l’impresa non può essere intelligente senza essere
TRANSCRIPT
PUBLIC
Enable the Intelligent Enterprise with SAP Services
Chiara De Maria – Business Development Consultant, SAP Services
Sandro Coco – Principal Technology Architect, SAP Services
May 7th, 2020
L’impresa non può essereIntelligente senza esseresicura
2PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Enable the Intelligent Enterprise with SAP Services
2PUBLIC© 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Today's Speakers
Chiara De Maria
Business Development Consultant
SAP Services
Sandro Coco
Principal Technology Architect
SAP Services
3PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Enable the Intelligent Enterprise with SAP Services
3PUBLIC© 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Let's Build the Intelligent Enterprise Together!
Aprile: il mese dei dati
Il valore dei dati
nell'Intelligent Enterprise
2 aprile
Come costruire un Enteprise Data
Warehouse: il punto di vista
SAP Service
7 aprile
SAP Analytics Cloud.
L'innovazione delle Analytics App
23 aprile
L'oceano dei dati aziendali, immergersi
per scoprire i mondi sommersi: Data
Science e Data Management
28 aprile
Il valore dell'innovazione
portato da BW/4 2.0
30 aprile
Gennaio: il mese della Customer Experience Febbraio: il mese di S/4 Marzo: il mese del Manufacturing e della Supply Chain
Maggio: il mese delle Intelligent Technologies
Giugno: Il mese dell'Application Development & Integration
L'impresa non può
essere intelligente
senza essere sicura
7 maggio
Non scivolare sull'hyperscaler:
percorsi di evoluzione verso
architetture ibride
14 maggio
Approcci progettuali
consolidati nell’utilizzo del
Machine Learning
21 maggio
Chi ben monitora è già a
metà dell’opera
26 maggio
Utilizzare in modo consapevole la
SAP Cloud Platform per disegnare
l'Intelligent Enterprise Architecture
4 giugno
Rendere il codice ABAP al passo con i
tempi grazie all’ABAP Environment di
SAP Cloud Platform
11 giugno
Estendere le funzionalità e
costruire applicazioni innovative
con SAP Cloud Platform
18 giugno
Soddisfare le esigenze di
integrazione dell'Intelligent
Enterprise con SAP Cloud Platform
25 giugno
Innovate and accelerate time to
value with a subscription based SAP
Commerce Cloud implementation
26 maggio
4PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Enable the Intelligent Enterprise with SAP Services
4PUBLIC© 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ
SAP Services Italia
Il Gruppo Jam dedicato ai clienti di SAP Services Italia
Il sito SAP Jam dedicato ai clienti italiani di SAP
Services è il punto di partenza per
✓ Vedere le registrazioni delle passate edizioni
dei nostri webinar e le relative presentazioni
✓ Consultare il materiale condiviso durante i
nostri eventi
✓ Esplorare ulteriore materiale che riteniamo di
tuo interesse
5PUBLIC© 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Enable the Intelligent Enterprise with SAP Services
INTELLIGENT ENTERPRISE
INNOVATION DAY#VIRTUAL_EVENT
SUPPLY CHAIN, MANUFACTURING &
MAINTENANCE INNOVATION DAY
#VIRTUAL_EVENT
9 LUGLIO
BUSINESS INTELLIGENCE & DATA
MANAGEMENT INNOVATION DAY
17 SETTEMBRE
CUSTOMER EXPERIENCE
INNOVATION DAY
“Together, we make it happen”
51 participants
71 participants
6PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Enable the Intelligent Enterprise with SAP Services
6PUBLIC© 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ
The Intelligent Enterprise framework
7PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Enable the Intelligent Enterprise with SAP Services
7PUBLIC© 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Modern SAP Landscape
Past SAP Security breaches/exposures
10KBLAZE
Keep calm and…
How can we help you…?
Q&A
Agenda
8PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Enable the Intelligent Enterprise with SAP Services
8PUBLIC© 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Modern SAP Landscape
▪ Opportunities, complexities, challenges
Past SAP Security breaches/exposures
10KBLAZE
Keep calm and…
How can we help you…?
