Security at SAP TechEd 2017
With the worldwide SAP TechEd 2017 conference series currently being planned and the content overview for the Las Vegas event being available online already, I’d like to point your attention to the new setup of topics this year. In past years the content was sorted in tracks. This year, the content is headed with the following “Themes”:
- Engage: Design, prototype, develop, and mobilize the digital experience
- Know: Deliver insights to drive strategic decisions
- Run: Hyper-automate business processes, and make your SAP applications more intelligent and capable
- Transform: Create and scale new, intelligent applications that connect people, things and business
- Unlock big data: Orchestrate data of any volume, velocity, and variety
So: “Where is the Security track?” you might ask. And honestly, it is not as straight forward as in the past to find all the security related sessions among the total of more than 1100 session items that are listed in the Las Vegas online session catalog (formerly known as “Agenda builder”).
In the session catalog you may find the “Subtheme” called “Security and compliance” which is listed as a filter criteria under “Run: Hyper-automate…”, but this will only show the 44 sessions that are concerned with, and relate to the S/4HANA security functionalities. However, if you click “Clear all” and then type “security” into the “Enter keywords” line, you will get a list of 137 sessions that somehow contain the word security in the header or the abstract. But this will leave out the sessions that only use “secure” in the header or abstract (73 hits). If you even type the combination of both: “secur” and search, you will get those 174 items listed that should really sum it up!
Here is the list of the 36 SECURITY-related sessions (lectures, hands-on, road map Q&As and CodeReview) that I like to mention and promote in this blog. All the sessions will be presented in all three locations: Las Vegas, Bangalore and Barcelona. I will keep this list updated with links to the online listings for all three locations when they become available. Clicking on the location will then open the session information with speaker and schedule details (if available).
- General Security lectures (security related)
- Product road maps (security related)
- Security functionality: Hands-On sessions
- Code Review sessions (security related)
General security lectures (1 hour)
Security Product Portfolio Overview from SAP (Lecture, 1hr.)
Learn how to secure your hybrid SAP landscape. SAP offers a comprehensive set of security products as well as security platform features that will help to configure a secure and robust landscape architecture. We will cover products such as SAP Cloud Platform Identity Authentication, SAP Cloud Platform Identity Provisioning, SAP Enterprise Threat Detection, SAP Single Sign-On, and SAP Identity Management, and security features of our flagship platform-as-a-service, SAP Cloud Platform.
SAP Cloud Platform: A Security Overview (Lecture, 1hr.)
Identity and access management, data security, and compliance are top priorities you need to examine when considering moving applications to the cloud. Join this demo-rich session for an overview of the security services available for SAP Cloud Platform, and learn how SAP addresses security challenges. Get practical guidance on how to use the platform to build and integrate applications that meet your security requirements.
Data Protection: Processing and Safeguards in SAP Business Suite (Lecture, 1hr.)
Learn about well-known security features such as authorizations or change logging, and their importance for data protection and privacy (DPP). Experience new features dedicated to the support of DPP, including blocking and deleting personal data and read-access logging. Find out about required technical considerations to achieve compliance with DPP regulations in the SAP Business Suite.
Data Protection with SAP Information Lifecycle Management (Lecture, 1hr.)
Discover how you can benefit from the simplified blocking and deletion capabilities of the SAP Information Lifecycle Management component, supporting corporate compliance efforts. Learn how to block and unblock person-related data, and how to archive and destroy retention-relevant data in accordance with country-specific retention periods.
SAP Enterprise Threat Detection: Features and Functions (Lecture, 1hr.)
While most companies have some type of monitoring at the infrastructure level, they find it a challenge to gain insight into what is going on at the SAP application level. Take a look at how the cybersecurity solution from SAP, the SAP Enterprise Threat Detection application, deals with this situation. See how it can be used standalone or integrated with other security measures.
SAP HANA Security: Safeguarding Access and Data in Different Scenarios (Lecture, 1hr.)
This session provides an overview of various use cases for the SAP HANA database and how they impact your approach to security. Get information on how to secure access to your systems and configure them securely. Learn about new features and critical operational aspects, such as security monitoring, patching, and available tools.
Securing the Internet of Things (Lecture, 1hr.)
