Source: SAP
Recording link is
here
Abstract:
Abstract: What you always wanted to know about SAP Security, but did not dare to ask!
Not a day goes by without the next new data theft or IT hack being reported. What can you do to keep your SAP systems secure and find the hackers in your system?
In this SAP Community Session we will give recommendations on how to develop securely, how to keep up-to-date with security patching and introduce SAP’s security products (SAP Cloud Platform Identity Authentication, SAP Cloud Platform Identity Provisioning, SAP Enterprise Threat Detection, SAP Single Sign-On, SAP Identity Management) with short demos. Attendees will have the option to ask questions and pick topics for future deep dives.
Presenter: Gerlinde Zibulski , Director of Product Management Security and Identity Management at SAP SE
SAP Inside Track Wiki:
https://wiki.scn.sap.com/wiki/display/events/SAP+Inside+Track
Source: SAP
Source: SAP
Buzz word today APT - advance persisted threats
For SAP customers with business critical systems may deal with identity theft and data theft
Source: SAP
Value of data; Equifax hack
Value of data is high
Volume of data is a risk
Vulnerability of end points is usually not SAP's "turf"
Source: SAP
Each bubble represents an size/cost of attack
See comparison - site is from Information is Beautiful
40 in 2004; 2016 in 44 - size and cost has risen significantly
Source: SAP
Security speedometer; cyber attacks are real
Comment from Matt Fraser " Lots of brute-force password guessing, it seems."
Source: SAP
How SAP is targeted
Many data centers with business critical data
Source: SAP
What SAP IT Security does and sees on a monthly basis
Source: SAP
SAP wants to be the most trusted software vendor in the world
Source: SAP
3 corner strategy is above
Source: SAP
Target zero vulnerabilities so the software is secure
Defendable applications came from customer requests
Source: SAP
Working with partners on security partners
Source: SAP
Train your people; SAP project is called Human Firewall, mandatory training
She suggested taking a SAP data center tour
Source: SAP
SAP is "buzzword" security compliant
Visit the
SAP Cloud Trust Center
Also visit
SAP Help
Source: SAP
Use 2 Factor Authentication
Source: SAP
10 security recommendations for customers
SAP Security Patch day are the 2nd Tuesday of each month - recommend customers implement high and very high immediately
For ABAP you can use the code vulnerability analyzer
Source: SAP
Don't run systems on the internet using http
RFC connections and users are vulnerable; unified connectivity is a tool part of NetWeaver ABAP server
Source: SAP
Business applications contain business critical data
Source: SAP
SAP security products
SAP is looking to integrate the SAP Cloud Platform applications
Source: SAP
Summary of the session