SAP TechEd Blog Posts
Share your experiences about SAP TechEd: Write about your favorite sessions and other conference highlights.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Achieve Security by Design and by Default #SAPTechEd Summary

TammyPowlas
Active Contributor
‎11-29-2021 10:21 AM
I joined the second session after I heard Greg Capps discuss it during a community check in.


Source: SAP


 

Ongoing problem


Data is going everywhere


Who has what data


How to protect endpoints if no patching happens


Zero trust architecture



Source: SAP


Secure operations map: link: https://support.sap.com/en/offerings-programs/support-services/security-optimization-services-portfo...


Building blocks to learn about SAP security


On premise view


Build a security culture at your organization


One customer mapped their solution to the building blocks for a framework and a road map


Solution Manager has capabilities - security optimization service


 


Source: SAP


For the cloud, a shared security responsibility



Source: SAP


RISE to S/4HANA


Your roles/responsibilities vs SAP vs hyperscaler



Source: SAP


CIO guide on sap.com


Work with cloud services - identity authentication, and access governance, and integrate with on premise solutions



Source: SAP


Tie once employee is onboarded


Automate workflow for identity and access



Source: SAP


Integrate with API's for on premise



Source: SAP


Data Custodian in the cloud


Provides key management services



Can be on premise or cloud


Big data solution from SAP, using SAP HANA


Looks at log collectors, correlation against attack detection patterns



Source: SAP


Pulls in Security Notes


Mid Point Q&A:

Q: Is SAP Enterprise Threat Detection installed with out-of-the-box settings/monitoring ?


A: Yes, there are patterns available out of the box


Q: SAP Enterprise Threat Detection - is this available be default or to be purchased separately


A: It is a separate licensed product


Q: Do you recommend using System recommendations instead of Security notes in SAP ETD if available?


A: You can use both together or either depending on your requirements


Q: What is the average implementation time for SAP Enterprise Threat Detection?


A: Implementation timeframe depends on the requirements


Q: Can ETD feed off of ARA, with respect to SA Tcodes/Apps?


A: ETD can help track who did what in the SAP system, it highlights what a user actually did in the SAP system



Source: SAP


Use Signavio to see who is accessing what - determine what business processes make sense


Use Digital Boardroom to see data in a visual way



Source: SAP


Link:


https://www.sap.com/products/enterprise-threat-detection.html


this blog might help: https://blogs.sap.com/2020/08/12/sap-cloud-alm-vs-sap-solution-manager/


https://static.rainfocus.com/sap/sapteched2021/sess/16303673718820013rDU/presentationpdf/IIS102_e2_d...


Session materials are here

The legal disclaimer applies to this session; anything in the future is subject to change.
Popular Blog Posts