The global and independent platform for the SAP community.

Principles for SAP Security

Swiss SAP experts Itesys provide tips on how to close security gaps in SAP landscapes. This includes regularly checking authorizations, such as user rights and their roles.
E3 Magazine
July 4, 2024
avatar

What can and should SAP customers do to close the gaps in their SAP security? Swiss SAP experts Itesys provide tips for a secure SAP landscape. To protect themselves effectively, SAP customers should assume that the attacker has already successfully penetrated their SAP landscape, whether from the inside or the outside. The right starting point for increasing the level of security in SAP landscapes is the zero trust approach. If the attacker is always already in the system, IT managers cannot trust anyone or anything and must check everyone and everything.

In order to develop an effective security concept based on the zero trust approach, SAP customers should be guided by the following principles: strong authentication should be enforced always and everywhere, and all communications should be secure. In addition, authorizations should be granted only to the extent that users need them to do exactly what they are supposed to do, and no more. It is also important that is always clear and verifiable who has made what changes to the settings, and that all these changes are logged. Zero trust means permanent mistrust, which is why user rights and their roles, transactions, services, etc. are checked regularly.

Stefan Dunsch, Head of Cloud Competence Center at ltesys, spoke about security as well as SolMan and ALM at the Customer Competence Center Summit 2024 in Salzburg.

It is also important to note that the entire IT stack, from hardware and operating system to databases and SAP applications, must be kept up-to-date. Accordingly, SAP customers should regularly evaluate and install security updates as soon as they are announced. In addition, the IT landscape should be able to compensate for partial failures, for example, by segmenting the network and securing it with its own policies and measures, or by regularly practicing service recovery. These principles form the basis of an effective zero trust architecture, which SAP customers and partners can implement using appropriate tools and processes.

itesys.expert


To the partner entry:

Write a comment

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork.

Venue

More information will follow shortly.

Event date

Wednesday, May 21, and
Thursday, May 22, 2025

Early Bird Ticket

Available until Friday, January 24, 2025
EUR 390 excl. VAT

Regular ticket

EUR 590 excl. VAT

Venue

Hotel Hilton Heidelberg
Kurfürstenanlage 1
D-69115 Heidelberg

Event date

Wednesday, March 5, and
Thursday, March 6, 2025

Tickets

Regular ticket
EUR 590 excl. VAT
Early Bird Ticket

Available until December 20, 2024

EUR 390 excl. VAT
The event is organized by the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes attendance at all presentations of the Steampunk and BTP Summit 2025, a visit to the exhibition area, participation in the evening event and catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due course.