When working with the Internet of Things (IoT), we must deal with highly heterogeneous device landscapes that are more complex and difficult to secure than other landscapes, all while considering that successful attacks have the potential to increase dramatically. SAP has invested significant effort in considering how best to secure IoT environments. In this session, you learn what such environments look like and what tools and techniques we can apply to achieve a reasonably secure landscape.
Managing Authorizations for SAP S/4HANA in the Cloud and on Premise (Lecture, 1hr.)
SAP runs SAP S/4HANA Cloud. Hear about the lessons we learned when creating roles and managing access control for customers of SAP S/4HANA running in the cloud. We show you how to apply these lessons learned to manage access control for SAP S/4HANA running on premise.
Transitioning from SAP NetWeaver to SAP S/4HANA? Keep it Secure! (Lecture, 1hr.)
In this session, you will get an overview of security concepts and functions in SAP S/4HANA and SAP Fiori. Learn how they differ from SAP NetWeaver security features, and gain insights into authentication, single-sign-on and authorization capabilities. Experience how you can leverage and benefit from state-of-the-art security to safeguard your business processes and assets in S/4HANA.
How to Secure Your Data with SAP API Management (Lecture, 1hr.)
APIs allow you to expose your enterprise data and processes to your ecosystem of partners and third-party application developers and integrators. Security and governance is of utmost importance while exposing APIs. In this session, we explain how you can secure your APIs end-to-end using SAP API Management. During the session, we will address the top-ten OWASP vulnerabilities.
Digital Identities for IoT Devices with X.509 Certificates (Lecture, 1hr.)
The Internet of Things consists of an ever-increasing number of devices. As the impact of the data coming from these devices grows, it becomes more and more important to ensure the validity of the data by detecting devices that are not legitimate and preventing them from falsifying the analysis of data or even from collecting confidential information. In this session, we explain how digital certificates can be used to establish a secure identity for a device, based on SAP technology.
Security in SAP Cloud Platform Mobile Services for Developers (Lecture, 1hr.)
Discover the various security mechanisms available with SAP Cloud Platform Mobile Services. This includes the mechanisms through the mobile platform (on premise or in the cloud) that it depends on, and the mechanisms that it provides for the applications that are deployed on it.
Overview: Identity and Access Management for On-Premise and Cloud Scenarios (Lecture, 1hr.)
Users must be able to log on to many different applications in today’s world of hybrid system landscapes. This should be as easy and seamless as possible, with the least complexity for the user. However, access control should be as tight as possible, and the audit of system access must be possible on the identity level. SAP supplies the tools to achieve this for the on-premise and the cloud world, supporting established industry standards without interrupting users.
SAP Single Sign-On Everywhere, From On Premise to the Cloud (Lecture, 1hr.)
The SAP Single Sign-On application provides the foundation for a secure system landscape as it protects customers against cyber attacks based on weak authentication. End users appreciate the vastly improved usability and productivity. When customers extend their businesses to the cloud, they expect these capabilities to remain in place. In our overview sessions we will explain the capabilities of SAP Single Sign-On and the SAP Cloud Platform Identity Authentication service.
Single Sign-On for the Mobile Worker (Lecture, 1hr.)
Today’s business applications seamlessly span the on-premise and cloud world. Customers expect a seamless user experience across all their devices. By integrating the SAP Single Sign-On application with SAP Cloud Platform Mobile Services and the SAP Fiori Client mobile app, customers can rely on X.509 certificates for single sign-on from mobile devices, just as they do for their classic IT landscapes. Learn how to integrate these products to enable single sign-on for iOS devices.
Product Road maps (30 minutes)
Product road map sessions were delivered also in past years as so called “Q&A” informational sessions, giving insight into current product development plans and answers to your questions. Plus, the opportunity to discuss – and influence – future product functionality because they are usually held by SAP experts from the product management team.
Road Map: SAP Security Products (Road Map Session, 30 min)
Our security products help safeguard your valuable assets: enterprise operations. The solution portfolio includes applications for identity and access management, single sign-on, threat detection, secure programming, and data security. Find out more about the continuous evolution of our security products, and learn about new features and enhancements planned for upcoming releases that help secure your business-critical cloud and on-premise applications.
