To help you avoid struggling with missing organizational level configurations in your next authorization rollout project, Sascha Heckmann has a practical tip on how to prevent the loss of these configurations in your authorization roles.
The EU General Data Protection Regulation (EU GDPR) takes effect on May 25, 2018, and hardly a day goes by without some news about it – and that’s the way it should be! As demonstrated by a DSAG member survey of SAP users just a few weeks ago, only just over half of all the companies (53%) have a roadmap. To say nothing of full implementation of the new requirements.
Michael Muellner, Head of Security & Compliance at AKQUINET, discusses helps to make this topic accessible to you by building a bridge from the statutory requirements to steps in operations and concrete tips.
The addition “WITH HEADER LINE” has technically been unnecessary going back several SAP versions now. This is because the statement declares both internal tables and an additional data object – the header line.
There are a large number of notes that spread awareness that the use of this statement causes various content problems. Among other things, the use of the same name means that it is not immediately apparent as to whether you are working on a table or a header line.
However, what the notes typically do not warn you about is that this kind of programming goes hand in hand with security problems for your SAP systems.
Pressure is rising steadily for companies to keep costs down and information technology has not escaped this. In the SAP environment, licensing costs make up a particularly sizeable share of the overall IT costs and they are now being reviewed once again by many companies.
Our tip today will show you how to take the first step to reducing licensing costs yourself.
On every second Tuesday of each month, SAP releases new Security Notes. Many SAP administrators install these patches relatively quickly – but are they putting too much faith in the security they provide?
Very few customers know that security gaps can still be exploited.
Last year, WannaCry brought some companies to the edge of absolute ruin. While the most common entry vectors are known, companies are still making it much too easy for hackers.
Officially, emails were to blame for the largest-scale cyberattack in recent years. If users clicked on the mail attachment, WannaCry implanted malware into the computers, propagated itself, and encrypted accessible data in the blink of an eye. In an alternative scenario, hackers had infiltrated the manufacturer of a subsystem and built the malware code into a software patch.
While unfamiliar emails can simply be deleted, the deployment of such a patch can undermine the in-house security system with breathtaking speed.
Practical tip: How you can easily prevent your SAP users from being inadvertently locked out.
The parameter “icf/reject_expired_passwords” is intended to prevent SAP users from being able to log in via “http” with an expired password. So far so good…
The use of critical transactions is one of the most frequent items to be found on the lists of deficiencies prepared by auditors. And rightly so, since accessing SAP tables and ABAP programs with these kinds of transactions is unfortunately often associated with major security risks.
So how can you protect yourself from critical transaction accesses while ensuring your users have the permissions they need? Find out with our best practice tip.
One of the biggest challenges that any customer faces when migrating or redesigning their SAP authorizations is ensuring the continuity of their normal business operations. As a result, IT units are often wary of curtailing user rights – so as to avoid conflicts with business departments that would result from increased testing workloads or more frequent error messages.
With SAST Safe Go-Live Management, these problems are now a thing of the past.
In many SAP systems, there are RFC connections which address strange hostnames or even point to Amazon servers. This is due to the fact that SAP transports “RFC data garbage” from its own development computers to the customer during new installations.
Read our practical tip to discover the connections which this affects.