Q&A
Agenda
76% of the world’s transaction revenue
83% of the world’s business-to-business transaction revenue
$22 trillion of consumer purchases around the world
If our economy is to thrive, our commitment to cybersecurity must match
our commitment to innovation.
… are touched by SAP software systems.
10PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Enable the Intelligent Enterprise with SAP Services
10PUBLIC© 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Security risks increasing with Digital Transformation
Digital technologies are here to stay
Predictive analytics
Internet of Things
Cybersecurity
Hyperconnectivity
Big Data
Mobile
Artificial Intelligence
Machine Learning
Cloud
Value of dataData has value, both in terms of the
value companies are able to extract
and the value a potential hacker
could exploit.
Volume of dataCompanies are collecting and
storing more data than ever before.
Vulnerabiliy of endopointsNo longer does data remain locked
inside a mainframe, as it has proliferated
outside of the four walls of a company
business.
The sheer number and
sophistication of attacks are
at an all-time high.
Security risk Value to
attacker
11PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Enable the Intelligent Enterprise with SAP Services
11PUBLIC© 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ
• Intellectual property
• Treasury and cash
• Financial reporting insights
• Business trade secrets
• Sensitive customer information
• Sensitive employee information
• …
SAP Intelligent Suite: hosting your «crown jewels»
Ugly truth is many customers are protectingtheir most valuable information assetsbehind… myths
• «Internal SAP Security team has SoD topic under full control»
• «SAP ERP platform is accessible only throughinternal network, and we have strong perimetersecurity»
• «We’re moving to Cloud so security is no more ourconcern»
• «We regularly patch our systems so it can’t be vulnerable»
12PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Enable the Intelligent Enterprise with SAP Services
12PUBLIC© 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ
SAP Application Landscape is dramatically evolving…
Modern SAP Landscape
On-Prem applications
(SAP & non-SAP)
13PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Enable the Intelligent Enterprise with SAP Services
13PUBLIC© 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Digital transformation leads to an explosion of connected environments where perimeter
protection doesn’t help any more.
In the past, legacy enterprise software gained its level of security by means of the
customer’s implementation of security on its network.
In a digital world, this classical enterprise network doesn’t really exist any longer.
Attackers and other malicious individuals will continue to compromise weak links in
customers’ enterprises, resulting in deep access to their systems and networks.
SAP applications must employ all aspects of security since they can be much more
exposed than you think.
Modern Landscape: Digital Transformation
14PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Enable the Intelligent Enterprise with SAP Services
14PUBLIC© 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ
We must take into account that SAP Landscape and SAP Technology have evolved with time.
Threats have evolved the same. This doesn’t mean modern landscapes are inherently less secure,
it means you have to adapt your security approach.
• Hybrid/Multicloud scenarios → endpoint security
• Access to applications anytime, anywhere → does «on Premise» still have a meaning?
• Attacks can come from inside:
• unfaithful employees
• spear phishing attacks
According to security researchers scanning deep web, interest into SAP vulnerability has greatly
increased in the last 5 years*
*source: Digital Shadows Ltd. and Onapsis Inc. , “ERP Applications Under Fire” – July 2018
Modern SAP Landscape: challenges
15PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Enable the Intelligent Enterprise with SAP Services
15PUBLIC© 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Modern SAP Landscape
Past SAP Security breaches/exposures
▪ …you definitely don’t want to be next
10KBLAZE
Keep calm and…
How can we help you…?
