First SAP Security Guideline For IT Security Personnel Made Ever is Out Now
(PRWEB) April 25, 2014 -- The ERPScan company has released a Security Guide for configuring SAP’s ABAP based solutions.
ERP, CRM, SRM, HR, and Business Intelligence systems as well as other critical applications are of a great importance and always deal with processes which are critical for business – purchases, payment, logistics, HR, product management, financial planning, etc. All information stored in Business Application systems is sensitive, and any unauthorized access to this information can cause a huge damage and even interruption of business. According to the report by the Association of Certified Fraud Examiners (ACFE), in 2012, organizations’ losses caused by internal fraud (IT-frauds) has reached 5 % of annual revenue.
Nowadays, business applications are extremely popular solutions, that is why but a few companies with more than 1000 employees can be found which do not use at least one such application. SAP AG is a main player in this field, having about 251,000 customers worldwide, including 86 % of Fortune 500 companies. This is why we choose SAP ABAP based business applications to be the first system to release a guideline about security enhancement.
The authors concentrated their efforts on making the guideline as brief as possible but at the same time the one to cover the most critical threats for each area. This approach is the main objective of the guide, and the intention of the research team was not to create just another list of issues with no explanation why a particular issue was (or was not) included in the final list, but to prepare a document that may be handy not only for SAP security experts. At the same time, the development of the most complete guide would be a never-ending story due to thousands of SAP configuration checks available for a typical system without taking into account specific role-based access and in-house applications. As a result, the guideline includes 33 major checks that must be implemented in the first place and can be applied to any system, regardless of its settings and custom parameters. It is also important that these checks are equally applicable to production systems and those of testing and development.
Aleksandr Kruglov, ERPScan, http://erpscan.com, +7 9218729768, [email protected]
Share this article