Search

What are SoD Violations? Separation of Duties (SoD) is an internal control that uses role-based access controls (RBAC) to prevent errors and risk by dividing the responsibilities required to complete a business process. The goal is to enable organizations to prevent conflicts of interests, detect SoD violations, and improve compliance and security. SoD enables you…

What is the Internal Control Framework? The Treadway Commission’s Committee of Sponsoring Organizations (COSO) created a versatile framework for designing and managing internal controls. The framework was originally created in 1992, and most recently updated in May, 2013. Updates include a clear description of the framework’s core principles. ​Organizations can take advantage of the 2013…

For most organizations, access certification is a routine exercise. But that does not make it any easier, especially if you are doing it manually. From the moment your review campaign starts, it’s usually a long and tedious process that involves creating spreadsheets that list users and their current roles, mailing these spreadsheets to all the…

Privileged user accounts are hacker magnets. Cyberattacks are getting more targeted and sophisticated, so intruders can easily bypass traditional authentication measures. It’s no wonder that 74% of data breaches stem from privileged account abuse by external hackers and insiders with elevated privilege (according to the 2021 Verizon Data Breach Investigations Report). Why Compromised Account Activity…

You know how vital SAP data security can be in the age of data privacy and compliance regulations such as GDPR, CCPA, SOX, and others. If you’re a company involved with any part of the defense supply chain—from direct contracts on defense projects to independent upstream suppliers of parts, components, services, and software that are…

Many companies are currently faced with the task of converting their SAP systems to SAP S/4HANA because their ERP maintenance will be discontinued in the foreseeable future. Project planning usually only takes technical and organizational aspects into account; however, crucial security topics aren’t given enough priority. As a result, the implementation of the authorization concept…

SAP offers a consolidated data object, the business partner, to simplify the management of sensitive master data for customers, suppliers, and employees. This simplification also, however, poses significant dangers. Therefore, all companies that plan to migrate to SAP S/4HANA should familiarize themselves with the business partner concept ahead of time. Business Partner Concept Poses Risk…

For SAP experts worldwide, data display tools like the Data Browser (SE16), Quick Viewer (SQVI), and Query Start (SQ00) are basic components of their everyday work. They have become accustomed to using selection screens, variants, and ALV functions in the output lists of the Data Browser. In this post, we’ll show you examples from the…

To secure and encrypt customer networks, SAP offers the SNC (Secure Network Communications) interface with which users can log in to SAP systems without having to enter a user name or password. In the standard system, SAP login credentials are transmitted in clear text. The SNC interface routes calls through the SAP Cryptographic Library, to…