Security policies allow companies to ensure compliance with data integrity, secrecy, availability and authenticity. Such policies are constantly being updated and scaled to keep up with changes to ongoing operations. When additional policies are added in compliance with guidelines – for example a software update or a DSAG audit, the policy must be compared. To date, this has required checks by hand. Since the Release 5.0 SAST SUITE offers solution, providing automatic identification and adoption of deltas where policies differ.
Status quo: No automatic policy sync
Until now, it was not possible to automate the comparison of security policies within the SAST SUITE. Previously, for example, an update to akquinet standard policy and the subsequent update to customer policies meant manual rather than automated checks and updates were required to identify and adopt any delta checks. Each time, the new akquinet policy had to be copied into the customer namespace and all unnecessary checks had to be deactivated yet again.
Automated adoption into customer-specific policies
As from SAST Release 5.0, all deltas between two or more security policies are now determined and reported by SAST automatically. At the click of a button, any deltas following an update to the akquinet standard policy are transferred to the customer’s policy. A knock-on effect is a boost in transparency with respect to existing differences between policies: The risk of losing or overwriting customer-specific changes or enhancements is nearly impossible.
Logging uploads and downloads
Another feature available starting with SAST Release 5.0 logs uploads, downloads, and the central distribution of security policies and SAST content. This additionally enhances traceability and enables these activities in the system to be documented with full audit security.
Are you interested in more information about the SAST SOLUTIONS? Or do you have questions about our different modules? Then check out our website and send us an e-mail at knowhow@akquinet.de
Verena Köhler,
SAP Authorization Consulting, AKQUINET