Search

Why Managing Separation of Duties in Ariba is a Challenge SAP Ariba is one of the most efficient cloud applications to streamline procurement processes. It’s no surprise that many SAP customers manage vendors and purchases of goods or services through Ariba. Though Ariba is an SAP application, one key differentiator is that it functions as…

SAP published fifteen new and two updated Security Notes for December 2023 Patch Tuesday. Compared to October’s and November’s SAP Security Patch Day releases, this month’s release contains more patches overall and with higher severity. Four Security Notes received the HotNews maximum priority rating (CVSS scores ranging from 9.0 to 10.0). Two of the HotNews…

The landscape of cyber security has seen a dramatic shift in recent years, with privilege abuse emerging as a central concern. This concern is amplified for SAP Ariba, considering its prominence in managing sensitive financial processes. A staggering 90% of security incidents involve some form of malicious privilege abuse, as reported by IBM Security Services…

Many SAP customers rely on SAP Access Control (SAP AC) to manage access and establish internal controls across their SAP applications. However, SAP AC only covers ABAP-based SAP applications, leaving cloud applications such as SAP Ariba outside its scope. This means that each compliance and access policy must be recreated using Ariba’s native controls, which…

Dear Pathlock Community, As the year draws to a close, I find myself reflecting on another incredible journey with you, our valued customers. 2023 has been a year of tremendous growth and innovation, building upon the foundation we laid together last year. One particular bright spot from this year was the launch of our Application…

The beginning of a new semester is known for many things. For tens of thousands of students, faculty, and staff, it means returning to their respective colleges and universities for another year of learning and teaching. For IT professionals, it means being pushed to their limits by onboarding students and faculty into PeopleSoft Campus Solutions…

Organizations working with applications like PeopleSoft FSCM often allow internal users, external vendors, and third-party service providers to access sensitive data and perform critical transactions. However, this kind of access often leads to security and compliance risks like phishing/hacking, fraud, and violations of separation of duties (SoD.) As a result, PeopleSoft customers are automating access…

SAP published two HotNews and four High Priority security notes for January 2024 Patch Tuesday. Compared to December’s 2023 SAP Security Patch Day releases, the number of HotNews Security Notes remains constant. Overall, three notes received a CVSS Score of 8.4 and above.  Newly Released HotNews Security Notes Security Note 3413475 – [CVE-2023-49583, CVE-2023-50422] received a CVSS score of 9.1 and addresses “Escalation…

With the continuous evolution of technology solutions, it has become crucial for organizations to develop effective methodologies for granting access to resources, which is the core of a solid cybersecurity program. Cybercriminals are always hunting for human resources and financial data, so companies need to take a proactive approach to eliminate access risk in the…