Seize the opportunity to take your SAP S/4HANA migration to a new level with a cleanly designed, holistically planned security and compliance strategy. After all, having structured plans from the start will reduce the workload in the long term. That’s why you should ultimately see this challenge as an opportunity as well: to improve the security of your SAP systems, streamline your role concepts, and enable use of the new system with all its benefits.
SAP Security
Comprehensive SAP S/4HANA security strategy reduces additional downstream costs
Schott AG is considering its SAP S/4HANA transformation from all aspects, from code and processes, down to authorizations for its SAP S/4HANA migration.
In this interview, Thomas Frey (SAP Authorizations Consultant, SAST SOLUTIONS) explains the requirements you need to keep track of when rolling out SAP S/4HANA – and what you must avoid at all costs.
Secure your SAP systems worldwide: Best practice recommendations for successful national and international rollouts with the SAST SUITE
Companies all over the world rely on SAP as their central enterprise software suite. That’s why it’s becoming ever more important for them to protect these SAP systems, along with the enterprise values they contain, with a professional cybersecurity and access governance strategy. Many international companies already trust the SAST SUITE to help them manage their international rollouts, and for good reason.
Role adjustments for technical SAP users – how to handle authorizations safely and effectively
Technical SAP users that have extensive authorizations like SAP_ALL pose a heightened security risk. Vulnerabilities can endanger interfaces and paralyze processes. As such, external auditors are intensifying their focus on authorization management. One of our customers – a company in the energy sector – recently faced the challenge of having to restrict the authorizations of its technical users (batch processing/RFC interfaces).
Act immediately to remedy the Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Knowledge Management!
Information just now officially provided as part of the November SAP Patchday describes a new critical vulnerability: The SAP Security Note 2928635 (CVE-2020-6284) is a Cross-Site Scripting vulnerability (XSS) in SAP NetWeaver Knowledge Management. Act now to close the loophole!
Interview with Ralf Kempf: Secure transformation to SAP S/4HANA
Ralf Kempf, CTO SAST SOLUTIONS, and his team have already guided many enterprises through their migration to SAP S/4HANA. He talked about his recipes for success in an interview with Ulrich Parthier, publisher of it management magazine.
Excerpts from the interview are provided below.
The importance of reliably monitoring transactions in SAP systems
SAP systems contain numerous transactions that enable applications to be accessed quickly. However, transactions can also be used to access sensitive business processes and confidential information. This is why events relevant to security have to be filtered out of a sea of data and placed in the proper context. This means that in order to evaluate and analyze conspicuous events, intelligent management is required.
Adapting authorization management in a central hub SAP S/4HANA system – save valuable time with the right strategy and the right administration tool
When setting up an SAP S/4HANA system landscape, you have the option of establishing a front-end system as the central, superordinate system that accesses different back-end systems. To do this, you have to consider and logically design many factors in advance. In addition to the technical prerequisites, the role and authorization concepts have to be revised. But how can you adapt authorization management in an SAP S/4HANA system with little effort?
With the SAST SUITE again at the top of the KuppingerCole Leadership Compass
SAST SUITE by akquinet AG scores again: The KuppingerCole analysts rates us in Leadership Compass for „Access Control Tools for SAP environments“ as international leader in three categories:
Product, Innovation and Overall Leadership.
Read more about this in the report (chargeable): https://t1p.de/ivp51
Vulnerability Scan, Audit, or Penetration Test: Find the right method for identifying vulnerabilities.
There are many methods for assessing the risk potential of SAP landscapes and identifying potential vulnerabilities, so it isn’t always easy to keep track of all the alternatives. Options range from vulnerability scans to audits and penetration tests. But which approach is the right one for identifying vulnerabilities depends entirely on your individual requirements.