Why are SIEM tools blind to SAP? An interesting question, and not only for operators of critical infrastructure who are migrating to SAP S/4HANA.

Ralf Kempf (SAST SOLUTIONS)Cybersecurity is a hot topic right now: increasing numbers of external attacks on company networks during the pandemic and the further professionalization of the attackers have made it even more important. In recent months, we’ve been reading about attacks on companies almost every day, which have suffered consequences up to and including total shutdowns that lasted for days. What elements of SAP security have changed, for whom is Germany’s IT Security Act 2.0 relevant, how can you take this account during migration to SAP S/4HANA, and what can every company do to improve SAP security?

Continue reading

Think about updating your authorization roles in your SAP S/4HANA project!

SAP S/4HANA authorizations: brownfield or greenfieldMany companies are currently faced with the task of converting their SAP systems to SAP S/4HANA, because their ERP maintenance will be discontinued in the foreseeable future. Project planning usually only takes technical and organizational aspects into account, however; crucial security topics aren’t given enough priority. As a result, the implementation of the authorization concept and adaptation of the authorization roles often end up at the end of the line.

Continue reading

Role conversion is anything but child’s play – but you can still execute your SAP S/4HANA authorization projects quickly and securely

Roozbeh Noori-Amoli (SAST SOLUTIONS)A survey was conducted during an ITOK expert talk on the greatest challenges for SAP security in March. It revealed that over half the participants see such challenges in the area of roles and authorizations. The integration of the authorization concept represents one of the core activities during SAP S/4HANA implementation and is a frequent reason for the failure of such projects as a whole. But how can you handle conflicts like resource bottlenecks, shifting priorities for subprojects, changes to tasks, and testing?

Continue reading

Spaces and pages – A new approach to visualizing apps in SAP Fiori launchpad

SAST Blog: Spaces and pages – A new approach to visualizing apps in SAP Fiori launchpadThe SAP Fiori user interface is gaining in importance in current SAP S/4HANA projects. SAP applications become experiences, usability is enhanced, and the use of apps enables device-independent access – anytime and anywhere. Spaces and pages, the new way of visualizing apps in SAP Fiori Launchpad, deliver several key benefits. But how can you activate spaces and pages and what effects does this new approach have on authorization roles?

Continue reading

Get your SAP S/4HANA migration into high gear with a sound security strategy

SAST Blog: Get your SAP S/4HANA migration into high gear with a sound security strategy.Seize the opportunity to take your SAP S/4HANA migration to a new level with a cleanly designed, holistically planned security and compliance strategy. After all, having structured plans from the start will reduce the workload in the long term. That’s why you should ultimately see this challenge as an opportunity as well: to improve the security of your SAP systems, streamline your role concepts, and enable use of the new system with all its benefits.

Continue reading

Comprehensive SAP S/4HANA security strategy reduces additional downstream costs

Expert talk of IT-Onlinemagazin with SASTSchott AG is considering its SAP S/4HANA transformation from all aspects, from code and processes, down to authorizations for its SAP S/4HANA migration.

In this interview, Thomas Frey (SAP Authorizations Consultant, SAST SOLUTIONS) explains the requirements you need to keep track of when rolling out SAP S/4HANA – and what you must avoid at all costs.

Continue reading

Takeda trusts in the SAST SUITE to reduce SoD conflicts in their heterogeneous SAP landscape

AST Blog: Takeda trusts in the SAST SUITE to reduce SoD conflicts in their heterogeneous SAP landscapeTakeda, Japan’s largest pharmaceuticals company, manages its business processes in a global, heterogeneous IT landscape. From SAP ERP to SAP Cloud applications, employees work at a variety of levels, depending on their involvement in processes, and therefore need access to a number of systems. As a result, the company has to constantly review conflicting authorizations to meet strict compliance requirements, such as segregation of duties (SoD). Most standard software solutions on the market only monitor SoD conflicts and risks in a single system, however, which led the company to search for an end-to-end solution.

Continue reading