For a number of years now, SAP has been pursuing a new strategy for how SAP users interact with its software. Complex SAP applications are being subdivided into role-based SAP Fiori apps, with the aim improving user friendliness while also enhancing the user experience. A rising number of companies are considering implementation of SAP Fiori apps and are now faced with determining which authorizations must be allocated to their employees for access to the app.
It is well known that SAP systems present an attractive target for hackers and manipulators. After all, SAP systems gather all the sensitive company data in one place, making it all the more important to protect them against unauthorized access. In addition to conventional measures for improving SAP security and compliance, this includes extensive anti-virus protection adapted specifically to the requirements of SAP systems.
The Security Audit Log allows users with extensive authorizations to be monitored. This is particularly useful for ensuring compliance with both internal security policies and external legal requirements. The SAP standard tool gives an overview of critical activities relevant to security and logs them.
Berliner Wasserbetriebe, Berlin’s water supply and wastewater disposal company, is a public institution and is therefore subject to special legal requirements. High security standards apply to both business processes and its IT operations. As a consequence, setting up transparent SAP authorization management company-wide to meet all of these requirements was one of the water company’s most critical tasks.
In spite of the hype surrounding the cloud, the on-premise model in which customers run their own SAP software is still the norm. However, that doesn’t rule out a service provider handling part of the operations; indeed, hosting is a widely used model, particularly among SMEs. While the roles at hand are usually clearly assigned in a hosting model like this, the same unfortunately doesn’t always apply to SAP system security.
Managing a large number of user accounts often presents companies with a major challenge. It’s particularly difficult when user identities need to be maintained in several systems, directory services, or databases. This frequently results in a lack of transparency, conflicts in the segregation of duties (SoD), and an increase in the effort required to address them.
C/4HANA is the name of the newest product in the SAP portfolio. The company based in Walldorf, Germany, promises nothing less than a revolution of customer experience. But is C/4HANA secure? And what does “C/4HANA” mean, anyway?
Did you know that you can distribute licenses easily and automatically via RFC starting from SAST SUITE Release 5.0?
The IT compliance field poses a major challenge for SAP customers, and in particular, with regard to the compliance of SAP users. It is no coincidence that roles and authorization issues are what many SAP customers find most frustrating.
Security policies allow companies to ensure compliance with data integrity, secrecy, availability and authenticity. Such policies are constantly being updated and scaled to keep up with changes to ongoing operations. When additional policies are added in compliance with guidelines – for example a software update or a DSAG audit, the policy must be compared. To date, this has required checks by hand. Since the Release 5.0 SAST SUITE offers solution, providing automatic identification and adoption of deltas where policies differ.