Skip to Content
Author's profile photo Bjoern Brencher

And again, SAP Runs SAP at TechEd with SAP Security Sessions!

Back by popular demand from last year’s TechEd, the internal SAP Security Department will again participate at SAP TechEd in Las Vegas and Amsterdam.

SIS202 SAP Runs SAP – Remote Function Call: Gateway Hacking and Defense

As RFC Gateway security is such crucial for SAP systems, once again live hacking of an SAP system will be showed by musing the RFC Gateway. Afterwards, SAP’s own internal security department will provide recommendations on how to protect the RFC Gateway.

The RFC Gateway is the technical component of the SAP NetWeaver Application Server that manages the communication for all SAP Remote Function Call (RFC) based functionality. It runs on every SAP NetWeaver Application Server – ABAP and Java.  SAP Global IT successfully implemented the protection measures for the RFC Gateway in a large enterprise environment. As protecting the RFC Gateway can be a challenging task for SAP customers, SAP Global IT wants to demonstrate how “SAP Runs SAP”. We will share information about the internal project and our experience gathered during real-life implementation. Furthermore, ways how to design and roll out the RFC Gateway protection will be discussed.

MOB103 SAP Runs SAP – How SAP securely runs its mobile apps infrastructure

Security is one of the essential topics if companies enter the mobile world. SAP itself is one of the biggest adopters of mobile technology and the SAP’s own internal security department will share valuable insights how mobile and mobile security was introduced.

SAP is one of the world largest adopters of mobile technology running about 40,000 iOS, 16,000 BlackBerry and 5,000 Android devices with more than 50 business apps, of which 30 apps are enabled via SAP Mobile Platform. This session will share experiences from the Global IT Security and operations team including e.g. connectivity from the Internet, used infrastructure, software upgrades and IT processes and device management using Afaria. Additionally, the session will demonstrate how SAP’s own internal security departments enabled “Bring your own device (BYOD)” for corporate usage, balancing security vs. business requirements.

EXP10351 EXP10353 SAP Runs SAP Security in SAP HEC

SAP launched a new offering SAP HANA Enterprise Cloud (HEC). SAP HEC is a new offering that gives customers the full power of SAP HANA in a managed cloud environment so that customers

do not have to implement it on-site. SAP’s own internal security department will give an insight in the HEC security strategy and concepts on the various layers. Security architecture will be discussed besides topic like security certifications, processes and monitoring.

Of course, the SAP internal security department is working closely together with SAP Product Development. Though, more interesting SAP security sessions will be presented jointly with SAP Product Development.

SIS260 – RFC Security – Good Bye to SAP_ALL and S_RFC Wild Cards!

Creating roles for remote function call (RFC) scenarios using the old system trace is tedious and error prone. Technical users in RFC destinations therefore often have full system access with SAP_ALL. There are also many users with authorizations to start all RFC function modules due to unrestricted S_RFC authorizations. This hands-on session will guide you from a set-up with SAP_ALL users in RFC destinations and multiple 10.000 exposed RFC function modules to a system set-up with properly maintained RFC authorizations. We will show you how to do this in existing releases. We will also show you how a new solution called SAP Unified Connectivity disables RFC access to function modules you do not need altogether.

SIS104 – Finding the Leak – Using Access Logging to Monitor Access to Sensitive Data

With SAP NetWeaver Application Server for ABAP 7.40, SAP ships a new compliance functionality called read access logging (RAL). With RAL, customers are now able to monitor access to sensitive or critical business data. RAL will help customers adhere to legal compliance laws, legal requirements, and industry standards, as well as to internal requirements to track access to sensitive data. This session will provide information on the use cases and features of read access logging and provide some guidance on how to configure the feature in a customer scenario.

And here a list of more security related sessions which must not be missed by any person interested in SAP Security – from my personal point of view!

SIS201 – Security in Different SAP HANA Scenarios – An Overview

SIS204 – Compliant User Provisioning and Segregation of Duties Checks for SAP HANA-Based Environments

SIS265 – Single Sign-On for the ABAP World Using SAP NetWeaver Single Sign-On

SIS206 – IT Security Governance with SAP Solution Manager and SAP Process Control

And last, but not least, also make sure to visit the SAP Runs SAP booth at the TechEd Showfloor for great discussions how SAP Runs SAP internally! More details can be found in Eileen’s Blog.

Looking forward to seeing all of you at TechEd Las Vegas!

Bjoern Brencher

Please connect with me on Twitter for more updates.

Assigned tags

      8 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Former Member
      Former Member

      Thanks Björn - very good overview of seesion to attend.

      Author's profile photo Matthias Wild
      Matthias Wild

      Perfect overview - looking forward running the SAP Runs SAP booth at TechEd with you!

      Author's profile photo Former Member
      Former Member

      great overview - thanks to the security team for the preparation. looking forward working with you at TechEd.

      Author's profile photo Former Member
      Former Member

      Thanks Björn! See you at TechEd Las Vegas !! (:

      Author's profile photo Eileen Butler
      Eileen Butler

      Great summary, Bjoern & I know these topics will be very popular again 🙂

      Author's profile photo Former Member
      Former Member

      Security is a key topic - having more tools, more media, more devices. Thanks for sharing these opportunities to know more !

      Author's profile photo Former Member
      Former Member

      David, great summary

      Author's profile photo TOBIAS WEBER
      TOBIAS WEBER

      Thanks for this great summary!