After many years working in the field of SAP security, I am still regularly surprised to discover how much Hollywood has contributed to the discussion on cybersecurity. The common perception is that of a hacker sitting at home in front of several screens and using cryptic commands to hack into corporate networks. The recently published “Insider Threat 2018 Report” however, shows that insider attacks represent a much more serious threat. As far as the security of SAP systems is concerned, insider attacks are by far the greater problem. Why that is the case and what the main risks are is the subject of this post. Continue reading
A password is both a blessing and a curse. The blessing is that it permits relatively secure authentication. The curse is that because the complex passwords required for secure login are often too hard to remember, even for those with good memories. A forgotten password is annoying for users. It also costs a lot of money. Read more to learn just how high the costs can be and how you can avoid them.
C/4HANA is the name of the newest product in the SAP portfolio. The company based in Walldorf, Germany, promises nothing less than a revolution of customer experience. But is C/4HANA secure? And what does “C/4HANA” mean, anyway?
Holistic, effective risk management in IT will help you make sounder decisions faster and present tremendous potential for value creation throughout your company. In practice, however, we continue to witness a lack of measures appropriate for identifying dangers early on. IT risk management is too often understood as a reactive process.
Did you know that you can distribute licenses easily and automatically via RFC starting from SAST SUITE Release 5.0?
It’s probably too early to sum up the state of SAP security in 2018. Then again, fall is the season for events such as the DSAG Annual Congress (German SAP User Group), which just ended in Leipzig. It is at conferences and trade fairs like this that you get a chance to find out exactly what is on the minds of SAP customers. As a result, it isn’t too soon to get a reading of the security issues that are considered important in the SAP environment.
The IT compliance field poses a major challenge for SAP customers, and in particular, with regard to the compliance of SAP users. It is no coincidence that roles and authorization issues are what many SAP customers find most frustrating.
Companies find themselves challenged again and again by the immense effort required to keep employee SAP authorizations up to date during day to day business. Our new SAST SUITE module, Self-Adjusting Authorizations, takes an intelligent approach to solving the most frequent problems: It removes unused transactions automatically, increasing both compliance security and protection against data misuse, in turn reducing administrative effort.
Security policies allow companies to ensure compliance with data integrity, secrecy, availability and authenticity. Such policies are constantly being updated and scaled to keep up with changes to ongoing operations. When additional policies are added in compliance with guidelines – for example a software update or a DSAG audit, the policy must be compared. To date, this has required checks by hand. Since the Release 5.0 SAST SUITE offers solution, providing automatic identification and adoption of deltas where policies differ.
Since the new General Data Protection Regulation (EU GDPR) is fully effective, companies must now face new challenges with respect to protecting personal data.
To meet the guidelines under the GDPR, we can help with two modules of SAST SUITE in particular: SAST HCM Read Access Monitoring and SAST Superuser Management.