SAP’s NetWeaver Identity Management is a flexible tool for handling role management, provisioning and deprovisioning throughout the enterprise. Understanding the concepts and elements of a complete SAP Identity Management solution should be the first step in planning efforts. We discuss project planning and organization for a successful implementation based on established best practices.
SAP’s NetWeaver Identity [...]
March 10, 2010 | Posted in
IdM |
Read More »
Software breaks. That is inescapable. But intent is important also. Are the bugs in your software there by accident or by design? Ultimately, with regard to development, it comes down to trust. All of the factors outlined below impact the behavior of your in-house programming team and outsourced or offshore partners.
Fear of detection
Fear of punishment
Personal [...]
March 5, 2010 | Posted in
System Security |
Read More »
All of the mentioned authorization issues can be easily remediated by conducting regular security reviews. Ignoring these issues or not attending to them on a regular basis can result in serious vulnerabilities.
Before SAP’s launch of their GRC tools, SAP Security Administrators used only a couple of transaction codes (T-codes) to audit and control security and [...]
SAP is the dominant software provider for enterprise resource planning, with implementations in over 100 countries around the globe. Given the diverse nature of the businesses which run SAP, one does not simply install it and start the engine. Each system deployed is customized for the company that uses it. For that reason the success [...]
March 1, 2010 | Posted in
System Security |
Read More »
Can the challenge of synchronizing passwords between Active Directory and SAP be overcome?
SAP users within a large enterprise tend to login to their local machines using their system credentials, which are in turn validated against the enterprise’s Active Directory infrastructure. Following this, users login to their chosen SAP instance using their SAP credentials. These are [...]
February 26, 2010 | Posted in
Authentication |
Read More »
An ex-employee of your company was recently terminated due to consistent below-average performance. Unable to come to terms of the real cause of his dismissal, the employee carefully plans to wreck havoc in your company’s database – he may even want to sell your confidential business details to your market rivals!
He gains access to [...]
February 25, 2010 | Posted in
Authentication |
Read More »
Einem ehemaligen Mitarbeiter Ihres Unternehmens wurde kürzlich wegen konsequent unterdurchschnittlicher Leistungen gekündigt. Unfähig den wahren Grund seiner Entlassung zu akzeptieren, plant der Mitarbeiter die Datenbanken Ihres Unternehmens zu zerstören – er könnte sogar vertrauliche Informationen an die Konkurrenz verkaufen.
Er verschafft sich Zugang zu den internen Computer-Systemen des Unternehmens, die durch täglich wechselnde Passwörter [...]
February 22, 2010 | Posted in
Authentication |
Read More »
PCI DSS (Payment Card Industry Data Security Standard) compliance is an urgent topic for many companies that process card payments. Most technology discussions around PCI DSS compliance focus on web applications, because these are most commonly used to process sensitive personal information when customers conduct online card payments. But the 12 requirements extend also to [...]
February 20, 2010 | Posted in
Legal Compliance |
Read More »
SAP ERP systems are the core of many medium and large businesses these days. These systems administer Finance, Payroll, Customer Relationship Management, Human Resources and so on. Control of these systems is handled by a concept called SAP Authorizations (also referred to as authorizations or authorization objects). These authorizations establish what are referred to as [...]
IT professionals today intuitively understand the value of Single Sign-On (SSO) – improved productivity, reduced password administration effort, and a dramatic decrease in calls to the IT helpdesk due to forgotten passwords. Studies1 have shown that password reset requests can make up to 30% of a company’s helpdesk calls. However, intuition and external studies might [...]
