SAP® Security and Compliance Check
Take advantage of our experience in SAP® security to protect your complete SAP® system landscape
By attacking an SAP® system, an attacker can access valuable system information, use this information for further attacks on other SAP® systems, and - naturally - obtain important company data (customer data; product information, such as recipes and technical drawings; salary data; and so on) without being noticed (the data is not "gone", it simply exists elsewhere, too). The attacker can also corrupt this data.
So that you can discover and rectify possible vulnerabilities of yourSAP® system with external support in accordance with the current state of SAP® security technology, akquinet offers SAP® Security Checks and SAP® Compliance Checks to strengthen SAP® systems as a fixed-price service.
Our software solution, coupled with best practice procedures from a single source, makes us unique.
The SAP® Security and Compliance Check is carried out on the basis of SAP® security guidelines, BSI recommendations, and the technical and legal framework in the SAP® environment (SOX, Cobit, Coso, DSAG audit guidelines, the Federal Data Protection Act (BDSG), and so on) with the use of our Security Tool SAST (System Audit and Security Toolkit for SAP®) for a system selected by the customer.
The planned SAP® system security check is carried out on the basis of akquinet best practice scenarios for SAP® security projects.
Our SAP® security and compliance checks comprise around 3,000 checks pertaining to the following areas:
- Control of admission and access to the system
- Check on security at operating system and database level
- Check on standard users and passwords
- Check on SAP® parameters and settings
- Check on Internet configuration and cryptography settings
- Evaluation of critical SAP® system authorizations on the basis of SAST default settings
- Check on SAP® authorizations with regard to critical authorizations and segregation of duties conflicts
Encryption procedures and SAP® Solution Manager
In particular, state-of-the-art encryption procedures are to be taken into consideration. Note: In the context of security, the Solution Manager plays an important role, and we therefore also recommend checking the SAP® Solution Manager system. During the checks, all relevant system components (ABAP stack, Java stack, operating system, database) and the SAP® settings and user authorizations are analyzed.
Numerous companies trust in our SAST security solutions. Please contact us for further information and for our references.
For more information, see:
- Our flyer SAP® Security and Compliance Check
- The DSAG presentation of our technical director Ralf Kempf (in German): Protecting SAP® systems: Well-meant is not well-done - experiences from SAP® security audits and tips for strengthening your SAP® systems