What is SAP Security?
SAP Systems contain very sensitive and confidential data of their clientele and businesses. Hence, there is a need for a regular audit of an SAP computer system to check its security and data integrity.
For instance, an employee in a warehouse who is responsible for creating a purchase order shall not approve a rightful purchase order or otherwise he may create and approve as many purchase order without any use.
In such scenario, the purchase order approval should be controlled by a higher authority which is a standard security feature.
Protecting the SAP data and applications from unauthorized use and access is called SAP security. To protect these data’s SAP offers different measures for security check.
Security Concepts for SAP
- STAD Data
Transaction codes are the front door to get the access to SAP’s functionality. STAD data provide security against unauthorized transaction access. Does it keep a record of information like who accessed certain critical functionality? And when? STAD data can be used to monitor, analyze, audit and maintain the security concept.
- SAP Cryptographic library
SAP Cryptographic Library is the default encryption product delivery by SAP. It is used for providing Secure Network Communication (SNC) between various SAP server components. For front-end components, you need to buy an SNC certified partner product.
- Internet Transaction Server (ITS) Security
To make SAP system application available for access from a web browser, a middleware component called Internet Transaction Server (ITS) is used. The ITS architecture has many built-in security features, such as to run the Wgate and Agate on separate hosts.
- Network Basics(SAPRouter, Firewalls and DMZ, Network Ports)
The basic security tools that SAP uses are Firewalls & DMZ, Network Ports, SAPRouter, etc. A firewall is a system of software and hardware components which define the connections that should pass back and forth between communication partners.SAP Web dispatcher and SAPRouter are examples of application level gateways that you can use for filtering SAP network traffic.
- Web-AS Security(Load Balancing, SSL, Enterprise Portal Security)
SSL (Secure Socket Layer), is a standard security technology for establishing an encrypted link between a server and client. With SSL you can authenticate the communication partners(server & client), by determining the variables of the encryption.
With sap cyber security, both partners are authenticated. The data transferred between the server and client will be protected so any manipulation in the data will be detected. In addition to that data transferred between the client and server is also encrypted. Enterprise portal security guide can be helpful to secure the system by following their guidelines.
- Single Sign-On
The SAP single sign-on function enables you to configure same user credentials to access multiple SAP systems. It helps to reduce administrative costs and security risk associated with maintaining multiple user credentials. It ensures confidentiality through encryption during data transmission.
- AIS(Audit Information System)
AIS or Audit Information System is an auditing tool that you can use to analyze security aspects of your SAP system in detail. AIS is designed for business audits and systems audits. AI presents its information in the Audit InfoStructure.
SAP Security for Mobile SAP Apps
SAP applications are now available on mobile with an increase in the mobile users. But this exposure is a potential threat. The biggest threat for an SAP app is the risk of an employee losing important data of customers.
The good thing about mobile SAP is that most mobile devices are enabled with remote wipe capabilities. And many of the CRM- related functions that organizations are looking to mobilize are cloud-based, which means the confidential data does not reside on the device itself.
Some of the popular mobile SAP security providers are SAP Afaria, SAP Netweaver Gateway, SAP Mobile Academy and SAP Hana cloud.
SAP Security Best Practices Checklist
- Network settings and landscape architecture assessment
- OS security assessment where SAP is deployed
- DBMS security assessment.
- SAP NetWeaver security assessment
- Internal assessment of access control
- Assessment of SAP components like SAP Gateway, SAP Messenger Server, SAP Portal, SAP Router, SAP GUI
- Change and transport procedure assessment
- Assessment of compliance with SAP, ISACA, DSAG, OWASP standards