<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=523033&amp;fmt=gif">

SAP’s Usual Suspects: The Evolving SAP Landscape

Managing security and risk in SAP has evolved over the years. One could argue that the complexities of implementing compliant security models and access management programs has increased drastically as time progresses. Early versions of SAP utilized a profile concept before introducing the vehicles to deliver authorizations known today as roles. In 2015, S/4HANA was introduced unlocking tremendous capabilities for customers with its in-memory HANA database, Fiori front-end, and over 400 million lines of code rewritten to develop the next generation ERP offering. As of March 2021, there are more than 250 products listed in SAP’s Product Portfolio.

Today, we have more capabilities than ever before in the SAP ecosystem. As a result, we are seeing landscapes of interconnected systems, new securable objects, multiple versions of internet-facing applications, real-time data synchronizations, and much more adding to the complexities of managing security and access risk. There is also an increasing number of companies utilizing various applications to facilitate specific business process or areas of specialization. With today’s APIs and integration capabilities, heterogeneous enterprise landscapes are a noteworthy trend. These can be a mixture of SAP and non-SAP applications with their own security models and objects. The ability to manage access risk in multi-application and cross-application risk scenarios is paramount for organizations with business processes spanning across multiple applications.

Irrespective of your landscape, risk is all around us: segregation of duties, excessive security authorizations, data privacy, customizations, cyber-attacks, configurations, and much more.

In this blog series, we will narrow our focus to look at the Usual Suspects of SAP Access Risk:

While this blog covers the common risks, it is just the tip of the iceberg when it comes to system hardening, network security, and other key cybersecurity aspects. SAP has outlined many of these in the Secure Operations Map.

blog-sap-usual-suspects-risk-01-sap-secure-op-map

Figure 1 – The SAP Secure Operations Map

For now, we would like to provide you with some resources that will help you understand and manage risk in your SAP application:

SAP Resources on Security

Fastpath Resources for SAP Security