Q&A
Agenda
16PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Enable the Intelligent Enterprise with SAP Services
16PUBLIC© 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Past SAP Security breaches…yes, it’s awfully real
17PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Enable the Intelligent Enterprise with SAP Services
17PUBLIC© 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ
2012 – Anonymous claimed breach to Greek Ministry of Finance using SAP zero day exploit
2013 – Banking Trojan found to target also SAP Clients (SAPGUI detection + screenshot capture + keylogger)
2014 – Chinese hackers break into NVidia Customer portal through SAP Netweaver vulnerability –related SAP Security note was available since 2011
2015 – Chinese hackers break into USIS, largest USA DHS contractor, and steal thousands of sensitive personal information leveraging vulnerability of a poorly managed SAP system (probably standard password). USIS controlling company filed for bankruptcy after this
2016 – 1st DHS US-CERT Alert for SAP Business Applications (36 Multinationals breached leveraging SAP J2EE invoker servlet vulnerability closed by SAP since 2010)
2018 – 2nd DHS US-CERT Alert for SAP Business Applications (warning on increased interest into SAP exploitation techniques)
2019 – 10KBLAZE 3rd US-CERT Alert for SAP Business Applications (Gateway/Message Server misconfiguration vulnerability)
Past SAP Security breaches/exposures
18PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Enable the Intelligent Enterprise with SAP Services
18PUBLIC© 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Modern SAP Landscape
Past SAP Security breaches/exposures
10KBLAZE
▪ You can always insecurely manage a security-by-design product
Keep calm and…
How can we help you…?
Q&A
Agenda
19PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Enable the Intelligent Enterprise with SAP Services
19PUBLIC© 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ
“In April 2019, several new exploits targeting two technical components of SAP® applications were
released after being presented in a session at the OPCDE Security Conference. These exploits,
dubbed 10KBLAZE, can lead to full compromise of SAP applications, including deletion of
all business application data” – quote from Onapsis’ 10KBLAZE Threat report introduction
Yes it is as scary as it sounds… a PC with a Python interpreter inside your network (...you don’texpose your gateway nor message server directly to public internet, do you?!?) and the attacker can take complete control of your production SAP system: exfiltrate/change/delete/create data, create administrative users, shutdown application servers…
10KBLAZE is also perfect example to explain the need of Secure Configuration of an SAP system.
If you’re vulnerable due to 10KBLAZE, this is due to a system misconfiguration, not to a defect into SAP software.
(if you found question about exposing GW/MS to internet offending… YES there are SAP systems directlyexposed to public network)
Onapsis’ 10KBLAZE: Gateway/Message Server combined vulnerability
20PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Enable the Intelligent Enterprise with SAP Services
20PUBLIC© 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Onapsis’ 10KBLAZE: what we are dealing with (demo)
USE THE FOLLOWING LINKS
TO VIEW THE VIDEOS
• 10KBLAZE demo 1
• 10KBLAZE demo 2
• 10KBLAZE demo 3
21PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Enable the Intelligent Enterprise with SAP Services
21PUBLIC© 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ
10KBLAZE demo 1
22PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Enable the Intelligent Enterprise with SAP Services
22PUBLIC© 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ
10KBLAZE demo 2
23PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Enable the Intelligent Enterprise with SAP Services
23PUBLIC© 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ
10KBLAZE demo 3
24PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Enable the Intelligent Enterprise with SAP Services
24PUBLIC© 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ
10KBLAZE is based on SAP Message Server and SAP Gateway vulnerability.
• Message Server vulnerability is dealt with SAP Note 821875 - Security settings in the message server – 1st released March 8, 2005. Further details are in SAP note 1421005 - Secure configuration of the message server – 1st released July 23rd, 2010.
• Gateway vulnerability is dealt with SAP Note 1408081 - Basic settings for reg_info and sec_info– 1st released December 4th, 2009.
• On May 9th, 2019 as further help to customer to deal with 10KBLAZE publication, SAP released Security Spotlight News ” Securely Configuring SAP Gateway and SAP Message Server” –https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html#section_1090235729
• SAP Note 2795681 - Securing SAP RFC Gateway and SAP Message Server – 1st released on May 30th, 2019 can be used as starting point with all needed links to detailed configuration guides to securely configure both SAP Gateway and SAP Message Server
Onapsis’ 10KBLAZE: history and remediations
25PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Enable the Intelligent Enterprise with SAP Services
25PUBLIC© 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Modern SAP Landscape
Past SAP Security breaches/exposures
10KBLAZE
Keep calm and…
▪ Define a reaction strategy
▪ Become aware of your attack surface
▪ Design an hardening roadmap
▪ Define a patch strategy
How can we help you…?
Q&A
Agenda
26PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Enable the Intelligent Enterprise with SAP Services
26PUBLIC© 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ
What if you suffer a major security breach… tonight?!?
27PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Enable the Intelligent Enterprise with SAP Services
27PUBLIC© 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ
WHAT IF you suffer a major security breach TONIGHT?!?
That’s bad… but it’s even worse if you have no idea what to do next.
• Understand the risk: know your SAP systems and assign each a criticality score – take into account bothEconomic, Compliance (e.g. GDPR) and Reputation impact caused by outage, data leak or sabotage
• Identify all involved actors: internal key responsibles, business partners, customers, cloud providers…
• Prepare a reaction/remediation plan:
• Save all information that could be used for forensic analysis
• Execute what is needed to be operative again e.g. trigger system restore or disaster recovery (time to review backup/DR policies?)
• Inform authorities/customers/business partners
• Start working on legal and/or reputational consequences
• Document all findings and start preemptive plan to avoid it happens again
This what-if simulation is first step to really understand what you’re dealing with.
Define a reaction strategy
28PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Enable the Intelligent Enterprise with SAP Services
28PUBLIC© 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Know your SAP Landscape: interfaces with third parties, cloud connectors, internet-facing
systems…
Collect all needed information from third parties/contractors (roles/responsibilities, compliance,
technical security measures in place)
Bring Security and SAP Basis team to same table – too often SAP systems are a «Black box» to
security teams: specific knowledge is needed to understand their vulnerabilities
Create a «Heat Map»
likelihood vs. severity of risks identified
mapped on relevant SAP system
Report on your findings to CIO/CISO and get proper attention to SAP security topic – you need
empowerment to be able to create/enhance a SAP Security governance team
Become aware of your attack surface
1 2 3 4 5
1 1 2 3 4 5
2 2 4 6 8 10
3 3 6 9 12 15
4 4 8 12 16 20
5 5 10 15 20 25
Likelihood
Severity
29PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Enable the Intelligent Enterprise with SAP Services
29PUBLIC© 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ
• Start with hottest SAP systems in your heatmap
• Assess security status with Security and SAP Basis teams and prioritize remediations – don’t forget to leverageon SAP Solution Manager to accomplish this (SOS, System recommendations…)
• Assess logging/auditing status of SAP systems and their interfaced systems
• Define security test phase and benchmark results (planning external audit and/or penetration testing can help in this)
• Execute remediations and match results against defined security KPIs
• Document security test results, report to internal stakeholders, and start back with assessment part – be awarehardening any infrastructure is an iterative process!
• Don’t miss to leverage on existing transformation projects! Including major security measures in an alreadyplanned change will save you both time and money during testing phase!
• Include security review as basic part of any future landscape evolution: security planning/development/realizationalways costs less than security remediation (and guess what… it’s less risky)
Design an hardening roadmap
30PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Enable the Intelligent Enterprise with SAP Services
30PUBLIC© 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ
SAP released more and more security notes according to increased technology complexity and evolution of threat landscape
SAP Security Patch Day – 2° Tuesday every month https://launchpad.support.sap.com/#/securitynotes
Review relevant patch for your systems and be sure to apply Hotnews timely
Take care your SP level is sufficient to allow Hotnews to be installed! Consider the 18-months-rule!!!
https://blogs.sap.com/2012/03/27/security-patch-process-faq/#jive_content_id_40
BE AWARE: patching alone is no security guarantee – carefully review needed post-patching manualactions/configurations (10KBLAZE docet)
Define a patching strategy
First presentation on
SAP Security
at Black Hat
31PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Enable the Intelligent Enterprise with SAP Services
31PUBLIC© 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Modern SAP Landscape
Past SAP Security breaches/exposures
10KBLAZE
Keep calm and…
How can we help you…?
