The importance of reliably monitoring transactions in SAP systems

SAST Blog: The importance of reliably monitoring transactions in SAP systemsSAP systems contain numerous transactions that enable applications to be accessed quickly. However, transactions can also be used to access sensitive business processes and confidential information. This is why events relevant to security have to be filtered out of a sea of data and placed in the proper context. This means that in order to evaluate and analyze conspicuous events, intelligent management is required. 

Continue reading

How to plan and carry out your SAP System Audit with SAST Risk and Compliance Management

SAST Blog: How to Plan and Carry Out Your SAP System Audit with SAST Risk and Compliance ManagementThe complexity of SAP systems often makes it difficult for administrators to keep track of all their facets. How can an SAP system audit be planned constructively, for example? The SAST SUITE gives you sophisticated analysis methods to identify vulnerabilities quickly, before they can be exploited. The SAST SUITE also offers a wide variety of functions for analyzing and increasing the security of your SAP systems.

Continue reading

Self-Adjusting Authorizations: SAST’s new tool intelligently slims down SAP roles

SAST-SUITE_Self-Adjusting AuthorizationsCompanies find themselves challenged again and again by the immense effort required to keep employee SAP authorizations up to date during day to day business. Our new SAST SUITE module, Self-Adjusting Authorizations, takes an intelligent approach to solving the most frequent problems: It removes unused transactions automatically, increasing both compliance security and protection against data misuse, in turn reducing administrative effort.

Continue reading

Code injection by logical databases

SAST Code Security AdvisorLogical databases were once very popular. Complex selections were relatively easy to portray and effort-intensive reports were unnecessary. Users also appreciated the way dynamic selection worked, which encouraged developers to use the technique more and more. Starting from Version 7.50, SAP has now declared logical databases obsolete. Consequently, it advised against creating new logical databases, but allowed the old ones to continue as if nothing had happened. This, however, is a security risk that could impact any report.

Continue reading

SAST Security Policies: Automation and more transparency thanks to new update features

SAST Security PolicySecurity policies allow companies to ensure compliance with data integrity, secrecy, availability and authenticity. Such policies are constantly being updated and scaled to keep up with changes to ongoing operations. When additional policies are added in compliance with guidelines – for example a software update or a DSAG audit, the policy must be compared. To date, this has required checks by hand. Since the Release 5.0 SAST SUITE offers solution, providing automatic identification and adoption of deltas where policies differ.

Continue reading

General Data Protection Regulation – is your protection in place?

iStock-534223551The EU General Data Protection Regulation (EU GDPR) takes effect on May 25, 2018, and hardly a day goes by without some news about it – and that’s the way it should be! As demonstrated by a DSAG member survey of SAP users just a few weeks ago, only just over half of all the companies (53%) have a roadmap. To say nothing of full implementation of the new requirements.

Michael Muellner, Head of Security & Compliance at AKQUINET, discusses helps to make this topic accessible to you by building a bridge from the statutory requirements to steps in operations and concrete tips.

 

Continue reading

This is how to ensure a smooth migration of your SAP authorizations while simultaneously reducing your security risks

Motiv_es_SAST-SGM_72dpi_1612One of the biggest challenges that any customer faces when migrating or redesigning their SAP authorizations is ensuring the continuity of their normal business operations. As a result, IT units are often wary of curtailing user rights – so as to avoid conflicts with business departments that would result from increased testing workloads or more frequent error messages.

With SAST Safe Go-Live Management, these problems are now a thing of the past.

Continue reading