Search

Assessing the risk potential of SAP landscapes and identifying vulnerabilities are critical components of an SAP security strategy. However, there are numerous approaches to evaluating risk within the SAP landscape and uncovering potential vulnerabilities. With many options, staying informed on modern, critical capabilities and industry best practices can be challenging. These options span from conducting…

Technical SAP users with extensive authorizations like SAP_ALL pose a heightened security risk. Vulnerabilities can endanger interfaces and paralyze processes, so external auditors are intensifying their focus on authorization management. Let’s look at how we helped one of our customers – a company in the energy sector – who was facing the challenge of having…

On July 26, 2023, the Securities and Exchange Commission (SEC) unveiled its final regulation concerning Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure (PDF). This rule was developed to address concerns regarding the accessibility of prompt and consistent information regarding cybersecurity for investors. The escalating and persistent threat of cybersecurity incidents to public companies, investors,…

Don’t Risk the Security of your Data with Customized SSO SAML/ADFS Integration for PeopleSoft On a recent discovery call, a Senior Software Engineer shared how they’re “ripping out” a custom-built PeopleSoft single sign-on solution (SSO). After acquiring an enterprise SSO, they attempted to build a custom integration with PeopleSoft that presented far more challenges than…

Enterprise Resource Planning (ERP) systems serve an integral function for organizations, integrating operations such as finance, human resources, and supply chain management – making them primary targets for cybercriminals. ERP systems contain an abundance of sensitive data, including financial records and customer information. If this information is breached, it could cause losses and damage the…

Identity Access Management (IAM) is a framework of policies and technologies that ensures that the proper people in an enterprise have the appropriate access to technology resources. It ensures that the right individuals have the right access to the right resources at the right times for the right reasons, aligning with the business requirements. IAM…

As data becomes the linchpin for many corporations, setting definitive boundaries on who can access this data grows increasingly consequential. This control mechanism, termed Data Access Governance (DAG), plays a crucial role in information security and adherence to regulations. DAG not only protects sensitive data but also guarantees its use adheres to stipulated regulatory standards….

An information security strategy greatly depends on the effective management of access control. Attributed-Based Access Control, or ABAC, offers a dynamic method for controlling access to resources. ABAC provides smart decisions based on a wide range of user-related attributes, including associated resources, actions, and contexts. This multi-dimensional decision-making process sets ABAC apart. ABAC features four…