Berliner Wasserbetriebe, Berlin’s water supply and wastewater disposal company, is a public institution and is therefore subject to special legal requirements. High security standards apply to both business processes and its IT operations. As a consequence, setting up transparent SAP authorization management company-wide to meet all of these requirements was one of the water company’s most critical tasks.
Structured security planning and streamlined authorizations are just two elements of protecting SAP systems against cyberattacks and manipulation. In this interview, Ralf Kempf (CTO SAST SOLUTIONS at akquinet AG) talks about the pitfalls to avoid during an SAP S/4HANA migration and what you can do to use SAP S/4HANA securely.
(A guide of the less serious sort.)
Let’s be honest right off the bat: There’s a lot of hype in the media about IT security in general and SAP security in special these days. But is there really anything behind it? Those headlines about millions of data records going missing always affect someone else – whether it’s Equifax across the pond or the big tech companies that have been infiltrated by organized groups of Chinese hackers. It’s all alarmist nonsense!
SAP is planning to move all its customers to cloud systems. Its software is used by most midsize and larger companies in the German-speaking countries, including around half of all the businesses in Germany alone. Making the transition requires solid planning and entails a tremendous amount of organizational effort on the part of IT managers.
(Partner blog post of SERPENTEQ GmbH)
On April 19, 2019, at the OPCDE Cyber Security conference in Dubai, security researchers Dmitry Chastuhin and Mathieu Geli gave a presentation called “SAP gateway to Heaven”. They re-visited two configuration issues (related to SAP Gateway and SAP Message Server) that have been known for many years and for which detailed security guidelines have been available for years. Now the researchers applied some admirably creative thinking to combine them.
Since May 2, 2019, the market for SAP security has known only one topic: the 10KBLAZE exploit toolkit, which has even prompted a warning from the U.S. Department of Homeland Security. Upon closer examination, however, it quickly becomes apparent that there’s not much news to report.
A password is both a blessing and a curse. The blessing is that it permits relatively secure authentication. The curse is that because the complex passwords required for secure login are often too hard to remember, even for those with good memories. A forgotten password is annoying for users. It also costs a lot of money. Read more to learn just how high the costs can be and how you can avoid them.
In cooperation with Enterprise Security Magazine, a distinguished panel of experts, professionals, and technology leaders has selected AKQUINET and their SAST SOLUTIONS into the list of the “Top 10 Cyber Security Companies in Europe”.
In the cover story of the magazine , Ralf Kempf (Technical Managing Director) reports what makes SAST SOLUTIONS special and why the topic of cyber security for SAP systems is up-to-date and will remain in future. Read the November edition of Enterprise Security Magazine now.
It’s probably too early to sum up the state of SAP security in 2018. Then again, fall is the season for events such as the DSAG Annual Congress (German SAP User Group), which just ended in Leipzig. It is at conferences and trade fairs like this that you get a chance to find out exactly what is on the minds of SAP customers. As a result, it isn’t too soon to get a reading of the security issues that are considered important in the SAP environment.
Almost all companies fine-tune their SAP systems with custom developments, but in doing so, they often expose themselves to severe security flaws. In particular, forgotten code that was only needed for a short time or has since been rendered obsolete by SAP’s own enhancements presents a further avenue for attacks.
AKQUINET’s analyses show that up to 90% of ABAP code is no longer used. Frequently written for one-time situations and neglected ever since, such programming offers an ideal back door for hacking and other forms of manipulation.