SAP applications contain large amounts of sensitive data. From protected personal information to privileged financial data, this data always harbors risks that companies must deal with, because SAP ERP does not have any built-in masking functions for custom-tailored anonymization in views. As such, the unchecked disclosure of data represents a potential leak, opening up a huge target for potential exploitation. Although add-ons and solutions from SAP and third parties are available to tackle this problem, significant challenges still remain. This is where the concept of attribute-based data masking comes in.
At the DSAG Technology Days in Early May, the Vulnerability Management Working Group renewed its demand for a security dashboard, which SAP announced many years ago. In light of the current threat situation, it is advisable to stop waiting for it, particularly since good solutions from security specialists have become available in the interim, which also optimize the integration of SAP security with the overall enterprise security architecture. When it comes to end-to-end IT security, it is worthwhile to take a look at the operators of critical infrastructure (CIP) and the new German IT Security Act 2.0 (ITSA 2.0).
Transports are an essential part of an SAP environment. They are used to transfer changes from one system to another, to implement new functions, to perform updates, and to install third-party applications. Change management in SAP is inconceivable without transports. Yet how can they be checked for security risks?
In the current Digital Defense Report, Brad Smith, President of Microsoft, called for international collaboration and coalitions for a “new form of collective defense” as a comprehensive strategy against the full spectrum of destructive cyberattacks, espionage, and interference. One of the first and largest of these cyber warfare initiatives is the Pathlock Group, formed from seven leading IT security firms and now the global market leader in access orchestration and application security for mission-critical applications. One of these firms is the Hamburg-based SAST SOLUTIONS, an IT security specialist.
Pathlock’s Vice President of Product Strategy and Customer Experience, David Vincent, recently appeared on Security Guy TV to talk about how effective preventive controls and security measures at the data and transaction level play an important part in securing ERP systems. He also takes a deep dive into the important difference between data security and data privacy.
SAST SOLUTIONS, your Hamburg-based specialist for SAP Security and Access Governance, is now part of the new Pathlock Group, a one-of-a-kind alliance of international providers of access governance and application security solutions. The alliance’s objective is to lift the understanding and scope of end-to-end security to a new level. Our CEO Bodo Kahl and CTO Ralf Kempf talk about the perspectives that will be opening up to SAST SOLUTIONS and its customers.
A major security vulnerability, which has been assigned a top severity rating, threatens SAP ERP 6.0, S/4HANA, NetWeaver, and Web Dispatcher, among others. The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has issued an alert warning of potential attacks on SAP products. Patch your SAP systems IMMEDIATELY!
Cybersecurity is a hot topic right now: increasing numbers of external attacks on company networks during the pandemic and the further professionalization of the attackers have made it even more important. In recent months, we’ve been reading about attacks on companies almost every day, which have suffered consequences up to and including total shutdowns that lasted for days. What elements of SAP security have changed, for whom is Germany’s IT Security Act 2.0 relevant, how can you take this account during migration to SAP S/4HANA, and what can every company do to improve SAP security?
Do companies need a comprehensive security strategy for their SAP systems? The objective should be the integration into the bigger picture. Due to the lack of structures for overall security, however, security measures on a smaller scale are frequently omitted. It is therefore necessary to optimize internal control systems and – particularly for securing SAP systems – and to establish comprehensive monitoring. Learn more open the interplay of point in time and time frame of the security monitoring.
Once a year, as every SAP administrator and security manager knows, the annual external audit is a given. Despite this, the current risk situation of the SAP systems is often uncertain. Have all the vulnerabilities from the last audit really been taken care of? Have new risks arisen in the meantime? If you don’t take active countermeasures, you might end up in the same situation again and again.