Data Security

Data is stored on both the SAP MI Client Component and on the SAP MI Server Component. Data is stored on the server side in the SAP NetWeaver AS.

The SAP MI Client Component does not protect the stored data actively. Since the mobile device can be easily stolen or lost, data security is crucial. The following measures increase the data security on your mobile device.

?     On Win32 platforms, use encryption software to encrypt the entire directory structure in which the data for the SAP MI Client Component is stored, thus protecting it from unauthorized access. You must decrypt the data again before working with SAP MI.

Mobile devices such as PDAs do not currently strictly distinguish between main storage and file systems. Code fragments could, therefore, remain in main storage, endangering the entire encryption. In this case, the use of encryption software does not offer the same security as on Win32 platforms.

?     Use antivirus software and update the virus databases at regular intervals.

?     Only install trustworthy software. External software that is not trustworthy could manipulate the application data of SAP MI without your noticing it.

?     If available, use the password or PIN protection for operating systems.

?     If you lose the device, have the SAP MI administrator immediately lock the user in the SAP MI Server Component to prevent unauthorized access to the system and then change the user’s password.

A mobile device can be used by one or more users.

?     If the device is used by one user, this user is responsible for the device and must make sure that nobody accesses the device without authorization.

?     If more than one user is using the device, these users must trust one another. Without the support of the operating system, it is not possible to protect user data from being accessed by other users of the operating system.

If the applications on the mobile device require data protection or non-repudiation (for example, for time recording), the device should only be used by one user.

Note that the trace files can contain confidential user data. Depending on the trace level selected, the trace files can contain detailed synchronization containers, which include user data. The trace files are saved locally on the mobile device and can be accessed by other users of that device.

The trace files can also be transferred to the server during the synchronization. This can result in additional gaps in security.