In this blog, we will explore few ideas for creating a domain-centric data mesh using SAP components, without engaging in the debate of whether data fabric or data mesh is the right approach.
We will focus on a futuristic use case within the Aerospace or Defense industry, which demands stringent data governance due to compliance requirements such as ITAR, EAR, BAFA, DOE 810, NERC/CIP, and SEC. Additionally, safeguarding intellectual property is a critical concern as business growth often relies on increased collaboration, both internally and externally, spanning product and engineering, supply chain, cross industry- partnerships, and joint ventures. I am happy to hear your ideas too!
Aerospace and defense customers often face challenges in keeping up with rapid technological advancements due to the burden of data debts and the need to comply with stringent legal and regulatory data security requirements.
This challenge is further amplified when dealing with legacy ERP systems, as identifying and restricting sensitive data becomes complex, hindering the end-to-end data lifecycle management. Moreover, the Aerospace and defense industry grapples with the formidable challenge of reducing IT costs, as the presence of significant data risks renders offshore operations an impractical option.
Let's consider the example of a product manager based in the United States, working for a US corporation. Their product is subject to ITAR regulations but has both government and commercial applications.
In order to comply with the business rule, the access to ITAR data in SAP should only be granted to US persons while they are in US locations. However, when this product manager is on a business trip to Singapore, meeting with suppliers at their APAC regional headquarters, exposing material data, CAD drawings, or BOMs stored in SAP would violate ITAR regulations.
In the context of a UK energy company establishing a joint venture with a local company in China to cater to the emerging market, an added layer of data security is required based on location. This ensures that access to BOM items and intellectual property not related to the joint venture is restricted, safeguarding sensitive information and preserving the integrity of the collaboration.
In the context of the aerospace and defense , "Data is not only the ammunition that fuels engines but it is also an the armor that protects international and national peace"
To solve the problem described above, we will hypothetically integrate Collibra, Next Labs ABAC/DAM, IAG and GRC and SAP S/4 HANA to provide data insights to users without compromising data security requirements. Please note that is is hypothetical pattern and we have to review and apply it according to client specific data security requirements.
Solution Components | Usage |
Collibra | This component can be used to document and define data governance policies, meta data catalogue, end to end data lineage, data quality KPI's, data protection and data privacy rules for bill of materials. |
SAP IAG | SAP IAG can handle the user access request and provisioning workflows to authenticate and authorize the user identity with the client's identity provider (ex: Active Directory) |
SAP GRC | SAP GRC can provide the necessary controls and policies for access management and perform risk analysis and segregation of duties (SoD) checks, ensuring compliance with regulatory requirements across all SAP applications in the landscape. |
Next Labs ABAC/DAM | Next Labs ABAC/DAM provides robust protection against unauthorized access to sensitive SAP data by implementing fine-grained access controls. These controls can be applied at the level of individual data attributes or data ranges, enabling customers to safeguard their data while meeting compliance requirements. By examining the attributes of the data being accessed, the context of the request, and the user's identity, Next Labs ABAC/DAM allows organizations to control access to data, business transactions, and batch processes based on defined policies. With SAP DAM, any changes in the attributes of the data or the user are dynamically considered, and the relevant policies are applied in real-time to enforce fine-grained access controls across various business functions. For example, a rule may specify that only US-based employees can access ITAR-classified materials from US locations. When a user attempts to access such materials, this rule is validated in real-time, ensuring that access is granted only to authorized individuals who meet the specified criteria. Through the integration of Next Labs ABAC/DAM with SAP systems, organizations can effectively protect their sensitive data, maintain compliance, and enforce granular access controls across a wide range of business operations. |
SAP Data sphere | This is optional but we can use this if you want to provide flexible predictive analytics to the users. |
SAP BTP AI Launch Pad | This is optional and can be used to identify repeat breach patterns, time and detect security data anomalies in advance and add further access controls. |
In the world of aerospace and defense, organizations face the challenge of managing bill of material (BOM) data across multiple systems. R By integrating diverse systems such as SAP S/4HANA, Team Center, and Siemens, they created a unified network of interconnected data mesh. This will enable seamless collaboration among internal and external engineering, supply chain, and product sales teams. With real-time visibility into BOMs, teams made informed decisions, optimized designs, synchronized manufacturing, and tailored offerings. The BOM data mesh can empower the organizations to achieve faster product development cycles, reduced costs, and improved customer satisfaction.
Step 1: Define Role Requirements, Meta-data catalo Data Governance and access policies for BOM in Collibra
Step 2: Understand BOM Creation and Editing Requirements
Step 3: Define SAP S/4HANA Role
Step 4: Configure Next Lab ABAC DAM
SAP Next Lab ABAC DAM works natively with SAP and manages authorization logic through an externalized, standards-based policy framework. For instance, a rule may state, “Allow only US-based employees to access ITAR-classified materials from US locations.” When a user attempts to access materials, this rule is validated in real-time before access is granted.
Step 5: Integrate SAP GRC and Next Lab ABAC
This MVP use case leverages SAP GRC Access Control and SAP authorization for Governance and Functional Authorization and leverages ABAC for Data Authorization. It combines the features and fully integrated capabilities of SAP GRC Access Control and SAP authorization, such as ease of user assignment and role management, to efficiently supporting data attributes and avoiding the “role explosion” and custom development that would otherwise be necessary and costly.
Step 5: Define ABAC Policies
Step 6: Test and Validate the Role using AI
Step 7: Integration SAP BTP Identity Access Governance to Active Directory
By integrating SAP BTP Identity Access Governance directly, users can seamlessly access data from multiple systems, including SAP S/4HANA, Team Center, Siemens, and other engineering, manufacturing, and supply chain systems. This integration enables a cohesive data mesh approach, allowing users to view and manage bill of materials across various systems.
Step 8: Integrate Collibra and Datasphere to Monetize and Publish bill of material insights to engineering, supply chain and product sales team.
You have the ability to define and design self-service analytic insight reports, which can be monetized and shared with both your internal and external engineering, supply chain, and product sales teams.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
3 | |
3 | |
2 | |
2 | |
2 | |
2 | |
2 | |
2 | |
1 | |
1 |