▪ Security-enabling SAP products
▪ SAP Services
Q&A
Agenda
32PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Enable the Intelligent Enterprise with SAP Services
32PUBLIC© 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ
UI Logging: enables logging of any data access performed at UI level while keeping data accessible
• Much richer detail than standard SAL
• Reporting enabled to identify & prove irregular data access
• Prevents illegitimate data access and theft by inducing compliant behavior
UI Masking: enables concealing specific data (values in fields/columns) unless required for business tasks
• Unmasking based on specific access rights on top of existing roles/authorization setup
Enterprise Threat Detection
• Provides insight into suspicious activities in your SAP software–centric landscape enabling to identify security breaches in real time
• SAP’s own internal solution to protect SAP
• Central collector of all your security logs
• Leveraging HANA’s AI/ML capabilities to identify activity correlation/patterns that could lead to a security violation
Security-enabling SAP products
33PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Enable the Intelligent Enterprise with SAP Services
33PUBLIC© 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ
SAP Services: Your Journey to the Intelligent Enterprise…
…and How We Help You Succeed
Project Success
Premium Success
Continuous Success
• Premium Success Engagements
• SAP MaxAttention
• SAP ActiveAttention
• Support, Adoption, and Optimization
• SAP Preferred Success
• SAP Enterprise Support
• Value Adoption
• Managed Services
• SAP HANA Enterprise Cloud
• SAP Cloud Application Services
• Innovation and Advisory
• SAP Advisory Services
• SAP Innovation Services
• SAP Innovative Business Solutions
• Implementation and Deployment
• SAP Value Assurance
• SAP Advanced Deployment
• Technology
• Platform Services
• Cloud and Integration
• Data Services
• Training Services
• Learning and Enablement Products
SAP Model
Company
Training and
Enablement
Lifetime Customer andEcosystem Success
34PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Enable the Intelligent Enterprise with SAP Services
34PUBLIC© 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ
SAP Security recommendations
10 focus areas for customers (for details, visit www.sap.com/security)
As SAP continues to secure its internal operations, we have captured our best-practice approach to share with our customers.
Emergency
concept
▪ Define emergency, backup,
and disaster recovery concepts
to ensure business continuity
▪ Consider preparation of
complete fallback systems for
business-critical processes and
applications
Users and
authorizations
▪ Security awareness
▪ User authorizations clearly
defined and managed
Custom code
security
▪ Establish custom code lifecycle
management processes
▪ Use security source code scan
tools to identify vulnerabilities in
your custom coding
Secure
configuration
▪ Password security
▪ Authentication
▪ Encryption of data and
communication
Secure
maintenance
of SAP software
code
▪ Regularly update all SAP
software
▪ Review common
vulnerabilities and exposures
(CVE) disclosures monthly to
assess risks to your SAP
software landscape
OS and database
security
Network
security
▪ Define a network concept
with clearly structured
different zones
▪ Separate high-security
areas
▪ Determine concepts for
dedicated servers and
administrative roles
Front-end
security
▪ Deploy security configuration
for both clients and mobile
endpoints
▪ Distribute and activate
administrator rules
▪ Activate access control lists
(ACLs)
Security
audit log
▪ Monitor all systems
▪ Activate the security audit log
(SAL)
▪ Activate filters for critical users
Communication
security
▪ Use encrypted communication
- Secure sockets layer (SSL),
transport layer security (TLS),
or secure network
communications (SNC)
▪ Secure all remote function call
(RFC) connections
▪ Implement dedicated security
requirements for all operating
systems
▪ Implement restrictive database
access mechanisms
35PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Enable the Intelligent Enterprise with SAP Services
35PUBLIC© 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ
SAP Services: Cybersecurity & Compliance Services Offering Areas
Strategy and architecture
Continual improvement
Transparency and mitigation
Awareness
Securing a landscape is a continuous, iterative process.
