Technology Blog Posts by Members
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forΒ 
Search instead forΒ 
Did you mean:Β 
Read only

SAL: SAP 'Integrity Protection Format' secured with Distributed Ledger Technology on SAP BTP Kyma πŸš€

AndySilvey
Active Participant
2 weeks ago
0 Kudos
451

Did you know,

the S/4HANA SAP Audit Log (SAL) 

has a configuration, 

'Integrity Protection Format',

which enables (malicious) modifications to be detected:

2033317 - Integrity protection format for Security Audit Log - SAP for Me

2191612 - FAQ | Use of Security Audit Log as of NetWeaver 7.50 - SAP for Me

This integrity protection is an extremely important part of your holistic Security Posture.

As @kevinrichardson showed and stated in this excellent picture, 'You cannot solve today's challenges with yesterday's tools',

AndySilvey_0-1762287465475.png(Source: 002_rise_with_sap_kr.pdf)

In the ERP modernisation and transformation which is happening everywhere, there is not enough being done on Security Posture Modernisation, SAL: SAP 'Integrity Protection Format', is available now included in your License and enabled with a Profile Parameter, so why not to do it ?

The OSS Notes explain that, SAL: SAP 'Integrity Protection Format', works like this:

AndySilvey_1-1762287621076.png

2033317 - Integrity protection format for Security Audit Log - SAP for Me

And that's all fine, but where does the, 'Distributed Ledger Technology on SAP BTP Kyma πŸš€' fit in to the equation, where's the relevance ?

Here's the answer, this Note 2191612 - FAQ | Use of Security Audit Log as of NetWeaver 7.50 - SAP for Me  has a pdf attached:  Explain SAL Integrity Format.pdf , and the pdf goes on to explain that,

AndySilvey_2-1762287797394.png

'You should download the HMAC Ident as a backup, but you should save it on a secure place. The log files written with that can only be checked with that. It’s important to have this HMAC key data after a system copy or if the files should be evaluated in another system than the original. '

That's where the Blockchain / Distributed Ledger Technology running on the SAP BTP Kyma comes in,

store the HMAC Keys in the Distributed Ledger Technology running on the SAP BTP Kyma

This will ensure that nobody can tamper with the keys, and therefore nobody can tamper with the SAL Audit Logs and you have the least chance of losing the keys thanks to the built in characteristics of the Distributed Ledger Technology running on the SAP BTP Kyma, HA&DR out of the box, distributed, immutable, etc.

AndySilvey_5-1762288844416.png

Source: BCP: Business Continuity Planning for SAP S/4HANA - made easy with Enterprise Blockchain πŸš€

Creating digital finger prints of data is going to come in to our Security Posture whether it's protecting integrity of AI LLMs or Document Grounding, Log Files, Backups and more:

AndySilvey_4-1762288308473.png

SAP AI Security - How To: Tamperproof AI LLM's with SAP BTP Kyma and Enterprise Blockchain πŸš€ 

Cyber Security Protection for S/4HANA Backups with Enterprise Blockchain and SAP BTP Kyma πŸš€

If you want to try it out there's a blog here, Running Your Own Blockchain on The SAP BTP Kyma Trial: A Hands On How To Guide πŸš€ 

Have a think about, SAP Enterprise Architecture: Positioning Blockchain Database as an Enterprise Technology Standard πŸš€  and then you can SAP Enterprise Architecture: Let the Use Case find the BlockchainπŸš€  by following SAP Enterprise Architecture Principles and the Enterprise Architecture: Enterprise Blockchain Platform Business Capability Map πŸš€

And this is why, Why I love SAP and Blockchain Databases and why you should too πŸš€

If you learn one thing from this blog, it's that you can protect the integrity of your SAL Audit Logs with SAP 'Integrity Protection Format', and that is a cool feature.

Until next time,

Andy Silvey.

Independent SAP Technical Architect and SAP Basis SME [you might also find my SAP S/4HANA RISE & BTP Toolbox interesting:  πŸ§°πŸ‘·β€ The SAP S/4HANA RISE & SAP BTP - Toolbox πŸ‘·β€πŸ§°] and CEO of atkrypto (.) io

Author Bio:

Andy Silvey is a 26 years SAP Technology veteran [26 years SAP Basis and  including 12 years SAP Tech Arch including Tech, Integration, Security, Data from 3.1H to S/4HANA PCE on RISE and the BTP and everything in between, and former SCN Moderator and Mentor alumni].

Andy is also co-Founder of atkrypto inc, an startup whose ambition is to make Blockchain easy for Enterprise.

atkrypto (.) io's flagship product is the atkrypto Enterprise Blockchain Platform for SAP,  and atkrypto (.) io is a SAP Partner Edge Open EcoSystem Partner. 

The atkrypto Enterprise Blockchain Platform for SAP has been designed by SAP Independent Experts for the needs of SAP Customers and to be deployed on the SAP BTP Kyma Runtime Service and leverage native integration to SAP Products.

atkrypto Enterprise Blockchain Platform for SAP has a number of unique qualities, including being the only Blockchain software in the world which has a DataCenter version and a light mobile version which can run on Edge/IoT/Mobile devices and enables data to be written to the Blockchain at the Edge where that same Blockchain is running on a Server in the DataCenter, protecting the integrity and originality of data from the Edge to Insights. Taking Blockchain to the Data at the Edge instead of taking the Data to the Blockchain.