Security made easy with EWA

SAP Security is one of the most neglected security topics in a company. The misjudgment that an ERP is not a preferred target is in the most heads on C-Level or in the internal IT. But SAP makes it easy for the customer to handle the most important security issues without having special tools: The SAP Early Watch (EWA) alert comes out of the box and gives a quick overview with the solution to fix the issues on a weekly basis with real data. 

The Early watch alert can be accessed in classic way as a report generated in SAP Solution Manager and can be accessed via Mail, Tx. DSA, Solution Manager Workcenter or the modern HTML 5 Version, EWA Workspace in SAP Launchpad. 

The following Security Categories are available in EWA: 

• Standard Users 
• Communication 
• Configuration 

• Maintenance 
• Critical Authorizations 
• Review and Monitoring 

Standard Users 

One of the security quick wins is the Standard Users check: This checks for the behaviour of the preconfigured Users in SAP Systems (ABAP / JAVA / HANA). The check for Users like DDIC in ABAP or SYSTEM in a HANA Database. The EWA gives a direct advise with links to the support portal of SAP or Notes which should be implemented. 

Communication 

In the communications section the EWA shows e.g. insufficient password protection in DB connections or an insecure internl network configuration of a SAP HANA Database. It checks for insecure Gateway configuration or the Access Control List. 

SAP Solution Manager – My Early Watch Alerts Reports 

Configuration 

Configuration shows the Security relevant settings as per recommendation by SAP. It will give advice for password policies in ABAP and HANA, it also shows if the SSFS Master Encryption Key of a HANA is not changes. As in every category SAP gives direct access to documentation and Notes with hints and documents on how to set up everything in a secure way. 

EWA-Workspace 

SAP Solution Manager – My Early Watch Alerts Reports 

Maintenance 

The maintenance category gives adives for the latest support packages or notes which should be implemented to run a most secure SAP Landscape for ABAP, JAVA and HANA 

Critical Authorizations 

This category checks for users with authorizations which they shouldn’t have in an SAP environment. It checks for Roles like SAP_ALL in ABAP or DATA_ADMIN in HANA.  

EWA Workspace 

SAP Solution Manager – My Early Watch Alerts Reports 

Review and Monitoring 

In Review and Monitoring SAP checks for the configuration of the Audit logs in SAP HANA. 

How can blue.works help 

As specialist in SAP Solution Manager, ALM and Security we can help you configure the SAP Solution Manager to give you the informations out of you SAP Systems right into the EWA. In a second step we can assess the findings and solve them for you or lead to solve them. And the last part is to keep you systems secure. Here we can help you to use the SAP Solution Manager as the ALM tool which keeps you up to date across you SAP Landscape and hold it secure.