Benefit from Quick Implementation of IT Security Best Practices

“Secure Operation” focuses on the vital security aspects of the daily business use of the systems. Users & Authorizations configurations are essential to the demonstration of “Business need Only” principle and ensuring only purposeful and intended use of Business data.

An Authorization Concept shall guide the Users, Roles and Authorizations design or re-design, implementation and continued maintenance. Technology driven design is highly recommended for this complex task and to ensure minimum business impact.

The day-to-day user management lifecycle shall be managed across the system landscape and compliance with segregation of duties risk (SoD) shall be monitored and maintained. Technology driven SoD and critical authorization risk management is highly recommended for minimum business impact and effective internal audit.

Authentication ensures verification of the true identity of a claimed user. Single Sign-on provide simplification of the user sign-on process across a multiple systems landscape. Support Security shall be defined and implemented to control and securely manage the need for extended access and authorization and to ensure availability and business continuity at times of crisis 24/7. An Emergency Access solution is highly recommended to ensure transparency of extended system access.

Security review and monitoring is highly critical in order to detect and respond to powerful cyberattacks and forensic investigations and to meet data regulation compliance. Only through intelligent real-time monitoring automation embedded with the organizations established security monitoring this security aspect can be effectively fulfilled. This is a priority 1 safeguard measure for all SAP based business’ to lead their vulnerability mitigation process based on factual actual risk. Read about SecurityBridge here.

What used to be good security practice is no longer necessarily the case. Secure Configuration of the SAP systems shall be based on a formally approved SAP Security Baseline reflecting the current business risk, the business risk appetite and the decided security measures. Security Hardening is the process of ensuring a standardized security configuration across the entire SAP landscape according to the Security Baseline. Security Hardening is strongly recommended for the business to “get-clean” and to “stay-clean” and document its secure operations compliance and demonstrate data protection accountability.

Communication Security deals with the security of communication connections between systems; is proper authentication, authorization, encryption and key management defined in the Security Baseline and established and maintained across the SAP landscape?

Data Security deals with the security of data at rest change and read access control and logging, purpose driven encryption of sensitive or all data and additional protection mechanisms like data masking.

Intelligent real-time monitoring automation is highly recommended to ensure continued security through regular security configuration scans and penetration testing.

Security Maintenance of SAP Code is crucial to the security of the SAP landscape. SAP continuously invest in security and publish Security Notes on “SAP Security Patch Day” – second Tuesday every month. It is strongly recommended to implement an official Vulnerability Management policy and procedure to ensure that all relevant Security Notes are installed on a regular basis. Unpatched systems represent a high-risk vulnerability and must be mitigated. Custom Code Security rely heavily on the ABAP Custom Code Lifecycle Management process – does all code undergo security evaluation? In order to ensure a proper secure code development, it is highly recommended to apply Intelligent real-time monitoring automation with code security scanning in order to enable the Security by Design principle.

The “Infrastructure Security ” layer focuses on SAP specific requirements towards the non SAP technical environment e.g. network, operating systems, non SAP databases, clients. A strategic risk based information security management approach is highly recommended based on ISO 27001, NIST or similar including Threat Intelligence solutions such as SOC (Security Operations Centre) is highly recommended to enable a resilient cyber defense architecture.

When it comes to repelling external attacks and minimizing the damage they cause, basic firewalls are no longer sufficient. Companies today require intrusion detection systems as well as cloud data centers that block unauthorized access – from both physical and online sources.

With the Internet of Things (IoT) and mobile devices, the secure operation of SAP systems is also becoming more complex. As such, it should be left in the hands of experts who are at the forefront of development and can intervene anywhere and at any moment – through managed security services, for example.

Today, a company’s IT can go from secure to under threat quicker than ever. To maintain control, an enterprise needs a systematic approach for identifying, understanding, analyzing, and evaluating risks.

NTT DATA Business Solutions’ security experts help you implement a three-lines-of-defense model that synchronizes all processes in operative management, risk management and internal audits. This gives you a clear view of risks and means you always know if you are meeting compliance standards.

Fraud in business can often be attributed to flaws in the authorization concept or IT infrastructure. With comprehensive fraud management, you are alerted to threats as soon as they arise, allowing you to react quickly and effectively.

This benefits not only your company internally, but your entire network – as business partners increasingly share IT systems that they monitor automatically. This way, you prevent unnecessary financial losses from the outset.

While identity and role management are well-established topics, their importance to IT security and compliance cannot be overstated. Today, a far greater variety of devices have access to business data – and this gives rise to new challenges.

Companies need the ability to instantly grant and remove access rights to individual systems and data as they see fit. They also have to keep track of an ever-growing workforce. And faced with an increasing number of distributed IT systems, they require single sign-on authentication across all domains.

Digital platforms are increasingly becoming marketplaces for all kinds of goods and services. Yet, although the web is unrestricted by physical borders, many rules and regulations on international trade still apply – and it can be difficult for an individual to take all of these into account.

Businesses that work with global supply chains must therefore ensure IT compliance – especially where imports and exports are concerned. Reliable solutions and data centers enable the secure transfer of digital goods and data between trade partners.