Application Development and Automation Blog Posts
Learn and share on deeper, cross technology development topics such as integration and connectivity, automation, cloud extensibility, developing at scale, and security.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Dec 11th SAP Community @SAPMentors Call: What you always wanted to know about SAP Security, but did not dare to ask!

TammyPowlas
SAP Mentor
SAP Mentor
‎2017 Dec 11 6:06 PM
1,989


Source: SAP

Recording link is here

Abstract:

Abstract: What you always wanted to know about SAP Security, but did not dare to ask!

Not a day goes by without the next new data theft or IT hack being reported. What can you do to keep your SAP systems secure and find the hackers in your system?

In this SAP Community Session we will give recommendations on how to develop securely, how to keep up-to-date with security patching and introduce SAP’s security products (SAP Cloud Platform Identity Authentication, SAP Cloud Platform Identity Provisioning, SAP Enterprise Threat Detection, SAP Single Sign-On, SAP Identity Management) with short demos. Attendees will have the option to ask questions and pick topics for future deep dives.

 

Presenter: Gerlinde Zibulski , Director of Product Management Security and Identity Management at SAP SE

SAP Inside Track Wiki: https://wiki.scn.sap.com/wiki/display/events/SAP+Inside+Track



Source: SAP



Source: SAP

Buzz word today APT - advance persisted threats

For SAP customers with business critical systems may deal with identity theft and data theft



Source: SAP

Value of data; Equifax hack

Value of data is high

Volume of data is a risk

Vulnerability of end points is usually not SAP's "turf"

 



Source: SAP

Each bubble represents an size/cost of attack

See comparison - site is from Information is Beautiful

40 in 2004; 2016 in 44 - size and cost has risen significantly

 



Source: SAP

Security speedometer; cyber attacks are real

Comment from Matt Fraser " Lots of brute-force password guessing, it seems."



Source: SAP

How SAP is targeted

Many data centers with business critical data



Source: SAP

What SAP IT Security does and sees on a monthly basis



Source: SAP

SAP wants to be the most trusted software vendor in the world



Source: SAP

3 corner strategy is above



Source: SAP

Target zero vulnerabilities so the software is secure

Defendable applications came from customer requests



Source: SAP

Working with partners on security partners



Source: SAP

Train your people; SAP project is called Human Firewall, mandatory training

She suggested taking a SAP data center tour



Source: SAP

SAP is "buzzword" security compliant

Visit the SAP Cloud Trust Center

Also visit SAP Help



Source: SAP

Use 2 Factor Authentication



Source: SAP

10 security recommendations for customers

SAP Security Patch day are the 2nd Tuesday of each month - recommend customers implement high and very high immediately

 

For ABAP you can use the code vulnerability analyzer



Source: SAP

Don't run systems on the internet using http

RFC connections and users are vulnerable; unified connectivity is a tool part of NetWeaver ABAP server



Source: SAP

Business applications contain business critical data



Source: SAP

SAP security products

SAP is looking to integrate the SAP Cloud Platform applications



Source: SAP

Summary of the session
5 Comments
Labels in this area
Popular Blog Posts