As part of our “SAST DAYS” series, we regularly inform you about current developments and upcoming trends in the area of SAP Cyber Security & Access Governance and offer a forum for an active exchange.
This year, the events will take place live in Munich and Hanover. The event language is German.
Register now as a participant, as the places are limited as usual.
Pathlock’s Vice President of Product Strategy and Customer Experience, David Vincent, recently appeared on Security Guy TV to talk about how effective preventive controls and security measures at the data and transaction level play an important part in securing ERP systems. He also takes a deep dive into the important difference between data security and data privacy.
The fundamental question that many people ask before implementing SAP S/4HANA and deploying Fiori apps is “why?”. The option of using Fiori apps has been available for a while now, but the question as to why these new apps should be used usually doesn’t pop up until an SAP S/4HANA migration is planned.
SAST SOLUTIONS, your Hamburg-based specialist for SAP Security and Access Governance, is now part of the new Pathlock Group, a one-of-a-kind alliance of international providers of access governance and application security solutions. The alliance’s objective is to lift the understanding and scope of end-to-end security to a new level. Our CEO Bodo Kahl and CTO Ralf Kempf talk about the perspectives that will be opening up to SAST SOLUTIONS and its customers.
An end-to-end security strategy must also include regular checks, maintenance, and protection of authorizations, installations, and proprietary developments against internal and external threats – especially in an SAP landscape. But what roles do project organization and project management play when it comes to improving SAP security?
Data collection and the subsequent analyses are important, complex processes; it’s difficult to imagine modern business processes without data analytics. To address customers’ specific needs, customer data is analyzed, material inventories are recorded automatically, and entire work processes are scrutinized to squeeze out efficiency gains. Important data collection also takes place within the SAP landscape, for example, with SAP S/4HANA embedded analytics. The check logic in the authorizations deserves special attention here.
Every month, SAP publishes a collection of new and updated SAP Notes involving vulnerabilities in the SAP software on patch day. It’s a key date in the calendar for everyone concerned about security and the subsequent system patching is often very work-intensive and time-consuming. But where do the reports come from and how does SAP find out about them? Does the software vendor intentionally search for vulnerabilities to correct?
In its S/4HANA release, SAP follows a strategy of process simplification and greater usability, among others. At the technical level, new layers such as the SAP Fiori Front-end Server, SAP Fiori launchpad, and SAP Fiori apps were created. The authorizations of these objects require particular attention to avoid nasty surprises as the project progresses. One specific pitfall is the changed file structure on the new application server.
SAP offers a consolidated data object, the business partner, to simplify the management of sensitive master data for customers, suppliers, and employees. This simplification also poses dangers, however. Therefore, all companies that plan to migrate to SAP S/4HANA should familiarize themselves with the business partner concept ahead of time.
Last year came to a very pleasant end, as we won the award for “Top Identity and Access Management Solution Provider in Europe 2021”. The December issue of Enterprise Security Magazine reported extensively on our IAM solution and about the innovative features that make our software so unique. We interviewed Mr. Kempf to find out more about the software solution and the current technology trends.
