Do you know who is lurking in your SAP systems?
Recent high-profile security breaches have shown us that even the most robust systems can be compromised, leading to significant operational, financial and reputational damage. Current indications suggest these incidents were, at least in part, enabled by failures in best practice access control. Controls that should be consistently applied across every solution in your technology landscape.
The good news? There are practical steps you can take today to better protect your organisation’s SAP systems:
User Access
Starting off with access control, which we mentioned in our introduction. This is one of the most basic aspects of SAP security, but as a result it is often overlooked. You will likely have an access control policy in place, but it’s important to check if it is being adhered to, or if standards have begun to slip.
This is a great opportunity to test your processes from a potential hacker’s perspective. Look for weakness in password reset and access request processes in particular, and remember the social engineer’s greatest tools, time and emotive pressure.
Behavioural Anomalies
Most of us are creatures of habit, so it’s a good idea to start looking out for unusual behaviour among your users. Logins at unusual times of day, rarely used transaction codes suddenly being used more regularly and requests for additional file or system access when the user’s job function hasn’t changed are all examples of behaviour worth investigating further.
Specialised behavioural analytics software can make this easier, however you can also learn a surprisingly large amount by simply observing your user base with a critical eye.
Password and Lock Status of Special Users
A compromised employee account is dangerous, with a cyber attacker able to access things like confidential documents and emails and even join virtual meetings, getting hold of sensitive information in the process.
But what if the attacker can gain access to a highly privileged technical account like the SAP_ALL profile? Checking the security of your SAP default and highly privileged users is essential, not only because they can often execute all functionality, but they can also circumvent the usual controls and delete traces of their activity.
Remote Access
You should also consider the possible remote misuse of technical user accounts. This falls outside the realm of “simple” controls, but you should be aware of the potential for abuse of RFC connections, web services and remote access. A review of your RFC connections, external access control lists and exposed web services should be your next step in protecting against attacks like the ones we have seen in the news recently.
Where to Start
Improving your SAP security doesn’t always require huge organisational changes. Even small, targeted actions can close critical gaps and reduce your risk.
For full peace of mind, at The Config Team we offer a deep-dive SAP Security Vulnerability Assessment that covers all of the points we covered above, and much more.
Whether you’ve done the basics and need help taking things further or are just at the start of your SAP security journey, get in touch and let our SAP technical AMS experts help.
