Rise with SAP – Safe and CompliantTake Control of Your
SAP Security Baseline
Maintaining a strong SAP Security Baseline is essential for your systems‘ security and compliance. Whether you are a RISE with SAP customer or an on-premise customer, it remains your responsibility.
We simplify this complex task and make it more collaborative by providing clear explanations of risks and mitigation strategies, combined with effective visualizations and role model.
You can choose our solution as an independent offering or as an extension to your existing GRC application.
Setting values for profile parameters in SAP is a starting point for system hardening and the foundation for secure operations and effective compliance with many regulations.
Security & Operations
Within the RISE with SAP model, customers remain in charge of general parametrization, which drives security, change management, logging, authentication, connectivity, encryption, and much more.
COVERAGE: significant
Compliance Impact
It affects many key IT General Controls (ITGC) as part of financial compliance and is a core component of the technical and organizational measures (TOM) required by recent cybersecurity and data protection regulations.
COVERAGE: significant
Do any of the following challenges resonate with you?
- Starting with the crucial basics of making SAP secure and compliant?
- Being challenged by auditors and authorities to demonstrate compliance?
- Seeking to facilitate the ongoing hardening of your SAP systems?
- Striving to establish a link between operations and compliance?
- Having a GRC solution in place but lacking the functional flexibility and content to monitor the most
important IT controls? - Familiar with standard tools like SAP Solution Manager or SAP Cloud ALM and looking for something less technical that provides clear insights into risk, compliance, and mitigation?
Monitoring SAP parameters across complete SAP technology stack, especially in distributed landscapes, where business processes are spread across multiple systems and instances, has always been a nightmare. Depending on Your company`s risk appetite, the profile parameters baseline could include hundreds of parameters and values, parameter dependencies, intervals of values and exceptions per systems. This will only increase the risk of misconfiguration of instances and the overall workload with implementing, monitoring, and documenting.
Solution
Our Add-On solution SBM – SAP Security Baseline Monitoring (SBM) – addresses all the above-mentioned challenges and many more. It comes preloaded and configured right out of the box with SAP Security Baseline Template (SBT) that achieves real time monitoring of SAP parameters. SPM provides an intelligent, cost effective compliance that not only improves security state of your SAP landscape but also gives a birds eye view of SAP parameters with organizational context and risk appetite.
Best Practice Content
Our solution comes with pre-defined baseline values for a complete technology stack. The pre-delivered content also includes descriptions of risks, dependencies, and the impact of parameters, known reasons for deviations, and mitigation strategies based on our experience from numerous penetration tests and audits. Ongoing free content updates are provided.
Complex Logic Made Easy
SAP SBT is a complex topic. To avoid false positives, you need to establish groupings and logical dependencies between profile parameters and their values in an intuitive way. Defining rules for exceptions to the main baseline, along with documenting the reasons, is also essential and can be easily done.
Analytics
The pre-delivered Fiori Dashboard provides several aggregation levels, as well as additional risk- and compliance-related dimensions. It helps to coordinate fixes with SAP Basis, effectively interpret and communicate risks to management levels, and offers real-time insights into the state of compliance with the SAP Security Baseline. The authorization model and role-based access to results support collaboration.
GRC Integration
SAP GRC or SAP Risk and Assurance Management (RAM) customers can benefit from additional content and flexibility, enhancing the handling of IT General Controls. Integration is achieved by consuming CDS views or OData services and linking results through Business Rules or Automated Procedures to Controls. The powerful Continuous Controls Monitoring (CCM) framework in SAP GRC can be extended: existing connectors can be reused (GRC plug-ins are not required for our solution!), and the Business Rules Parameters (BRP) functionality within CCM can be leveraged more efficiently.
Mitigation
Not every profile parameter setting can be checked and fixed right away. In some cases, a review process is required, and sufficient mitigations can be implemented in other areas and processes. Our solution accommodates this and helps to coordinate mitigations with your SAP Basis and Security responsibilities.
AI Assistant for Cybersecurity and Compliance
Our unique NL to SQL-based solution enables faster insights into the state of the Security Baseline, especially when monitoring a large number of systems, and helps democratize access to database information.
Value Proposition
- Solid base of an effective compliance with many regulations: KRITIS, NIS, SOX etc.
- Ongoing hardening of SAP Systems, reduction of security risk exposure.
- Elimination of efforts spent on data collection, analysis, and reporting.
- Less audit findings and efforts for preparation of supporting evidence.
- Communicate IT risks effectively to management levels.
- Foster the risks culture in your Organization.
Reach out to us to request a demo!
What our customers say
“The new process, rolled out with the help of our partner Riscomp, has paved the way to transform our SAP Security baseline monitoring for over 60 SAP systems from a fragmented manual operation into an automated, integrated, user-friendly, and engaging process. Earlier efforts to gather information, analyze, and report on more than 130 parameters per system have been eliminated.”
– Coordinator SAP Security Monitoring, Large DAX Company
“Thanks to the automation and improved link between operations and compliance, our Application Managers and Service Owners have developed a sense of confidence that everyone wants their systems to remain clean. Experiences are being proactively shared, and ongoing collaboration on tricky topics helps improve our Security and Compliance policy.”
– Cyber Security VP, DAX Company