General Data Protection Regulation (GDPR) – Ensure compliance with SAST SUITE

sast superuser management-data protectionSince the General Data Protection Regulation (GDPR) is fully effective, companies must now face new challenges with respect to protecting personal data.

To meet the guidelines under the GDPR, we can help with two modules of SAST SUITE in particular: SAST HCM Read Access Monitoring and SAST Superuser Management.

SAST HCM Read Access Monitoring logs critical display activities in HR (display HR infotypes, HR reports, HR tables and HR queries), ensuring data integrity. Adding to this, the SAST Superuser Management module proactively secures your sensitive data by mapping the end-to-end superuser process, checking all privileged access attempts in real-time and documents all related activities will full audit security.

Use AKQUINET emergency user management to ensure that authorized access to personal data is transparent to all departments and guarantee compliance with the following functions:

  • audit-compliant system access for defined emergency users.
  • reduce the number of user IDs with SAP_ALL rights by assigning these only to a few special emergency users.
  • restrict access to sensitive business data to privileged users only.
  • use an SAP approval workflow.
  • Monitor the use of emergency user IDs:
    • create a log of all activities of the emergency users.
    • check/approve the log with an auditor.

Proactive protection of sensitive data

The advantage of the two modules is that you can use them both locally and centrally, as well as independently of each other. Take advantage of SAST Superuser Management and HCM Read Access Monitoring in either ERP or in HR or BW systems. At the same time, you can also install them in SAP Solution Manager, leveraging this as a central “fall-back platform” for the emergency user process. This allows the change and display activities related to personal data to be monitored across all systems and be approved there via audit logs. This makes undiscovered manipulation and unauthorized access attempts impossible from the get-go and means that proactive protection of sensitive data is a given with these two modules, while also guaranteeing data integrity and data confidentiality.

Enhancement: SAST Release 5.0

The current SAST Release 5.0 now also optimizes centralized management of audit logging. Previously, trusted RFC connections had to be defined for all connected systems. In addition, further Basis resources were needed as setting up these connections requires comprehensive Basis expertise. As from the last release, all audit logs can now be sent from the satellite system to the central system automatically. This eliminates the effort previously needed to set up the trusted RFC connections. Now it’s easy: Set a flag in SAST setup in all local systems and define the RFC connection of the central system.
sast data protection
Do you have questions about our SAST SUITE modules? Get in touch with us today:

For more information on the GDPR and concrete tips, read the interview given by Michael Müllner, Head of Security & Compliance at AKQUINET.

kohler-verena akquinet
Verena Köhler, Authorization Consulting, AKQUINET