If you don’t know the security levels of your SAP systems, beware!

Did you like our article?

The security of SAP systems is becoming increasingly relevant to organizations, as they need to safeguard and protect information that is vital for their business operations.

Nowadays, with SAP updates and new technologies that allow to work either locally or on the cloud, the tendency to have systems that are ever more open to the Internet is growing, thus making them increasingly more vulnerable.

It is then imperative that all users operating SAP systems have a defined and configured security scheme or model based on roles and profiles. The objective is to allow them to access exclusively the data they are concerned with, according to their role in the company’s organizational structure.

To prevent risks, it is essential to identify each one of the organization’s core processes and those who are responsible for them, to determine and delimit accesses.

Companies should keep in mind that to deploy a security model for their SAP systems the following services are needed:

• Definition and reengineering of roles and profiles.
• Roles and profiles revisions.
• SAP security auditing.
• SAP security upgrades.
• User management.
• SAP security governance.

Emilia Soto, security expert at Novis Mexico with more than 18 years of experience, recommends several elements to begin an assessment:

• The implemented solutions or systems.
• The information volume processed by the company.
• The market sales volume.
• The number of customers in their portfolio.
• The number of users operating their systems.
• The number of users that provide support to their systems.
• The processes handled by each one of their systems.

These elements or characteristics are the basis for starting and promoting the implementation of a SAP security model that ensures reduced risks, eliminates information leaks, and prevents fraud in the organization’s operation. Needless to say, the world’s leading companies share something in common: many of them rely on SAP platforms to handle their most critical businesses and their information flows.

Finally, Emilia emphasizes that to have a successful SAP security system, the following tasks must be done periodically:

• Perform risk assessments of work positions to make the necessary corrections in users’ roles.
• Monitor critical or sensitive accesses where the company may be exposed to information leaks.
• Perform follow-ups and controls of SAP systems’ support users.
• Define approvers or owners for business processes who can identify those which are critical for the organization and the end users that may execute them.
• Alert and correct unauthorized accesses.
• Monitor and restrict access to the system’s broad profiles, such as SAP_ALL and SAP_NEW.

For more information about our services, we invite to contact us.

Related Note

• SAP Security: What are the flanks to protect?