It is well known that SAP systems present an attractive target for hackers and manipulators. After all, SAP systems gather all the sensitive company data in one place, making it all the more important to protect them against unauthorized access. In addition to conventional measures for improving SAP security and compliance, this includes extensive anti-virus protection adapted specifically to the requirements of SAP systems.
Threat Detection
The Buchbinder case: how incorrect configurations impact data security
On January 23, 2020, news broke on one of the biggest data leaks to date in Germany. Apparently, it was possible for anyone on the Internet to gain full access to the backup of the entire database of car rental company Buchbinder. The ramifications are difficult grasp.
Rethinking real-time monitoring for IT security with the Internet of Things
The Internet of Things (IoT) is both a blessing and a curse: While it offers tremendous potential benefits, it also fosters uncertainty when it comes to protecting these complex connections against unauthorized access. After all, as more things get connected to the Internet, the risk of hacker attacks also increases.
The most important elements of a Cybersecurity Strategy
SAP Security: five ways to make sure you’ll be hacked
(A guide of the less serious sort.)
Let’s be honest right off the bat: There’s a lot of hype in the media about IT security in general and SAP security in special these days. But is there really anything behind it? Those headlines about millions of data records going missing always affect someone else – whether it’s Equifax across the pond or the big tech companies that have been infiltrated by organized groups of Chinese hackers. It’s all alarmist nonsense!
Continue reading
SAP Security and Hosting: Hacking 40 SAP Systems in One Fell Swoop
In spite of the hype surrounding the cloud, the on-premise model in which customers run their own SAP software is still the norm. However, that doesn’t rule out a service provider handling part of the operations; indeed, hosting is a widely used model, particularly among SMEs. While the roles at hand are usually clearly assigned in a hosting model like this, the same unfortunately doesn’t always apply to SAP system security.
Cut down on critical SAP authorizations without interrupting operations
Companies that operate SAP systems are subject to an annual audit by an auditor. Often, SAP authorizations are also examined. The audits check for separation of duties (SoD) and critical authorizations, in particular where SAP Basis Administration is concerned. Read this blog to learn how you can quickly reduce critical SAP authorizations (auditor findings).
Step-by-step: Bring your SAP compliance to a brilliant finish
The IT compliance field poses a major challenge for SAP customers, and in particular, with regard to the compliance of SAP users. It is no coincidence that roles and authorization issues are what many SAP customers find most frustrating.
An example from practice: A holistic, professional approach to safeguarding SAP landscapes
Many companies work with internal solutions to safeguard their SAP landscapes. However, operating systems, databases and SAP systems, especially those at large companies or even international groups, can have very complex IT landscapes – and are often insufficiently protected against unauthorized attempts to access these landscapes. This used to be the situation at a leading global automotive supplier. Now, the company relies on SAST SUITE from AKQUINET to safeguard its SAP landscapes.
Audit or Penetration testing? Find your vulnerabilities before you get hurt!
To answer the question of which Security & Compliance check is right for you, we must first remember that the term “vulnerabilities” can refer to very different levels of your system landscape and thus refer to a number of attack vectors.
This ranges from system-side levels (e.g. operating system and network security) to the underlying database including the current parameterization of your SAP systems down to the authorizations required for operations and applications, including any SoD conflicts.
So, the first question is – how sure are you that you know where your vulnerabilities are? Continue reading