The global and independent platform for the SAP community.
Community News, MAG 24-07 / 08

Principles for SAP Security

Swiss SAP experts from Itesys share tips on how to close security gaps in SAP landscapes. This includes regularly checking authorizations such as user rights and their roles.
E3 Magazine
July 4, 2024
Content:
avatar
This text has been automatically translated from German to English.

What can and should existing SAP customers do to close the gaps in SAP security? Swiss SAP experts from Itesys share tips for a secure SAP landscape: To protect them effectively, existing SAP customers should assume that the attacker has already successfully penetrated, whether from inside or outside. The right starting point for increasing the level of security in SAP landscapes is the zero-trust approach. If the attacker is always already in the system, you can't trust anyone or anything and have to verify everyone and everything.

In order to develop an effective security concept based on the Zero Trust approach, existing SAP customers should be guided by the following principles: Secure authentication should be enforced always and everywhere and all communication should be secured. In addition, authorizations should only be granted to the extent that users need them to be able to do exactly what they are supposed to do, but no more. It is also important that it is clear and verifiable at all times who makes changes to the settings and which ones; all of this must be logged accordingly. Zero trust means permanent mistrust, which is why user rights and their roles, transactions, services etc. are checked regularly.

Stefan Dunsch, Head of Cloud Competence Center at ltesys, spoke about security as well as SolMan and ALM at the Customer Competence Center Summit 2024 in Salzburg.

It is also important to note that the entire IT stack, from the hardware and operating system to databases and SAP applications, must always be kept up to date; accordingly, SAP customers should regularly evaluate and install security updates once they have been announced. Furthermore, the IT landscape should be able to compensate for partial failures, for example by segmenting the network and securing it with its own guidelines and measures, or by regularly practicing the recovery of services. These principles form the basis of any effective zero-trust architecture that existing SAP customers and partners can implement with the help of suitable tools and processes.

itesys.expert

To the partner entry:

Write a comment

Round Table: Suite for Finance from Workday

The best way for a successful IT transformation

Successful IT Transformation

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork. All information about the event can be found here:

SAP Competence Center Summit 2024

Venue

Event Room, FourSide Hotel Salzburg,
At the exhibition center 2,
A-5020 Salzburg

Event date

June 5 and 6, 2024

Regular ticket:

€ 590 excl. VAT

Venue

Event Room, Hotel Hilton Heidelberg,
Kurfürstenanlage 1,
69115 Heidelberg

Event date

28 and 29 February 2024

Tickets

Regular ticket
EUR 590 excl. VAT
The organizer is the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes the attendance of all lectures of the Steampunk and BTP Summit 2024, the visit of the exhibition area, the participation in the evening event as well as the catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due time.