End-to-end security insights with SAP Application Lifecycle Management

Even today, the security of SAP systems is often neglected. Companies should not focus on whether a solution works, but should also think about how the solution was made to “work”, i.e. how the business requirement was technically realized, developed and implemented.

SAP systems often form the core of a company’s business applications. The sensitive data stored there must be protected: Whether in production, the service sector, web stores or other application areas that are based on an SAP solution, they are usually the linchpin for many companies. An attack can lead to sensitive information being published and thus cause legal consequences or reputational damage. Data protection guidelines such as the GDPR also provide for a reporting obligation in the event of data leaks.

SAP already provides a number of tools to minimize such risks. For example, Configuration Validation (ConfVal), together with the Security Baseline and Focused Insights, the operation of SAP and the introduction of further developments can be made more secure and displayed and monitored end-to-end.

SAP Solution Manager 7.2 is at the heart of the program, providing all the necessary information and an overview of your SAP system landscape. If this is implemented correctly, it is child’s play to check the SAP systems, filter out crucial information, implement it and also monitor it after the initial configuration.

Configuration Validation

Configuration Validation checks the SAP systems for correct configuration. System parameters of all SAP components are collected and stored on the SolMan. Regardless of whether it is an ABAP, JAVA or peripheral systems, but critical systems such as Webdispatcher or SAProuter, SolMan knows where improvements should be made.

Check for system relevant notes
Result Systemically important notes

SAP Security Baseline

In conjunction with SAP Security Baseline, Configuration Validation now provides relevant evaluations regarding system security. Reports can be configured and evaluated in relation to user authorizations, encryption, database security and more.

Query whether SAP is configured correctly
Evaluation SAP Configuration

Focused Insights

Focused Insights, the dashboarding tool, comes into play so that the extensive data collected can be analyzed quickly and easily. Focused Insights is part of the Focused Build extensions and has been available free of charge since January 2020.

Focused Insights now makes it possible to quickly and easily create appealing dashboards that meet the needs of the respective application area: in our case, the security of SAP solution landscapes. Focused Insights can query and display various key figures and evaluations from Configuration Validation with the Security Baseline.

Example dashboard

On top: Alert in case of violation

In addition to the visual display, the results from configuration validation can be integrated into alerting and monitoring. This makes it possible to trigger alerts by e-mail or SMS as soon as a security requirement is no longer met.

Avatar photo

Marko Laius

Marko works as an ALM Technology Expert and has extensive knowledge in the use of SAP Solution Manager with a focus on technical monitoring. He has experience in the area of SAP Basis and has also familiarized himself with test automation.
blueworks Logo

Certified
Business Transformation
Professionals.

© blueworksgroup 2024. All rights reserved.

blue.works® and alm360® are registered trademarks in the European Union and Switzerland.
SAP is a registered trademark of SAP SE.