In this SAP Security tutorial for beginners, we will learn about SAP Security basic concepts.

What is SAP Security?

SAP Security is a balancing act for protecting the SAP data and applications from unauthorized use and access. SAP offers different tools, processes and measures for security check to protect these data. SAP security helps to ensure that users can only use the functionality of SAP which is a part of their job.

SAP Systems contain very sensitive and confidential data of their clientele and businesses. Hence, there is a need for a regular audit of an SAP computer system to check its security and data integrity.

For instance, an employee in a warehouse who is responsible for creating a purchase order shall not approve a rightful purchase order or otherwise he may create and approve as many purchase order without any use.

In such scenario, the purchase order approval should be controlled by a higher authority which is a standard security feature.

Next in this SAP Security for beginners tutorial, we will learn about various Security concepts in SAP.

Security Concepts for SAP

Below are the main Security Concepts in SAP:

  1. STAD Data 

Transaction codes are the front door to get the access to SAP’s functionality. STAD data provide security against unauthorized transaction access. Does it keep a record of information like who accessed certain critical functionality? And when? STAD data can be used to monitor, analyze, audit and maintain the security concept.

  1. SAP Cryptographic library

SAP Cryptographic Library is the default encryption product delivery by SAP. It is used for providing Secure Network Communication (SNC) between various SAP server components. For front-end components, you need to buy an SNC certified partner product.

  1. Internet Transaction Server (ITS) Security

To make SAP system application available for access from a web browser, a middleware component called Internet Transaction Server (ITS) is used. The ITS architecture has many built-in security features, such as to run the Wgate and Agate on separate hosts. 

  1. Network Basics (SAPRouter, Firewalls and DMZ, Network Ports)

The basic security tools that SAP uses are Firewalls & DMZ, Network Ports, SAPRouter, etc. A firewall is a system of software and hardware components which define the connections that should pass back and forth between communication partners. SAP Web dispatcher and SAPRouter are examples of application level gateways that you can use for filtering SAP network traffic.

  1. Web-AS Security(Load Balancing, SSL, Enterprise Portal Security)

SSL (Secure Socket Layer), is a standard security technology for establishing an encrypted link between a server and client.  With SSL you can authenticate the communication partners(server & client), by determining the variables of the encryption.

With sap cyber security, both partners are authenticated. The data transferred between the server and client will be protected so any manipulation in the data will be detected. In addition to that data transferred between the client and server is also encrypted. Enterprise portal security guide can be helpful to secure the system by following their guidelines.

  1. Single Sign-On

The SAP single sign-on function enables you to configure same user credentials to access multiple SAP systems.  It helps to reduce administrative costs and security risk associated with maintaining multiple user credentials.  It ensures confidentiality through encryption during data transmission.

  1. AIS(Audit Information System)

AIS or Audit Information System is an auditing tool that you can use to analyze security aspects of your SAP system in detail. AIS is designed for business audits and systems audits. AI presents its information in the Audit InfoStructure.

Next in this SAP Security tutorial, we will learn about SAP security for mobile apps.

SAP Security for Mobile SAP Apps

Overview of SAP Security

SAP applications are now available on mobile with an increase in the mobile users. But this exposure is a potential threat. The biggest threat for an SAP app is the risk of an employee losing important data of customers.

The good thing about mobile SAP is that most mobile devices are enabled with remote wipe capabilities.  And many of the CRM- related functions that organizations are looking to mobilize are cloud-based, which means the confidential data does not reside on the device itself.

Some of the popular mobile SAP security providers are SAP Afaria, SAP Netweaver Gateway, SAP Mobile Academy and SAP Hana cloud.

Next in this SAP Security for beginners tutorial, we will learn about best practices for SAP security.

SAP Security Best Practices Checklist

  1. Network settings and landscape architecture assessment
  2. OS security assessment where SAP is deployed
  3. DBMS security assessment.
  4. SAP NetWeaver security assessment
  5. Internal assessment of access control
  6. Assessment of SAP components like SAP Gateway, SAP Messenger Server, SAP Portal, SAP Router, SAP GUI
  7. Change and transport procedure assessment
  8. Assessment of compliance with SAP, ISACA, DSAG, OWASP standards

Summary

  • SAP Security definition: SAP Security is a balancing act for protecting the SAP data and applications from unauthorized use and access.
  • Security Concepts for SAP
    1. STAD Data
    2. SAP Cryptographic library
    3. Internet Transaction Server (ITS) Security
    4. Network Basics (SAPRouter, Firewalls and DMZ, Network Ports)
    5. Web-AS Security(Load Balancing, SSL, Enterprise Portal Security)
    6. Single Sign-On
    7. AIS(Audit Information System)
  • The good thing about SAP security for mobile apps is that most mobile devices are enabled with remote wipe capabilities.
  • SAP Security Best Practices
    1. Network settings and landscape architecture assessment
    2. OS security assessment where SAP is deployed
    3. DBMS security assessment
    4. SAP NetWeaver security assessment

 

YOU MIGHT LIKE: