To secure and encrypt customer networks, SAP offers the SNC (Secure Network Communications) interface with which users can log in to SAP systems without having to enter a user name or password. In the standard system, SAP login credentials are transmitted in clear text. The SNC interface routes calls through the SAP Cryptographic Library, to encrypt all communications between the SAP GUI and the SAP server. This enables secure individual logins for SAP.
GRC
SAP S/4HANA: How to ensure a secure S/4HANA migration
Structured security planning and streamlined authorizations are just two elements of protecting SAP systems against cyberattacks and manipulation. In this interview, Ralf Kempf (CTO SAST SOLUTIONS at akquinet AG) talks about the pitfalls to avoid during an SAP S/4HANA migration and what you can do to use SAP S/4HANA securely.
SAP Security: five ways to make sure you’ll be hacked
(A guide of the less serious sort.)
Let’s be honest right off the bat: There’s a lot of hype in the media about IT security in general and SAP security in special these days. But is there really anything behind it? Those headlines about millions of data records going missing always affect someone else – whether it’s Equifax across the pond or the big tech companies that have been infiltrated by organized groups of Chinese hackers. It’s all alarmist nonsense!
Continue reading
SAP Cloud: Mapping out a successful transition
SAP is planning to move all its customers to cloud systems. Its software is used by most midsize and larger companies in the German-speaking countries, including around half of all the businesses in Germany alone. Making the transition requires solid planning and entails a tremendous amount of organizational effort on the part of IT managers.
SAP Security & Compliance: “Customers need Solution Providers.”
Started with two modules in 2006, the SAST SOLUTIONS portfolio now comprises a comprehensive combination of software, consulting and service, and offers a holistic solution for safeguarding SAP systems. In this interview, Managing Director Bodo Kahl talks about the topics that concern himself as well as the entire industry, and describes the qualities that characterize a good service provider for SAP security and compliance today.
SAP Security & Compliance: Challenges in the Context of S/4HANA, Code Security, and the Cloud
They say that major events cast a shadow that portends their arrival. In SAP environments, this applies in particular to the transition to S/4HANA, which companies will need to make before maintenance for SAP ERP expires in 2025.
As we covered this pending migration from various perspectives at our SAST DAYS 2019 event, interest in the topics of authorizations and code security was especially high. Let’s take a look back at those exciting days, which presented a balanced mix of current challenges and assorted solutions.
Achieving effective IT risk management with dynamic mitigation groups
Holistic, effective risk management in IT will help you make sounder decisions faster and present tremendous potential for value creation throughout your company. In practice, however, we continue to witness a lack of measures appropriate for identifying dangers early on. IT risk management is too often understood as a reactive process.
Central license management: the fast lane to security with SAST
Did you know that you can distribute licenses easily and automatically via RFC starting from SAST SUITE Release 5.0?
Self-Adjusting Authorizations: SAST SOLUTIONS’s new tool intelligently slims down SAP roles
Companies find themselves challenged again and again by the immense effort required to keep employee SAP authorizations up to date during day to day business. Our new SAST SUITE module, Self-Adjusting Authorizations, takes an intelligent approach to solving the most frequent problems: It removes unused transactions automatically, increasing both compliance security and protection against data misuse, in turn reducing administrative effort.
Code injection by logical databases
Logical databases were once very popular. Complex selections were relatively easy to portray and effort-intensive reports were unnecessary. Users also appreciated the way dynamic selection worked, which encouraged developers to use the technique more and more. Starting from Version 7.50, SAP has now declared logical databases obsolete. Consequently, it advised against creating new logical databases, but allowed the old ones to continue as if nothing had happened. This, however, is a security risk that could impact any report.