Segregating Data in a Shared SAP Environment During a Divestiture
A Field Perspective from Tammy Adjunta Clements, IT Information Security Leader of Enterprise Functions and Transformations at DuPont
Separating sensitive data during a divestiture is one of the most challenging aspects of managing an SAP environment. When organizations operate under a Transition Service Agreement (TSA), both the parent company and the divested entity often continue using the same SAP system while requiring strict separation of business data. Traditional SAP access control methods can make it difficult to balance business continuity with security, increasing the risk of unauthorized data access, compliance issues, and operational disruption.
In this solution brief, Tammy Adjunta Clements, IT Information Security Leader for Enterprise Functions and Transformations at DuPont, shares her firsthand experience securing data in a shared SAP environment during a complex divestiture. Drawing on real-world lessons, she explains why conventional role-based access control (RBAC) alone is often insufficient for enforcing data segregation in SAP. Integrated business processes, reporting tools, table-level access, and privileged system accounts can all introduce hidden security risks that extend beyond standard user roles.
Discover how DuPont enhanced its SAP security strategy by combining traditional RBAC with dynamic, policy-based attribute-based access control (ABAC) using NextLabs. By evaluating access requests based on user attributes, business unit, organizational context, and data classification, DuPont was able to enforce fine-grained SAP authorization policies that protected sensitive information while allowing both organizations to continue operating efficiently throughout the TSA.
The solution brief also explores the importance of visibility into SAP usage, continuous access analysis, and collaboration between IT and business stakeholders. Learn how identifying unnecessary permissions, understanding real-world data access patterns, and implementing dynamic security policies helped reduce risk without impacting productivity. These practical insights demonstrate how organizations can strengthen SAP governance while supporting business operations during periods of organizational change.
Whether your organization is planning a divestiture, merger, acquisition, or business carve-out, this solution brief provides actionable guidance for implementing secure SAP data segregation. Learn how a Zero Trust, data-centric security approach enables organizations to extend traditional SAP access controls with dynamic policy enforcement, protect sensitive enterprise data, maintain regulatory compliance, and ensure business continuity throughout every stage of the transition.
Key Insights
Drawing on DuPont’s experience, this solution brief demonstrates how organizations can address the unique security challenges of operating within a shared SAP environment during a Transition Service Agreement. It highlights why traditional role-based access control alone cannot fully protect sensitive business data, how attribute-based access control provides the flexibility needed for dynamic data segregation, and why visibility into user activity and collaboration between IT and business stakeholders are essential for a successful divestiture. Together, these lessons provide a practical framework for reducing risk while ensuring both organizations can continue operating securely throughout the transition.
Read the full solution brief to gain practical insights from DuPont’s experience and learn how organizations can secure shared SAP environments during divestitures, mergers, acquisitions, and other complex business transitions.

To comment on this post
Login to NextLabs Community
NextLabs seeks to provide helpful resources and easy to digest information on data-centric security related topics. To discuss and share insights on this resource with peers in the data security field, join the NextLabs community.
Don't have a NextLabs ID? Create an account.