Dec 11th SAP Community @SAPMentors Call: What you always wanted to know about SAP Security, but did not dare to ask!

Source: SAP

Recording link is here

Abstract:

Abstract: What you always wanted to know about SAP Security, but did not dare to ask!

Not a day goes by without the next new data theft or IT hack being reported. What can you do to keep your SAP systems secure and find the hackers in your system?

In this SAP Community Session we will give recommendations on how to develop securely, how to keep up-to-date with security patching and introduce SAP’s security products (SAP Cloud Platform Identity Authentication, SAP Cloud Platform Identity Provisioning, SAP Enterprise Threat Detection, SAP Single Sign-On, SAP Identity Management) with short demos. Attendees will have the option to ask questions and pick topics for future deep dives.

Presenter: Gerlinde Zibulski , Director of Product Management Security and Identity Management at SAP SE

SAP Inside Track Wiki: https://wiki.scn.sap.com/wiki/display/events/SAP+Inside+Track

Source: SAP

Source: SAP

Buzz word today APT – advance persisted threats

For SAP customers with business critical systems may deal with identity theft and data theft

Source: SAP

Value of data; Equifax hack

Value of data is high

Volume of data is a risk

Vulnerability of end points is usually not SAP’s “turf”

Source: SAP

Each bubble represents an size/cost of attack

See comparison – site is from Information is Beautiful

40 in 2004; 2016 in 44 – size and cost has risen significantly

Source: SAP

Security speedometer; cyber attacks are real

Comment from Matt Fraser ” Lots of brute-force password guessing, it seems.”

Source: SAP

How SAP is targeted

Many data centers with business critical data

Source: SAP

What SAP IT Security does and sees on a monthly basis

Source: SAP

SAP wants to be the most trusted software vendor in the world

Source: SAP

3 corner strategy is above

Source: SAP

Target zero vulnerabilities so the software is secure

Defendable applications came from customer requests

Source: SAP

Working with partners on security partners

Source: SAP

Train your people; SAP project is called Human Firewall, mandatory training

She suggested taking a SAP data center tour

Source: SAP

SAP is “buzzword” security compliant

Visit the SAP Cloud Trust Center

Also visit SAP Help

Source: SAP

Use 2 Factor Authentication

Source: SAP

10 security recommendations for customers

SAP Security Patch day are the 2nd Tuesday of each month – recommend customers implement high and very high immediately

For ABAP you can use the code vulnerability analyzer

Source: SAP

Don’t run systems on the internet using http

RFC connections and users are vulnerable; unified connectivity is a tool part of NetWeaver ABAP server

Source: SAP

Business applications contain business critical data

Source: SAP

SAP security products

SAP is looking to integrate the SAP Cloud Platform applications

Source: SAP

Summary of the session