Ensuring SAP compliance

In information technology, compliance and security are inseparable. In SAP systems, this becomes even more obvious. ERP systems often hold the most valuable corporate data, and for that reason, they are also the subject of regular SAP audits, where compliance to several regulations, such as SOX or GDPR, are validated. These regulations, in turn, require having processes in place to secure the valuable data.

With SAP systems, this relatively simple relationship between compliance and security becomes a little bit more complicated, for several reasons. Firstly, in order to comply to standards such as SOX or GDPR, it’s necessary to establish the correct values for related settings. This is quite a challenge with an SAP system with thousands of possible setting values. Secondly, most companies need to comply to several regulatory compliance standards, and these sometimes require different measures within the same domain. Take SOX and GDPR, for example. SOX asks for processes in place to secure data. This is like GDPR, with one big difference: GDPR also specifies that in the event of a data breach, authorities must be notified within 72 hours. Thirdly, there is a large overlap between SAP security and SAP compliance. A combination of several authorizations within an SAP system, for example, might be a violation of the segregation of duties (SoD) principle. At the same time, it might be a critical authorization which endangers the security of an SAP system.

Using security to comply to standards

There are many SAP compliance checklists out there which can be used in an SAP audit situation. However, just using an SAP compliance checklist will not change the fact that an SAP audit is still an effort. Some SAP customers report that when an SAP audit is done, they go right into preparation for the following SAP audit. As with security, the key to avoiding those situations is automation.

SecurityBridge is a modern SAP Security Platform, natively build in SAP.  It uses an ABAP based Intrusion Detection System (IDS) to guard your SAP landscape 24/7. Its frontend is build with Fiori, which provides you an intelligent insight on the security posture of your ABAP, Java and HANA based systems.

A good illustration for the benefits of automation is the audit guideline from the German SAP User Group (DSAG). This guideline represents a valuable compliance checklist for SAP systems. Manually validating all 250+ checks contained in this guideline takes time. However, solutions such as SecurityBridge, are preconfigured with all the checks from the guideline. Therefore, customers can prepare, execute, and hand over their reports to the auditor simply and quickly.

Additionally, SecurityBridge provides more out-of-the-box benefits. Take GDPR example from above. Studies show that on average it takes weeks, even months, to discover an actual data breach. This conflicts with the requirement of GDPR to notify authorities within 72 hours. SecurityBridge provides real-time monitoring and detection of anomalies. This ensures not only compliance to GDPR, it also improves the sleep quality for those responsible, usually the CISO, CFO and CEO – knowing that their valuable data is being continually watched.

Posted by

Marketing Dept.
Share on linkedin
Share on twitter
Share on email
Find recent Security Advisories for SAP©

Looking into securing your SAP landscape? This white-paper tells you the “Top Mistakes to Avoid in SAP Security“. Download it now.

SAP Patchday
On Tuesday the 11th May the SAP Response Teams has published the monthly security corrections. This month has seen a total of 11 corrections, while 6 new issues have been addressed. There were 5 updates to previously released Patch Day Security Notes.
Join experts from Fortinet and SecurityBridge to learn how speed-to-security and adequate response capabilities can become key actions in your defense again SAP cyber-attacks.
In this article, we want to share our thoughts on the meaning of cross-layered detection and response and elaborate on why we think it’s an important step to maturity for IT-Security.
SAP Patchday
13th April 2021 was yet another Patch Day on our SAP calendar. This months' SAP Security Patch Day revealed 14 new and 5 updated Security Notes.