Security is always a critical concern when you start integrating enterprise applications. Data managed by these systems is literally the lifeblood of any business and thus worth protecting against any possible damage and attacks. However, security is often addressed too late in many integration projects. This has many reasons, one being the fact that security can be a complex topic, in particular in the enterprise context.
Chapter 9 to the rescue!
This is why we added the new chapter 9 to the SAP Guidelines for Best-Built Applications: Security Guidelines. Its main objective is to help partners and customers quickly find the best approach to address security when integrating their applications with SAP. This includes topics such as Secure Programming Guidelines, Identity Management, Single Sign-on (SSO) and Infrastructure Security.
One key issue with security in an integration scenario is always interoperability. This gets especially tricky when you apply advanced security techniques such as SSO to improve the user experience or message encryption and digital signatures to ensure end-to-end security. We put special emphasis on this aspect in this first version of the chapter which you will notice when you read through the recommendations we give.
Here is an example: “SEC-STD-4. SAP recommends that web service calls be authenticated with SAML tokens that use the SAML Holder of Key confirmation method to ensure auditability and interoperability.”
Wondering what’s behind SAML and the “Holder of Key confirmation method”? Go and read the SAP Guidelines for Best-Built Applications and you’ll find a crisp explanation of these terms.
With that we we hope to give you the best guidance possible on security-related questions when designing and integrating your solution with SAP, and there should be no more reasons to put security off and address it too late in the lifecycle of your projects!