SAP applications present a very attractive target for cyber attackers, according to Gerlinde Zibulski, Director of SAP Security Product Management at SAP SE. One of the largest software companies across the globe, SAP’s systems touch 74% of the world’s transaction revenue, she notes in her session for the upcoming Cybersecurity for SAP Customers 2018 conference presented by SAPinsider. Cyber threats in the past have come from many directions — such as viruses, worms, and identity theft — but since 2009, these attacks have become more sophisticated and targeted, and therefore more formidable.
But SAP has safeguards in place to thwart such threats. In her session “Safeguard Your Business Operations with SAP Security Solutions,” Zibulski outlines SAP’s strong cyber defense portfolio and architecture, which includes many security, threat intelligence, and GRC solutions. She also presents numerous security recommendations for users in 10 focus areas, including these tips:
- The authorization profile SAP_ALL should not be assigned to any user unless it is an emergency. You need to define what an emergency is as well as back-up and recovery remedies.
- Set dedicated ABAP profile parameters for password security, authentication, and encryption
- Activate the Security Audit Log (SAL)
- Have different zones on the network and separate high-security areas
- Use security source code scan tools to identify vulnerabilities in your custom coding
You can learn more about strategies to secure SAP systems at the Cybersecurity for SAP Customers 2018 conference, to be held in Prague from June 27 to 29. Visit www.sapcybersecurity2018.com for more information.