Road Map: SAP Enterprise Threat Detection (Road Map Session, 30min)
SAP Enterprise Threat Detection is our own cybersecurity solution, with a particular focus on protecting SAP software systems. We look at the current and planned features of the on-premise product as well as the planned integration with SAP Cloud Platform.
Road Map: SAP NetWeaver AS, Add-On for Code Vulnerability Analysis (Road Map Session, 30min)
Security is no longer considered a luxury in IT systems. Your tried-and-tested custom programs built using the ABAP programming language could be used in different scenarios, some of which you may not have anticipated. Get an overview of the new features and functions planned for SAP NetWeaver Application Server (SAP NetWeaver AS), add-on for code vulnerability analysis.
Road Map: SAP Identity Management (Road Map Session, 30min)
Hear about the latest news and plans for the SAP Identity Management component. We give a short overview of the current state of the product and introduce the short-term plans and the long-term road map outlook for the product.
Road Map: SAP Single Sign-On (Road Map Session, 30min)
Road Map for the SAP Cloud Platform Identity Authentication Service (Road Map Session, 30min)
The SAP Cloud Platform Identity Authentication service provides users with simple and secure cloud-based access to the business processes, applications, and data from anywhere and on any device. Join this road map session to learn about the new developments currently being introduced and those planned for the service.
Road Map for the SAP Cloud Platform Identity Provisioning Service (Road Map Session, 30min)
The SAP Cloud Platform Identity Provisioning services offers a comprehensive, low cost approach to identity lifecycle management in the cloud that automates the provisioning of identities and authorizations for easy on-boarding of cloud-based business applications. Join this road map session to learn about the latest enhancements for the service and to get insights into current development plans and upcoming features.
Road Map for Governance, Risk, and Compliance: SAP Access Control (Road Map Session, 30min)
With the SAP Access Control application, you can move beyond manual processes for managing segregation of duties, critical and sensitive access, and super-user access. Learn how the application automates the compliant provisioning of users, design of roles, and periodic user and role certifications. Find out about our plans for expanding the application’s capabilities and addressing the key needs of new trends.
Security functionality Hands-On sessions (2 hours)
Hands-On sessions are there for you to get a feeling of newly developed functionality and see it in real live! This years setup will go totally paperless. Each workstation will be equipped with two monitors, one for the “work” and the other one to display the “working script”, formerly known as (paper-) handout.
End-to-End Cloud Identity and Access Management (Hands-On, 2hr.)
Provisioning identities and managing their access across complex landscapes is challenging, especially when you start to onboard different cloud applications. Learn how you can use the identity and access management (IAM) services provided by SAP Cloud Platform to manage cloud users and their authentication mechanisms for our cloud solutions such as SAP Jam and SAP Hybris Cloud for Customer. Discover different ways of creating cloud users and provisioning them to these cloud solutions.
Identity and Access Management Across SAP and Google in SAP Cloud Platform (Hands-On, 2hr.)
SAP Cloud Platform offers services for identity and access management that enable enterprises to offer their employees single sign-on to any business software they need to use. Besides SAP business applications, this includes G Suite and Google Cloud Platform. Learn how the identity authentication service enables secure access and single sign-on, whereas the identity provisioning service allows for central management of identities by granting or revoking the appropriate privileges.
Compliant Identity Management In Hybrid System Environments (Hands-On, 2hr.)
With the SAP Identity Management component, you can centrally manage user accounts and their access assignments. During this session, you will work with this component and learn about its new capabilities. See how SAP Identity Management and the SAP Access Control application can reuse the same business role model. Understand how users in a hybrid system environment that includes on-premise and cloud applications can be centrally managed by SAP Identity Management.
Manage Single Sign-On and Role-Based Permissions for SAP S/4HANA Extensions (Hands-On, 2hr.)
Gain hands-on experience enabling single sign-on in an extension scenario for SAP S/4HANA that includes a prebuilt extension in an account of SAP Cloud Platform and integration with an ABAP system. Find out how to configure the required authentication mechanisms, establish trust between the involved components, and enable single sign-on. See the features required to help ensure a consistent assignment of authorizations in such an extension scenario.
