Standard SIEM monitoring is often insufficient to ensure SAP security, because the specific SAP logs and analyses can’t be interpreted and, consequently, attack patterns cannot be identified or recognized. Why this is the case, what companies can do to integrate SAP in their monitoring nonetheless, and why this end-to-end safeguarding can deliver additional benefits – our CTO Ralf Kempf explains it all in an article for it management magazine.
Data Loss Prevention – protect your sensitive data!
Sensitive enterprise data demands special protection. In addition to company-specific protection requirements, industry-specific specifications and legal regulations must also be observed. Minimizing the risk of losing critical data from SAP systems requires a variety of coordinated measures, collectively known as “data loss prevention”.
Trusted system relationships simplify the logon procedure for RFC communication – but how sensible and secure is their use?
The RFC (Remote Function Call) is the main SAP technology for exchanging data between SAP systems. In addition to standard RFC connections, it is also possible to configure trusted relationships. In our technology tip, find out when you should use trusted system relationships and how you can use them securely.
Knock, knock! What if a hacker has already broken in when your IT auditor is at the door?
The procedure is well-known at SMEs and large companies: Every year, the auditor comes around for the IT audit, which is carried out as part of the annual overall review. The general objective is to ensure the security and integrity of the audited system (usually the SAP system used for accounting) and to identify potential risks. A management letter then describes follow-up measures to mitigate these risks in future. But does this approach still make sense today?
Interview with Ralf Kempf and Norbert Klettner – Cybersecurity in logistics: Multinational attacks on the weakest links in the chain
How should companies in the port and transportation logistics sector tackle cybersecurity? Can smaller and midmarket companies even protect themselves against the growing threats? Our CTO Ralf Kempf and his colleague Norbert Klettner, Managing Director of AKQUINET PORT CONSULTING, were interviewed on this subject by DVZ, a German transportation newspaper.
Create and modify app catalogs easily – with SAP Fiori Launchpad Content Manager
More and more companies are electing to use Fiori apps to call specific transactions in addition to the SAP GUI. This requires configuration of specific authorizations, however, which are composed of catalogs and groups. But how can you reduce the multitude of standard SAP Fiori catalogs and groups that are provided and adapt them to your own scenarios?
New customer: TRR opts for SAST SUITE on the occasion of their upcoming S/4HANA conversion
We are very pleased to be able to support the Swedish foundation TRR with our software solutions in the future! The company is planning to migrate their classic SAP ERP systems to SAP S/4HANA within a time frame of 6-12 months. Our SAST SUITE can be used for both the old and the new SAP landscapes.
Security dashboards – Just a buzzword or a true help with the daily security routine?
Companies that use SAP software, as well as the German-speaking SAP User Group (DSAG), are demanding security dashboards to provide for greater transparency and indicate necessary activities. The most critical risks, however, are those that arise as a combination of other events, which are not critical in and of themselves. After all, even the best dashboards aren’t able to display this kind of unidentified security incident.
Practical tip: How you can avoid special roles and create new organizational levels in your SAP system based on an authorization field
In the standard SAP system, there are many authorization fields that are not declared as organizational levels, but instead characterized by special values. But the more authorization fields without organizational levels that contain organization-specific values like location or country, the larger the proportion of special roles grows.
However, to achieve the greatest possible transparency in role administration and avoid unnecessary authorizations – not least with system security in mind – the creation of additional special roles should be avoided wherever possible.
SAP compliance: the benefits of an automated audit rules at HellermannTyton
Wherever electricity is flowing through a cable or data is being transmitted over a fiber optics cable, HellermannTyton products are never far away. Over the last 85 years, the company has developed into a leading global provider of cable management solutions and is on track to continue this growth both nationally and internationally. This expansion is also reflected in its SAP systems and authorizations, which have grown alongside its success. Today, systems with this level of complexity are expected – internally and externally – to comply with strict requirements.