In spite of the hype surrounding the cloud, the on-premise model in which customers run their own SAP software is still the norm. However, that doesn’t rule out a service provider handling part of the operations; indeed, hosting is a widely used model, particularly among SMEs. While the roles at hand are usually clearly assigned in a hosting model like this, the same unfortunately doesn’t always apply to SAP system security.
Managing a large number of user accounts often presents companies with a major challenge. It’s particularly difficult when user identities need to be maintained in several systems, directory services, or databases. This frequently results in a lack of transparency, conflicts in the segregation of duties (SoD), and an increase in the effort required to address them.
They say that major events cast a shadow that portends their arrival. In SAP environments, this applies in particular to the transition to S/4HANA, which companies will need to make before maintenance for SAP ERP expires in 2025.
As we covered this pending migration from various perspectives at our SAST DAYS 2019 event, interest in the topics of authorizations and code security was especially high. Let’s take a look back at those exciting days, which presented a balanced mix of current challenges and assorted solutions.
C/4HANA is the name of the newest product in the SAP portfolio. The company based in Walldorf, Germany, promises nothing less than a revolution of customer experience. But is C/4HANA secure? And what does “C/4HANA” mean, anyway?
Our webinars offer you a forum in which you can get the answers to your specific questions about the latest topics in SAP Security & Compliance without having to invest a lot of time.
Are you unable to attend a live webinar? Our webinar archive allows you to individually schedule when you want to take advantage of our recommendations.
Check out our current topics.
Did you know that you can distribute licenses easily and automatically via RFC starting from SAST SUITE Release 5.0?
The IT compliance field poses a major challenge for SAP customers, and in particular, with regard to the compliance of SAP users. It is no coincidence that roles and authorization issues are what many SAP customers find most frustrating.
Companies find themselves challenged again and again by the immense effort required to keep employee SAP authorizations up to date during day to day business. Our new SAST SUITE module, Self-Adjusting Authorizations, takes an intelligent approach to solving the most frequent problems: It removes unused transactions automatically, increasing both compliance security and protection against data misuse, in turn reducing administrative effort.
Security policies allow companies to ensure compliance with data integrity, secrecy, availability and authenticity. Such policies are constantly being updated and scaled to keep up with changes to ongoing operations. When additional policies are added in compliance with guidelines – for example a software update or a DSAG audit, the policy must be compared. To date, this has required checks by hand. Since the Release 5.0 SAST SUITE offers solution, providing automatic identification and adoption of deltas where policies differ.
As the years pass by, companies are increasingly facing the oft-lamented lack of experts. Bright minds thinking about information technology and how to implement it, maintain it and, especially, secure it, are far and few between. And the risks grow in line with the increasingly complex IT environment. Most IT departments are simply in over their heads in the face of this challenge. For this reason, security for systems and storage of critical company data is often pushed to the bottom of the to-do list.
Consider this: Managed services offer quick, and most importantly, secure solutions.