Remediation, Identity Management, Continuous Compliance are inter related and it is a well coordinated effort between the IT and business teams in any of above projects. The projects are small to medium size, but these are critical for the top management including CIO, CFO.
With current advancement in technology and demand from the business end users, the security can be robust for supporting the needs like Mobile devices, Multi language applications, secure authentication and secure end-end authorization for various SAP systems.
In case of mobile access, the monitoring is very critical and loss of mobile device shall be immediately notified and access shall be disabled immediately.This is most important in coming months.
In this case, the compliance identity management is very important, testing and checking the application from various mobile vulnerabilities also critical.
In this article, I wish to touch few important points on web services security for mobile features in SAP applications. Pro active steps are necessary for successful SAP Audits of SAP projects.
Identity management and SOX compliance projects shall be implemented together to avoid any vulnerabilities and for most effective end to end authorization testing.
For example, in a typical SRM 7.0 application, the approvals can be done via e-mail and the approvers can use the mobile devices for approving the requests. These processes shall be tested positively and negatively with all possible scenarios.
At the same time, the SOX compliance for the SRM application shall be checked with custom risk libraries. So the authentication and authorizations shall be well controlled by using SAPs robust features.
I hope, the above details will help all in effective project planning for SAP applications with mobile features.
I request all to share your opinions and comments, much appreciated.