As a member of my organization’s SAP security team focused primarily on our user provisioning and other custom toolsets and on controls compliance, I have to admit that the support pack strategy is something that I have left to others in our CCOE organization. However, recent messages that came out from SAP alerting customers who may not be current on critical security fixes have prompted me to take a closer look.
What is your organization’s support pack strategy? Are support packs applied once or twice a year? Less often? Are the time and resources required for testing a concern? How big an emphasis is placed on security testing during your support pack application process? Are you certain that all known security vulnerabilities in your ERP landscape have been addressed? These are questions that I would like to discuss during my Expert Networking “Birds-of-a-Feather” sessions, which are EXP127 and EXP128.
We had a very similar session in Orlando during the ASUG /SAPPHIRE Conferences, where security professionals shared their most pressing concerns. Several of those present were planning on deploying an identity management solution within the year, and others were still sorting out the differences between SAP’s Identity Management solution and the BusinessObjects GRC Compliant User Provisioning solution. A number of those present expressed concerns about the ever-increasing complexity of authorization concepts. I am looking forward to hearing from TechEd attendees who work in SAP security about your current concerns and ongoing initiatives. Are you deploying a new security-related solution, or have tightened budgets forced delays on your deployment plans? Have staffing reductions resulted in loss of security expertise? Are you concerned about the possibility of security vulnerabilities as a result? Plan to attend and share your successes, questions and concerns.
If you have not yet done so, be sure to check the list of Expert Networking sessions for the TechEd event you are planning to attend. I am really excited about all the networking opportunities in Phoenix for security professionals. The Customer Feedback and Roundtables will also be great opportunities for getting together with peers and SAP solution management. I hope to renew acquaintances from TechEds past and meet other SDN and BPX members at #SAPTechEd09!