Skip to Content

Remediation, Identity Management, Continuous Compliance are inter related and it is a well coordinated effort between the IT and business teams in any of above projects. The projects are small to medium size, but these are critical for the top management including CIO, CFO.

With current advancement in technology and demand from the business end users, the security can be robust for supporting the needs like Mobile devices, Multi language applications, secure authentication and secure end-end authorization for various SAP systems.

In case of mobile access, the monitoring is very critical and loss of mobile device shall be immediately notified and access shall be disabled immediately.This is most important in coming months.

In this case, the compliance identity management is very important, testing and checking the application from various mobile vulnerabilities also critical.

In this article, I wish to touch few important points on web services security for mobile features in SAP applications. Pro active steps are necessary  for successful SAP Audits of SAP projects.

Identity management and SOX compliance projects shall be implemented together to avoid any vulnerabilities and for most effective end to end authorization testing.

For example, in a typical SRM 7.0 application, the approvals can be done via e-mail and the approvers can use the mobile devices for approving the requests. These processes shall be tested positively and negatively with all possible scenarios.

At the same time, the SOX compliance for the SRM application shall be checked with custom risk libraries. So the authentication and authorizations shall be well controlled by using SAPs robust features.

I hope, the above details will help all in effective project planning for SAP applications with mobile features.

I request all to share your opinions and comments, much appreciated. 

To report this post you need to login first.

2 Comments

You must be Logged on to comment or reply to a post.

  1. Tridip Chakraborthy
    Hi Raghu
    This is great articulation and positive updates to the community that’s preparing for SOX SAP Audits, these days the auditors have become really smart and they are already well prepared to point exactly where the flaw lies.
    We had faced such and Audit and I blogged my experiences with SOX and Procurement function as a start for procurement folks that have some/no clue of what could be coming their way,
    Blog Link: How important is Sarbanes Oxley (SOX) to the Procurement function: Is Compliance really an Opportunity ?
    however, the message of my blog was to view “Compliance as an opportunity and not a threat”, those were the early times, when I shared what all areas inside the application can compliance be showcased, however after reading your initiative of going a step forward to have this compliance endurance built inside the mobile versions of applications, would really vest confidence in folks that are actually going to be using SAP Sourcing Wave 8 and Wave 7 On-demand approvals on the mobiles and for some more companies that are going to have iPhone Apps that are going to mimic the app versions of the On-premise or on-demand software, are going to feel lot better on reading your blog.
    I would highly recommend you to articulate how the Compliance Platform that you guys are formulating could be understood and on-boarded.
    Please keep a follow-on blog or article more detail oriented for savvy folks like me that are looking forward to educate our customer base with the kind of great things that are in the making
    All the best and keep them coming
    Regards
    Tridip
    (0) 
    1. Raghu Duggirala Post author
      Mr Chakraborthy:

      I appreciate for your quick attention and suggestions. I am working on follow-up blog.I will touch few of your points.

      Mobile applications are critical and need more attention by all in particular security/compliance/audit teams.

      I will do my best in sharing the knowledge.

      Many thanks for your compliments.

      (0) 

Leave a Reply