Dec 11th SAP Community @SAPMentors Call: What you always wanted to know about SAP Security, but did not dare to ask!
Recording link is here
Abstract: What you always wanted to know about SAP Security, but did not dare to ask!
Not a day goes by without the next new data theft or IT hack being reported. What can you do to keep your SAP systems secure and find the hackers in your system?
In this SAP Community Session we will give recommendations on how to develop securely, how to keep up-to-date with security patching and introduce SAP’s security products (SAP Cloud Platform Identity Authentication, SAP Cloud Platform Identity Provisioning, SAP Enterprise Threat Detection, SAP Single Sign-On, SAP Identity Management) with short demos. Attendees will have the option to ask questions and pick topics for future deep dives.
Presenter: Gerlinde Zibulski , Director of Product Management Security and Identity Management at SAP SE
SAP Inside Track Wiki: https://wiki.scn.sap.com/wiki/display/events/SAP+Inside+Track
Buzz word today APT – advance persisted threats
For SAP customers with business critical systems may deal with identity theft and data theft
Value of data; Equifax hack
Value of data is high
Volume of data is a risk
Vulnerability of end points is usually not SAP’s “turf”
Each bubble represents an size/cost of attack
See comparison – site is from Information is Beautiful
40 in 2004; 2016 in 44 – size and cost has risen significantly
Security speedometer; cyber attacks are real
Comment from Matt Fraser ” Lots of brute-force password guessing, it seems.”
How SAP is targeted
Many data centers with business critical data
What SAP IT Security does and sees on a monthly basis
SAP wants to be the most trusted software vendor in the world
3 corner strategy is above
Target zero vulnerabilities so the software is secure
Defendable applications came from customer requests
Working with partners on security partners
Train your people; SAP project is called Human Firewall, mandatory training
She suggested taking a SAP data center tour
SAP is “buzzword” security compliant
Visit the SAP Cloud Trust Center
Also visit SAP Help
Use 2 Factor Authentication
10 security recommendations for customers
SAP Security Patch day are the 2nd Tuesday of each month – recommend customers implement high and very high immediately
For ABAP you can use the code vulnerability analyzer
Don’t run systems on the internet using http
RFC connections and users are vulnerable; unified connectivity is a tool part of NetWeaver ABAP server
Business applications contain business critical data
SAP security products
SAP is looking to integrate the SAP Cloud Platform applications
Summary of the session
Great session by Gerlinde!
Tammy, thx for sharing the slides!
As the session was recorded, will be there also a link to it? There were some demos in addition worth to be seen again.
Hi Roland - I meant to ask for the recording earlier and forgot - I just sent an e-mail and will update the blog as soon as I get it...thank you for following up
Agreed, the demos, and much of the audio conversation, were really the best part of this presentation.
Roland - thank you for following up - thanks to Maria Farrales I have updated the blog with the recording link
Dangit! I must have missed the reschedule email from when the original meeting got pushed. Thanks for the info though, Tammy!