PASàPAS will continue to leverage and install the SecurityBridge platform for SAP to help more SME organizations understand and mitigate SAP Security risks.
- July 7, 2020
Ensuring SAP compliance
In information technology, compliance and security are inseparable. In SAP systems, this becomes even more obvious. ERP systems often hold the most valuable corporate data, and for that reason, they are also the subject of regular SAP audits, where compliance to several regulations, such as SOX or GDPR, are validated. These regulations, in turn, require having processes in place to secure the valuable data.
The Relationship between SAP Security and Compliance
With SAP systems, this relatively simple relationship between compliance and security becomes a little bit more complicated, for several reasons. Firstly, in order to comply to standards such as SOX or GDPR, it’s necessary to establish the correct values for related settings. This is quite a challenge with an SAP system with thousands of possible setting values. Secondly, most companies need to comply to several regulatory compliance standards, and these sometimes require different measures within the same domain. Take SOX and GDPR, for example. SOX asks for processes in place to secure data. This is like GDPR, with one big difference: GDPR also specifies that in the event of a data breach, authorities must be notified within 72 hours. Thirdly, there is a large overlap between SAP security and SAP compliance. A combination of several authorizations within an SAP system, for example, might be a violation of the segregation of duties (SoD) principle. At the same time, it might be a critical authorization which endangers the security of an SAP system.
Using security to comply to standards
There are many SAP compliance checklists out there which can be used in an SAP audit situation. However, just using an SAP compliance checklist will not change the fact that an SAP audit is still an effort. Some SAP customers report that when an SAP audit is done, they go right into preparation for the following SAP audit. As with security, the key to avoiding those situations is automation.
SecurityBridge is a modern SAP Security Platform, natively build in SAP. It uses an ABAP based Intrusion Detection System (IDS) to guard your SAP landscape 24/7. Its frontend is build with Fiori, which provides you an intelligent insight on the security posture of your ABAP, Java and HANA based systems.
A good illustration for the benefits of automation is the audit guideline from the German SAP User Group (DSAG). This guideline represents a valuable compliance checklist for SAP systems. Manually validating all 250+ checks contained in this guideline takes time. However, solutions such as SecurityBridge, are preconfigured with all the checks from the guideline. Therefore, customers can prepare, execute, and hand over their reports to the auditor simply and quickly.
Additionally, SecurityBridge provides more out-of-the-box benefits. Take GDPR example from above. Studies show that on average it takes weeks, even months, to discover an actual data breach. This conflicts with the requirement of GDPR to notify authorities within 72 hours. SecurityBridge provides real-time monitoring and detection of anomalies. This ensures not only compliance to GDPR, it also improves the sleep quality for those responsible, usually the CISO, CFO and CEO – knowing that their valuable data is being continually watched.
Find recent Security Advisories for SAP©
Looking into securing your SAP landscape? This white-paper tells you the “Top Mistakes to Avoid in SAP Security“. Download it now.
Events
Alles verändert sich, nichts bleibt wie es ist, die heutige Zeit setzt Flexibilität voraus. Entsprechend wandelbar präsentieren sich DSAG, SAP und das gesamte Ökosystem.
Diese Wandlungsfähigkeit steht auch im Fokus des DSAG-Jahreskongress 2023 vom 19.-21. September 2023 in Bremen.
Unter dem Motto „Wunderbar wandelbar – Gemeinsam neue Perspektiven schaffen“ freut sich die DSAG wieder darauf, mehr als 5.000 Teilnehmende zu begrüßen. Wagen Sie gemeinsam mit der Interessenvertretung den Blick durch das Kaleidoskop und finden Sie den richtigen Dreh, um zu neuen Blickwinkeln zu gelangen und Veränderungen zu gestalten.
SAP Security Patch Day
Today is another SAP Security Patch Day. In May 2023, the SAP Response Team released 20 SAP Security Notes, including Evergreen 2622660 Security updates for the browser control Google Chromium delivered with SAP Business Client with HotNews priority. Besides two updated Notes, SAP Security Patch Day May 2023, contains 18 new security updates for the vast SAP Product portfolio while the majority relates to SAP Business Objects.
SAP Vulnerability
SAP developers know that ABAP/4 (Advanced Business Application Programming) is not immune to security vulnerabilities like any other programming language. One significant security risk associated with SAP ABAP is directory traversal vulnerability.
In this blog post, we will discuss what a directory traversal vulnerability is, why it is a problem for SAP customers, how it can be exploited, and what measures to take to prevent it.