Take advantage of SAP Services to:
• Gain awareness of current situation
• Identify top priority remediations
• Learn how to make the most of tools you already have
• Improve your competence in securely running your
SAP landscape
• Safeguard your investments including security in your
next implementation projects
• Define/refine an hardening roadmap for your landscape
• Plan how to deal with your Digital Transformation with a
security-compliant methodology
36PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Enable the Intelligent Enterprise with SAP Services
36PUBLIC© 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ
SAP Services: Cybersecurity & Compliance Services Offering Portfolio
SAP Roles & Authorizations
• Roles & Authorizations Concept Workshop
• Roles & Authorizations Review
SAP Access Control
• Ruleset Review
• Solution Design Review
• Solution Design & Implementation
• SuccessFactors Integration PoC
• SuccessFactors HR Automation PoC
SAP Identity Management
• Overview Infosession
• Solution Design Assessment
• Solution Design & PoC Implementation
• System Health Check
• Sizing Check
Core Empowerment• Security Planning
• S/4HANA Roles & Authorizations Migration Planning
• SAP Identity & Access Management Planning
• SAP Access Control Custom Solution Discovery
• SAP Cloud Platform Security Planning
• GDPR Discovery
Security in Cloud & Hybrid Landscapes
• Cloud Authentication & Provisioning Workshop
• Securing the Cloud Connector
Communication Channel Security
• Communication Channel Security Workshop
• Securing the RFC Gateway
Authentication & Single Sign-On
• SSO Evaluation Workshop
• Single Sign-On Workshop
Technical & Custom Code Security
• Configuration Validation Workshop
• Patch Management Workshop
• Custom Code Security Infosession
Awareness
• Security Pulse Check
Data Privacy & Protection• UI Logging & UI Masking Empowering Session
• GDPR Technical Basic Check
Security Review & Monitoring
• Logging & Forensic Analysis Infosession
• SAP Enterprise Threat Detection Infosession
• SAP Enterprise Threat Detection Pilot To Production
• SAP Enterprise Threat Detection Health Check
Security Architect
• Dedicated Security Architect (fTQM)
37PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Enable the Intelligent Enterprise with SAP Services
37PUBLIC© 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Awareness: Security Pulse Check
Objectives
SAP to obtain an overview on the customer’s situation regarding SAP security by reviewing current solution landscape and
previously executed Service Reports (EWA, SOS)
Identify needs, options and next steps to improve the security of the customer’s SAP environments, summarized in a
customized Action Plan
Activities
Remote analysis of the systems in scope (directly and leveraging Solution Manager tools)
Onsite workshop to share the analysis findings and assess the customer's scenario with both BASIS and Security customer’s teams
Final report and Action Plan draw up
Onsite workshop to discuss the Action Plan and define the next steps
Outcomes
Wrap-up report, containing the remote analysis and onsite workshop findings
Action Plan containing action items and recommended course of action to resolve gaps as discussed and aligned during
onsite workshop
Prerequisites and constraints
Maximum 3 systems in scope
Systems in scope already configured in Solution Manager (customer can ask for SAP support if this is still to be done)
Remote access provided to SAP consultants to systems in scope and to Solution Manager
38PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Enable the Intelligent Enterprise with SAP Services
38PUBLIC© 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Suggested OpenSAP courses:
▪ Information Security Management in a Nutshell
▪ Cybersecurity – The Essential Challenge for Digital Transformation
Useful information available on SAP Web sites:
▪ Security guides – https://help.sap.com
Provides security guide documentation
▪ Security on sap.com – https://sap.com/security
Provides information on security at SAP and on security products from SAP
▪ SAP Security Notes – https://launchpad.support.sap.com/#/securitynotes
Provides information on SAP Security Notes
▪ Security optimization services landing page – https://support.sap.com/sos
Provides information on tools and services in the context of your maintenance contract
▪ SAP Cloud Trust Center site – https://sap.com/cloud-trust-center
Provides information on cloud security and security certifications at SAP
▪ Security community – https://www.sap.com/community/topic/security.html
Gives access to the security community at SAP with information, blogs, and forums
Further Info
39PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Enable the Intelligent Enterprise with SAP Services
39PUBLIC© 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Modern SAP Landscape
Past SAP Security breaches/exposures
10KBLAZE
Keep calm and…
How can we help you…?
Q&A
Agenda
40PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Enable the Intelligent Enterprise with SAP Services
40PUBLIC© 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Source: xkcd.com
Q&A
https://webinars.sap.com/it/sap-Services-italy-for-intelligent-
enterprise/it/home
Enable the Intelligent Enterprise with SAP Services
https://webinars.sap.com/it/sap-Services-italy-for-intelligent-
enterprise/it/home
Contact information:
Sandro Coco
Principal Technology Architect
+393357749886
Thank you.