SAP Solution Manager: A Hacker Tool or A Tool for Security Administrators? (Hands-On, 2hr.)
SAP Solution Manager is connected to your complete SAP solution landscape, which is fantastic for cross-system security analysis. It also turns it into a central point for potential attackers. Learn how to prevent attackers from misusing SAP Solution Manager to attack your business systems. Find out how to detect missing security notes, run automated security configuration validation, and enable dashboards for continuous security monitoring, including validation of your security settings.
Configure, Manage, and Monitor the Security of Your SAP HANA Platform (Hands-On, 2hr.)
Sensitive data is attacked every day. Understanding how to correctly secure your SAP HANA platform is key to preventing security breaches. Learn how to configure, manage, and monitor important security settings. Topics include managing users, user authentication, authorization, defining and applying audit policies, managing audit logs, enabling encryption, data masking, and security in a multitenant database scenario, as well as taking advantage of enhanced security monitoring features.
Secure Application Development on SAP Cloud Platform (Hands-On, 2hr.)
Join us in this session to learn how to develop secure applications on SAP Cloud Platform. We introduce you to the fundamental platform security concepts, including authentication and single sign-on (SSO), access control and management, and the logging and storage of confidential data. Learn how to use industry security standards such as SAML and OAUTH in your applications, how to securely propagate user identities, how to troubleshoot problems in a real-world scenario.
Security Operations on SAP Cloud Platform (Hands-On, 2hr.)
This session explains how to efficiently use the platform security services to stay secure and compliant in the SAP Cloud Platform. Learn best practices for enhancing the security of your applications and data. Focus on the exceptional security features of SAP Cloud Platform, including strong authentication and authorization of administrators, customization of platform roles for segregation of duties, automation of user and role provisioning with the platform security APIs, and much more..
Secure ABAP Development: Best Practices Using SAP Tools (Hands-On, 2hr.)
Your tried-and-tested custom ABAP programs could be used in different scenarios, some of which you may not have anticipated. It is more important than ever for developers to understand how to write secure code. See how SAP security code scan technology can assist you by providing guidance when you most need it. All demos and exercises are done with ABAP development tools (ADT or ABAP in Eclipse), and includes an introduction to Eclipse.
Code Review sessions (30 minutes)
Assess real code examples and learn new tips and techniques directly from developers
Find and Fix Security Vulnerabilities in ABAP Coding (Code Review, 30 mins.)
Are you developing your own ABAP code? How do you know if it is secure? See some typical security breaches and learn how to find them with SAP NetWeaver Application Server, add-on for code vulnerability analysis. And, of course, you will also find out how to fix them.
Defend Your Application Against XSS and XSRF on SAP Cloud Platform (Code Review, 30 mins.)
This session examines the code of a badly designed application running on SAP Cloud Platform. See how the flawed code makes the application vulnerable to attacks such as cross-site scripting (XSS) and cross-site request forgery (XSRF). Discover how such attacks can exploit the application and learn how to fix the application to prevent them.
Configure Clickjacking Protection for Your Customized Login Screen (Code Review, 30 mins.)
Clickjacking is an attempt to trick users into clicking hidden user interface elements without the user realizing it. The user thinks he or she is clicking on the underlying frame, but is actually clicking on an action chosen by the attacker. Learn how to protect and configure your cloud application to authenticate with the SAP Cloud Platform Identity Authentication service. Find out how to embed your customized login screen into your application as [INVALID].
Adjusting User Provisioning Rules in SAP Cloud Platform (Code Review, 30 mins.)
Join us for a review and demonstration of the best practices for securely provisioning users to the cloud. Whether you have a complex scenario based on user groups or specific attributes, or would like to create special rules with regular expressions, the SAP Cloud Platform Identity Provisioning service allows you to customize your user data transformations. Discover how you can adjust the transformation-mapping rules to reflect your current setup of entities from the source or target system.
If you’re interested in getting a detailed understanding of SAP’s portfolio of solutions, platforms and technologies, and insights into their future direction, but also in putting your hands on the latest and greatest features and tools, then join us at the different SAP TechEd 2017 events all around the world.
Save the dates!