Taking the Taboo out of S_TABU Authorization Objects
SAP Authorization Objects for SAP NetWeaver AS ABAP technologies are not just blockers They are the ENABLER of access
Let’s be brutally honest: No one really cares about Vulnerability Management… Until someone is impacted by a vulnerability exploit! We are always personally affected when an exploit negatively influences our finances, privacy, jobs, careers, or even the size of our future paychecks.
Do you agree? You know you do! This is part of our DNA – It is called “self-preservation”.
When it comes to Vulnerability Management, how do we rise above our ‘Base Self’ and work together for the greater good of our families, our communities, our companies, and our countries?
By reading this far, I hope you agree that Vulnerability Management is a serious topic – And for businesses, it needs to be a defined budget item. Now, let’s tie this subject matter to the SAP systems that facilitate MOST of the supply chain and transactions in the global economies. When we combine these pivotal factors, we get what is called “SAPCyberSecurity”.
So, NOW WHAT?
Agreed. We cannot just highlight a problem and not present a way to solve the problem.
First, let’s define a couple of challenges. Then, we will lay out a framework for successfully managing the vulnerabilities in your SAP systems. Do these affirmations sound familiar to you?
These are all valid struggles and can be addressed through a framework that works for SAP Vulnerability Management. I recommend starting with the Cybersecurity Framework (CSF) from the USA National Institute of Standards (NIST).
The NIST CSF works through five phases of a cycle: Identify –> Protect –> Detect –> Respond –> Recover. Now with NIST CSF 2.0, we bring that cycle back to the core of Govern.
And yes, you need some tools that are already tuned to perform these steps: Let’s break it down for Vulnerability Management:
Think of “Identify” in two levels:
I recommend protecting on 2 fronts:
Both in the Vulnerabilities Scanning and in the Exploit Monitoring:
Through Vulnerability Remediation and Integration to SIEM partners:
Spans across your Risk Posture, Cyber Insurance, and Backup/Archive Strategies:
Operate from within a Risk Management team and utilize a vendor-provided best-of-breed solution:
Do you want to discuss setting up the SecurityBridge Platform as the primary Governance solution for Cybersecurity in your SAP environments? Follow us or just reach out – I am easy to find on Linkedin.
Posted by
Find recent Security Advisories for SAP©
Looking into securing your SAP landscape? This white-paper tells you the “Top Mistakes to Avoid in SAP Security“. Download it now.
SAP Authorization Objects for SAP NetWeaver AS ABAP technologies are not just blockers They are the ENABLER of access
SAP Security teams can kick start a comprehensive security platform and gain significant improvements already within a day What they need is a holistic platform
This article explores the differences between the 2 processes and how they can help bolster the security of SAP systems