With the growing complexity of corporate IT landscapes and their increasing exposure via Internet gateways, enterprises have become increasingly vulnerable to security breaches. Systems that formerly had been accessible only from within the company can now be accessed externally by employees, business partners and, with the prevalence of online shops and customer service Web interfaces, also by customers.
Performed remotely by SAP and to a large extent automated, SAP Security Optimization searches for vulnerabilities in an enterprise’s SAP landscape – from applications and middleware, to Internet gateways and interfaces to partners’ systems, to user authorizations. Following the one- to two-day evaluation, customers receive a detailed analysis of security gaps and vulnerabilities – prioritized according to severity and probability – and action plans on how to resolve them. The recommended security measures can be carried out by the customer or by experienced security consultants from SAP Consulting and certified SAP partners.
Driving security measures at Fiat-GM Powertrain
One of the first customers for the security optimization service is Turin, Italy-based Fiat-GM Powertrain, a Fiat and General Motors joint venture producing engines and transmissions. For its recent integration of financials and indirect materials management processes within the company’s “Formula One: SAP” program, the SAP security check was done after having merged two completely diverse environments of numerous legacy applications and servers. At this stage, the project team sought a reliable and thorough security assessment that could be carried out on short notice and that would zero in on its most urgent security needs.
Without any administrative hold-ups, the SAP service team quickly executed a comprehensive check that pinpointed pressing issues. Although there were no surprises in terms of the applications’ transactions, the check identified users and even consultants no longer requiring access to the SAP system and delivered recommendations within the security report to help security administrators take preventive actions.
Staying on top of evolving security demands
As IT landscapes are in a constant flux of changing business processes and access authorizations, SAP recommends that security checks be undertaken at regular intervals. Organizations can thus run the most up-to-date checks, verify the effectiveness of implemented security measures derived from earlier service runs and verify that recent configuration changes have not introduced new security holes.
“With the dynamic development of enterprise IT landscapes and their increasing openness to customers and business partners, companies are continually presented with new challenges in terms of security,” said Sachar Paulus, chief security officer, SAP AG. “Knowing that our customers run business-critical information on SAP systems, we have always taken IT security very seriously. SAP Security Optimization will help our customers fortify their system landscapes and safeguard the sensitive data and processes that are essential to their business success.” SAP Security Optimization is part of SAP Active Global Support’s portfolio of customer services to help keep SAP solutions running optimally, improve return on investment and reduce the cost of operations.
Source: SAP AG