Devoid of clear ownership of security for a serious business platform like SAP, it should come as no wonder that SAP cyber security endures to fall through the cracks among IT, admin, and security and InfoSec teams.
Tip 1: Recognize the Risk
The first tip is to recognize the risk. Same like the other fields, the world of information security is no diverse. Similarly, the world of safeguarding your SAP platform is also the same.
Think about your present situation by probing the following questions:
- In what way rapidly do I apply critical (CVSS 8 or higher) patches for my Windows systems?
- In what way rapidly are critical patches applied to my SAP systems, as per my SLA?
- If the final is longer than the previous, why am I keen to live with so much risk in my SAP systems for longer periods (sometimes expressively longer) than my Windows systems?
- What types of business procedures and critical information run through my SAP Systems?
- Is it suitable for them to be exposed to this risk?
Other than this tip; there are some other tips as well.
Tip 2: Analyze the Risk
The next task is to analyze the risk. This can be done by focusing on these 3 items such as
- Reducing vulnerabilities and exposure
- Managing access control and limiting permissions
- Meeting other policy/compliance requirements
Tip 3: Audit Roles and Profiles
Post identifying which roles needs serious access one should initiate performing weekly or even daily audits of those roles to see if they have been applied to anyone outside of the known group. It’s not unusual for an operator to temporarily be granted higher rights in order to clear them and allow them to perform a serious business process.
Tip 4: Audit Permissions
The next tip is regarding audit permissions which are almost the same like the previous tip as here the weekly or even daily audits are initiated once the roles that need serious access are identified.
Tip 5: Scan for Configuration Changes
To ensure that the process or one-time activity works as anticipated, administrators often introduce configuration changes. However, these deviations are not always reversed, leaving the ability for others to re-perform the action, frequently avoiding any alarms that would get activated.
Organizations should incorporate weekly -- or even daily -- configuration scans to recognize when configuration changes are performed. An analysis of the changes could identify exposure that has been presented by the change, thereby decreasing the security of the system.
Tip 6: Look for Separation of Duties Scope Creep
Organizations should incorporate daily or weekly analysis of the states of separation to prevent accidental or sometimes cautious damage to systems or data loss.
Tip 7: Apply Patches and Security Notes
To ensure that the Service Level Agreement (SLA) is properly met, the security notes should be identified.
Tip 8: Leverage Intelligent Log Management
While the right sets of logs are united with intelligent log analysis, it ensures that actionable information can be revised and escalated as soon as it is collected and as soon as risks or incidents are identified. Therefore, it is essential to monitor your logs to track user activity and to look for irregularities in user behavior.
Tip 9: Maintain Visibility
Maintain visibility by considering the combination of scheduled audits, ad-hoc audits, and real-time monitoring to create and maintain the best possible image.
Tip 10: Get Real with InfoSec Ownership
To meet your defined SLA, the configuration and tuning of the infrastructure and its application stack are critical. To ensure that the right actions are recognized and that the right people and processes are in place, clearly defined roles and responsibilities must be there.