As part of our “SAST DAYS” series, we regularly inform you about current developments and upcoming trends in the area of SAP Security & Compliance and offer a forum for an active Exchange.
Register now as a participant, as the places are limited as usual. Please note: the event language is German.
Our webinars offer you a live forum in which you can get the answers to your specific questions about the latest topics in SAP Security & Compliance without having to invest a lot of time.
Check out our current topics and register now.
Did you know that you can distribute licenses easily and automatically via RFC starting from SAST SUITE Release 5.0?
It’s probably too early to sum up the state of SAP security in 2018. Then again, fall is the season for events such as the DSAG Annual Congress (German SAP User Group), which just ended in Leipzig. It is at conferences and trade fairs like this that you get a chance to find out exactly what is on the minds of SAP customers. As a result, it isn’t too soon to get a reading of the security issues that are considered important in the SAP environment.
Almost all companies fine-tune their SAP systems with custom developments, but in doing so, they often expose themselves to severe security flaws. In particular, forgotten code that was only needed for a short time or has since been rendered obsolete by SAP’s own enhancements presents a further avenue for attacks.
AKQUINET’s analyses show that up to 90% of ABAP code is no longer used. Frequently written for one-time situations and neglected ever since, such programming offers an ideal back door for hacking and other forms of manipulation.
The IT compliance field poses a major challenge for SAP customers, and in particular, with regard to the compliance of SAP users. It is no coincidence that roles and authorization issues are what many SAP customers find most frustrating.
Companies find themselves challenged again and again by the immense effort required to keep employee SAP authorizations up to date during day to day business. Our new SAST SUITE module, Self-Adjusting Authorizations, takes an intelligent approach to solving the most frequent problems: It removes unused transactions automatically, increasing both compliance security and protection against data misuse, in turn reducing administrative effort.
Logical databases were once very popular. Complex selections were relatively easy to portray and effort-intensive reports were unnecessary. Users also appreciated the way dynamic selection worked, which encouraged developers to use the technique more and more. Starting from Version 7.50, SAP has now declared logical databases obsolete. Consequently, it advised against creating new logical databases, but allowed the old ones to continue as if nothing had happened. This, however, is a security risk that could impact any report.
Many companies work with internal solutions to safeguard their SAP landscapes. However, operating systems, databases and SAP systems, especially those at large companies or even international groups, can have very complex IT landscapes – and are often insufficiently protected against unauthorized attempts to access these landscapes. This used to be the situation at a leading global automotive supplier. Now, the company relies on SAST SUITE from AKQUINET to safeguard its SAP landscapes.
How SAP licenses are assigned is an essential subject for companies. Likewise, authorization management and license optimization play crucial roles that, unfortunately, often take a back seat to day-to-day business and are subject to poor communication between the respective experts. Effective immediately, the partnership between Snow Software, a leading provider of software asset management (SAM) and cloud spend solutions based in Stockholm, Sweden, and akquinet AG will provide relief.
Security policies allow companies to ensure compliance with data integrity, secrecy, availability and authenticity. Such policies are constantly being updated and scaled to keep up with changes to ongoing operations. When additional policies are added in compliance with guidelines – for example a software update or a DSAG audit, the policy must be compared. To date, this has required checks by hand. Since the Release 5.0 SAST SUITE offers solution, providing automatic identification and adoption of deltas where policies differ.
