Back by popular demand from last year’s TechEd, the internal SAP Security Department will again participate at SAP TechEd in Las Vegas and Amsterdam.
As RFC Gateway security is such crucial for SAP systems, once again live hacking of an SAP system will be showed by musing the RFC Gateway. Afterwards, SAP’s own internal security department will provide recommendations on how to protect the RFC Gateway.
The RFC Gateway is the technical component of the SAP NetWeaver Application Server that manages the communication for all SAP Remote Function Call (RFC) based functionality. It runs on every SAP NetWeaver Application Server – ABAP and Java. SAP Global IT successfully implemented the protection measures for the RFC Gateway in a large enterprise environment. As protecting the RFC Gateway can be a challenging task for SAP customers, SAP Global IT wants to demonstrate how “SAP Runs SAP”. We will share information about the internal project and our experience gathered during real-life implementation. Furthermore, ways how to design and roll out the RFC Gateway protection will be discussed.
Security is one of the essential topics if companies enter the mobile world. SAP itself is one of the biggest adopters of mobile technology and the SAP’s own internal security department will share valuable insights how mobile and mobile security was introduced.
SAP is one of the world largest adopters of mobile technology running about 40,000 iOS, 16,000 BlackBerry and 5,000 Android devices with more than 50 business apps, of which 30 apps are enabled via SAP Mobile Platform. This session will share experiences from the Global IT Security and operations team including e.g. connectivity from the Internet, used infrastructure, software upgrades and IT processes and device management using Afaria. Additionally, the session will demonstrate how SAP’s own internal security departments enabled “Bring your own device (BYOD)” for corporate usage, balancing security vs. business requirements.
SAP launched a new offering SAP HANA Enterprise Cloud (HEC). SAP HEC is a new offering that gives customers the full power of SAP HANA in a managed cloud environment so that customers
do not have to implement it on-site. SAP’s own internal security department will give an insight in the HEC security strategy and concepts on the various layers. Security architecture will be discussed besides topic like security certifications, processes and monitoring.
Of course, the SAP internal security department is working closely together with SAP Product Development. Though, more interesting SAP security sessions will be presented jointly with SAP Product Development.
Creating roles for remote function call (RFC) scenarios using the old system trace is tedious and error prone. Technical users in RFC destinations therefore often have full system access with SAP_ALL. There are also many users with authorizations to start all RFC function modules due to unrestricted S_RFC authorizations. This hands-on session will guide you from a set-up with SAP_ALL users in RFC destinations and multiple 10.000 exposed RFC function modules to a system set-up with properly maintained RFC authorizations. We will show you how to do this in existing releases. We will also show you how a new solution called SAP Unified Connectivity disables RFC access to function modules you do not need altogether.
With SAP NetWeaver Application Server for ABAP 7.40, SAP ships a new compliance functionality called read access logging (RAL). With RAL, customers are now able to monitor access to sensitive or critical business data. RAL will help customers adhere to legal compliance laws, legal requirements, and industry standards, as well as to internal requirements to track access to sensitive data. This session will provide information on the use cases and features of read access logging and provide some guidance on how to configure the feature in a customer scenario.
And here a list of more security related sessions which must not be missed by any person interested in SAP Security – from my personal point of view!
SIS201 – Security in Different SAP HANA Scenarios – An Overview
SIS204 – Compliant User Provisioning and Segregation of Duties Checks for SAP HANA-Based Environments
SIS265 – Single Sign-On for the ABAP World Using SAP NetWeaver Single Sign-On
SIS206 – IT Security Governance with SAP Solution Manager and SAP Process Control
And last, but not least, also make sure to visit the SAP Runs SAP booth at the TechEd Showfloor for great discussions how SAP Runs SAP internally! More details can be found in Eileen’s Blog.
Looking forward to seeing all of you at TechEd Las Vegas!
Please connect with me on Twitter for more updates.