CLOUDABILITY, OUTSOURCING AND OUTTASKING
System up-to-dateness
Why should we even have an individual SAP Security Check performed? Your SAP authorisation concept is designed to ensure the security and protection of data against unauthorised access and abuse. The technical complexity of SAP systems and the ongoing adaptations of business processes often lead to unknown security vulnerabilities. In addition, the increasing digital networking with business partners offers further attack points on your SAP system. SAP Security Check gives you an overview of the security situation of your SAP systems. This will identify potential risks that could jeopardise the safe operation of your IT landscape. Your starting situation The ongoing changes in your IT systems lead to unrecognised security vulnerabilities and your auditors will regularly report to you in the final report on abuses in the authorisation concept. The legal requirements (e.g. EU guidelines) to secure your business processes and IT systems have not yet been implemented and the increasing networking with business partners presents new challenges to your security system. The security-related system settings and permissions settings applied to your SAPS systems are poorly documented, which in many cases causes the system settings to allow extensive critical access unchecked. Critical SAP permissions, profiles, and roles identify permissions that allow critical operations to be performed in terms of security or from a legal or business perspective are called "critical permissions" by SAP. The granting of critical allowances must therefore generally be carried out with particular care and should therefore be planned in advance. Technical and organisational measures and processes must then ensure that the desired level of safety is implemented.
With the function module SWNC_COLLECTOR_GET_AGGREGATES one can determine the most important SAP Basis transactions. After all, each SAP Basis expert sees different transactions as important.
Job Management Concept
The higher the degree of standardisation of operational and maintenance tasks, the more effective the technical operation and maintenance can be. At the same time, this simplifies outsourcing and, if necessary, the use of a cloud solution. CHOOSING AN APPROPRIATE SERVICE FORM Regardless of the chosen service form, as well as outsourcing and outtasking, the overall responsibility for the availability and performance of the IT-supported applications remains with the company. This still means internal coordination of maintenance windows or release booths, which remains in place. Similarly, the services provided by the external partner must be regularly monitored and their quality checked. Therefore, the chosen IT strategy must be chosen from this point of view with the lowest risk. If the technical operation is not sufficiently assessed in the decision, there is a significant business risk.
A clearly structured and secure authorization management is very important to avoid errors and prevent access by unauthorized persons. These services are part of our authorization management:
"Shortcut for SAP Systems" makes it easier and quicker to complete a number of SAP basis tasks.
Of course, there are several other storage parameters that would exceed the scope of this article.
The following screenshot shows the way across the SE03: Here you can change the desired namespaces and software components depending on your request.