The global and independent platform for the SAP community.

After the Test is the Same as Before the Test

Every year, as every SAP and security manager knows, the auditor's audit is due. And yet there is often uncertainty about the current risk situation of SAP systems.
SAST SOLUTIONS
February 17, 2022
Content:
avatar
This text has been automatically translated from German to English.

SAP authorization concepts are subject to constant change. This is precisely why authorizations such as "SAP_ALL" or the protection of SAP standard users, but also SoD risks (Segregation of Duties), are checked anew by auditors every year. The list of necessary measures is long, from applying security patches to controlling and reducing critical authorizations.

Often, security specialists such as Sast Solutions are then hired at short notice to ensure that the finding list from last year's auditor's audit is
has been thoroughly processed and that no serious risks have been added since the cleanup, whether debug and replace, deletion of change documents or start of all reports for individual critical authorizations. One reason for these ad hoc orders is that, due to a lack of resources in the meantime, there was no follow-up review of the cleanups after the previous audit.

If one restricts oneself to this reactive procedure, the annual cycle is programmed. If all old findings have just been eliminated or mitigated before the next audit, the auditor will not only test them, but of course also perform further audits, create a new finding list - and the game starts all over again.

To prevent damage in the short term, a point-in-time action is therefore necessary, but not promising. The compliance status of the system immediately deteriorates again due to the assignment of new authorizations, and creeping back in is not proactively prevented. New risks are often not identified during the course of the year, but only when the next audit is due. Thus, there is no continuous work on improving the situation, nor is there permanent risk control. This is because each audit is only a snapshot. A finding list always shows only a small section of the risks in an SAP system.

The solution to this problem is relatively simple: don't wait until the next audit, but become aware of your own vulnerabilities now. This is the only way to ensure the security of SAP systems throughout the year and maintain a rapid response capability in the event of anomalies. The easiest and most thorough way to do this is to use a tool-based, holistic solution for SAP threat detection and access governance such as Sast Suite. This not only takes care of comprehensive real-time monitoring, but also integrates cyclical checks up to the creation of an audit plan with its own policy for the auditor's finding list.

https://e3mag.com/partners/sast-solutions-ag/
avatar
SAST SOLUTIONS

SAST SOLUTIONS portfolio protects SAP ERP and S/4HANA systems - thanks to in-house developed software suite, consulting services and managed services


Write a comment

Work on SAP Basis is crucial for successful S/4 conversion. This gives the so-called Competence Center strategic importance among SAP's existing customers. Regardless of the operating model of an S/4 Hana, topics such as automation, monitoring, security, application lifecycle management, and data management are the basis for the operative S/4 operation. For the second time already, E3 Magazine is hosting a summit in Salzburg for the SAP community to get comprehensive information on all aspects of S/4 Hana groundwork. With an exhibition, expert presentations, and plenty to talk about, we again expect numerous existing customers, partners, and experts in Salzburg. E3 Magazine invites you to Salzburg for learning and exchange of ideas on June 5 and 6, 2024.

Venue

Event Room, FourSide Hotel Salzburg,
At the exhibition center 2,
A-5020 Salzburg

Event date

June 5 and 6, 2024

Tickets

Early Bird Ticket - Available until 29.03.2024
EUR 440 excl. VAT
Regular ticket
EUR 590 excl. VAT

Secure your Early Bird ticket now!

Venue

Event Room, Hotel Hilton Heidelberg,
Kurfürstenanlage 1,
69115 Heidelberg

Event date

28 and 29 February 2024

Tickets

Regular ticket
EUR 590 excl. VAT
The organizer is the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes the attendance of all lectures of the Steampunk and BTP Summit 2024, the visit of the exhibition area, the participation in the evening event as well as the catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due time.