Relief for SAP SEC: Automated SAP Security Notes Handling and Management

SAP security advisories, including code correction downloads, have long been highly regarded by SAP users. What's more, they are simply on the mandatory to-do agenda in SAP Basis and SAP Infrastructure departments. SAP provides SEC notes once or twice a month. 

However, manual handling and management entail a number of challenges and a not inconsiderable amount of work. Essentially, the SEC notes with any code corrections have to be downloaded from SAP Marketplace. They must also be analyzed and verified according to priority or importance. And it must be determined which systems are affected by a code correction. In addition, it must be clarified which dependencies there may be with other SEC notes or whether an SEC note has already been imported. 

Planning and Operations

The automation specialist Empirius from Munich now provides a smart solution for this purpose, with which, according to the company, it is possible to implement practically all activities 100 percent automatically: from the automated checking and downloading of the SEC notes to numerous verifications of the security notices (also according to the CVSS score), the reconciliation of dependencies to a system-related import of the SEC notes including distribution to dedicated application systems.  

On top of that, "the software provides action instructions for SAP Basis based on the SAP SEC Notes of an individual SAP customer system landscape - with indications as to whether or not the respective SAP Basis or infrastructure department needs to take action due to a new SAP SEC Note," according to Empirius.

The automation specialist describes the benefits as "considerable", as the effort and manual activities involved in handling/managing SAP SEC Notes are "demonstrably drastically reduced". The company also cites increased security, proactive information and recommendations for action, increased transparency, better traceability and the existence of audit-proof documentation for the handling and management of SAP security notes.    

"SEC Notes" is an automation app of the SAP Basis system management suite EPOS (Empirius Planning and Operations Suite). Multiple apps or just a single one of currently ten of the automation suite can be used. The well-known Blue products from Empirius are also integrated in EPOS. For example, BlueCopy for the fully automated creation of SAP system copies or BlueClone for the provision of SAP sandboxes.