damages include severe financial losses, espionage, bad press, image loss, lawsuits, compliance violations, etc.
• Experts agree - Biometrics is the only solution approach to increase security, convenience and establish clear accountability
• A study confirms how a company can be compliant, but not secure
• bioLock is the only certified biometric technology available for SAP
• Fasten your "System’s Seatbelt" NOW – DON’T wait until your organization gets “HIT” with fraud first
April 18, 2023