Our webinars offer you a forum in which you can get the answers to your specific questions about the latest topics in SAP Security & Compliance without having to invest a lot of time.
Are you unable to attend a live webinar? Our webinar archive allows you to individually schedule when you want to take advantage of our recommendations.
Check out our current topics.
Technical SAP users that have extensive authorizations like SAP_ALL pose a heightened security risk. Vulnerabilities can endanger interfaces and paralyze processes. As such, external auditors are intensifying their focus on authorization management. One of our customers – a company in the energy sector – recently faced the challenge of having to restrict the authorizations of its technical users (batch processing/RFC interfaces).
Information just now officially provided as part of the November SAP Patchday describes a new critical vulnerability: The SAP Security Note 2928635 (CVE-2020-6284) is a Cross-Site Scripting vulnerability (XSS) in SAP NetWeaver Knowledge Management. Act now to close the loophole!
The lack of SAP security management dashboards is discussed often by the Security & Vulnerability Working Group at DSAG, the German-speaking SAP User Group. The Working Group sees such tools an essential prerequisite for developing and monitoring the improved security concepts that are urgently needed. Yet a majority of companies has yet to implement the dashboard technology although now would be a particularly good time to implement this efficient tool for mitigating attacks in light of the increasing threat level posed by malware and ransomware.
One of our long-standing customers, the largest forklift manufacturer in Europe, uses the SAST SUITE for its SAP authorization management alongside a variety of IT services from akquinet AG. As part of a compliance project, the SAST Consulting team was commissioned to redesign and re-engineer all SAP authorizations for nearly 900 users in Germany. In this guest commentary from Sascha Heckmann, together with external SAP consultant Bernhard Radermacher, he tells how the “Ticket Monitor” a custom-developed add-on for the tried and tested SAST Safe Go-Live Management helped the project become a full success.
Incorrect parameter settings in the SAP system, operating system, or database often result in serious security deficiencies. Numerous companies using a central auditing policy developed as a document are up against the same challenges. Typically, parameter values are compared manually with the target requirements, which of course is time consuming. This a lot of effort even just for one single system. As you might imagine, making the comparisons on system-landscape level is that much more complicated. By centralizing monitoring with an automated solution, you can use resources more efficiently while boosting your IT security.
A municipal utility company recently implemented a new authorization concept to optimize maintenance, transparency, and user access. The implementation process included an assessment of whether all the existing user master records were really necessary. A major project like implementing a new authorization concept often pays for itself when inactive user master records are classified and restricted, reducing license fees as a result.
Ralf Kempf, CTO SAST SOLUTIONS, and his team have already guided many enterprises through their migration to SAP S/4HANA. He talked about his recipes for success in an interview with Ulrich Parthier, publisher of it management magazine.
Excerpts from the interview are provided below.
In September 2020, the attack made headlines:
A hacker attack can be fatal. Data, goods and assets aren’t the only things to consider: Human lives are at stake where public spaces, in particular public health, is concerned.
The transition of the business world to SAP S/4HANA is picking up speed: that’s why every company should start preparing an end-to-end migration strategy for the new SAP system. It is essential that this strategy consider security aspects, as well, to avoid ending up sitting on millions in subsequent costs. The solution is Threat Intelligence.
The upgrade from SAP ERP to SAP S/4HANA also involves a changeover to a new technology. This offers new possibilities thanks, to the increased speed of the SAP HANA in-memory database, as well as an improved user experience through the new FIORI UI. At the same time, however, the implementation of SAP S/4HANA also presents many enterprises with the difficult challenge of planning and executing their migration projects correctly: existing processes and role concepts have to be reconsidered.
