How to ensure SAP cybersecurity and SAP transport security—the first steps!

Security_RT_Streak

These days hardly a day goes by without another headline about a major cybersecurity breach.  Considering that according to SAP, “77% of the world’s transaction revenue touches an SAP system”, SAP cybersecurity has become a critical area of concern for SAP IT teams.  But where do you start?

We’d suggest a good place to start is a new SAP cybersecurity book by Julie Hallett: A Practical Guide to Cybersecurity in SAP.

The book breaks down the application of cybersecurity, as it applies to SAP, into actionable items which can be communicated and implemented into existing and evolving security frameworks.

Hallett provides an easy to follow, holistic approach to designing and implementing a comprehensive SAP cybersecurity initiative. She:

  • Explains how the NIST CIS and CMMC standards apply;
  • Identifies key cybersecurity threat to SAP; and
  • Delivers a pragmatic approach to risk management for SAP cybersecurity.

Are your transports secure?

SAP transport security is, of course, mentioned in the book, but mainly from a high-level perspective.  Excellent recommendations for SAP transport security policies are covered.

This advice includes the segregation of duties when creating and importing transports, and sourcing role/security and all other changes only from your SAP development systems. In other words, organizations should avoid making direct changes in their SAP systems.

Hallett also recommends maintaining a complete audit trail of SAP changes/transports and properly controlling emergency transports.

How Rev-Trac helps with SAP transport security!

This is a good start to addressing SAP transport security, but of course, it gets much deeper than this.

Our customers have told us for years that Rev-Trac is fundamental in securing their SAP transport process. Critical functionality in ensuring transport security for organizations deploying our SAP change management platform include:

  1. Providing controlled, auditable SAP change/transport workflows which ensure all SAP transports are developed, tested, and deployed in a standardized and secured manner.
  2. Automatically identifying situations where untested, perhaps insecure, changes may be inadvertently imported with, or “piggybacked”, with other changes due to transport overtake and sequencing issues.
  3. Enabling and enforcing automatic SAP code inspection checks through integration with SAP code checking solutions such as ABAP Test Cockpit and Onapsis (formerly VirtualForge) Code Profiler.

If you have any questions or would like to discuss approaches to securing your SAP change/transport process, feel free to reach out to us at hello@rev-trac.com.