SAP Security Consulting
SECUDE offers SAP Security consists of two main areas:
Identity & Access Management (IAM) (including authorization management) and Application & System Security. To successfully operate SAP securely and efficiently, customers need solutions fitting their needs in these two areas, from self-developed to product-supported.
Preview our consulting services below in order to learn more about our SAP Security offerings! You can use the navigation located on the left side to learn more as well.
IAM
SAP Identity & Access Management Technical Solution, Admin Processes, Organizational Role Model, Risk-based Management, & SSO
Customers running huge SAP and non-SAP installations with different components like ERP, CRM, SRM, Portal and others are faced with huge manual administration effort to manage the identities and their required access to these business systems.
The high manual administration effort is caused by disjointed parallel running processes which are often managed by different groups, like Human Resources Department, IT Infrastructure Administration Team, SAP Authorizations Team, etc. This often leads to inconsistencies, unsatisfied business users, non-compliance with legal requirements and non existing access risk management.
NetWeaver
SAP NetWeaver Identity Management
Customers Implementing IdM are Faced with a Complex Deployment
SECUDE Consulting has proven success stories in implementing the SAP NetWeaver Identity Management solution. We therefore we have the implementation experience for complex organizations and heterogeneous system application landscapes. We can also support you in avoiding the common pitfalls, when you plan to bring your current Identity and Access Management processes to the next level.
Our proven implementation methodology helps you to save your money. You earn quicker results in less time. SECUDE Consulting brings technology design, process needs and organizational set-up together. We implement the adapted SAP NetWeaver IdM architecture, roll-out the compliant user provisioning processes and adapt your organization to a best fitting business role model. We do not forget to incorporate the important risk management part to your complaint Identity Management solution.
Access Control
SAP BusinessObjects GRC Access Control
Business Programs, Strategy Workshops, Industry Extensions, and Implementation Reviews
The Business Program for Access Control (BPAC) is a unique offering on the market explaining the business requirements and compliance background of access control solutions. It is focused on providing you with the business relevant understanding, tools and insights to effectively engage with IT programs and be able to articulate your requirements in terms of business security . .
The Strategy Workshop provides you an overview of the SAP BusinessObjects GRC solutions and gives you the opportunity to understand how it can be fully leveraged to increase the efficiency of risk management and compliance initiatives such as Sarbanes-Oxley, Basel II, or Environmental, Health and Safety requirements. You will obtain a better understanding of how your company could approach BusinessObjects GRC initiatives and will feel more comfortable in providing direction to country and division organizations. Ultimately you will come off this workshop with a clear view of how SAP BusinessObjects GRC solutions can help you and what steps you have to take to achieve your goals
Authorizations
SAP Authorizations Management
Allow Your Business to Operate Under a Higher Level of SAP Security
SECUDE SAP Authorizations Management includes conducting strategic workshops to analyze your needs and the existing SAP authorization concept for your business.
Our experts make sure to give recommendations on how to shape a best-practice Authorizations concept strategy which can be applied for future authorizations work. A project chart with easy-to-follow recommendations will be established to ensure that the client has a plan to redesign the authorization concept and sustain it in a secure way.
Systems
SAP Security Assessment Services
Proven SAP System Security Within Your SAP System Environment
Customers having complex SAP application installations like SAP ERP, CRM, BI, SRM, Portal and PI are often uncertain about the system security status of their installations.
These customers are mainly interested in the correct SAP system parameter security settings, possible RFC and SAP Gateway security vulnerabilities, technical RFC authorization settings, open and accessible SAP services via the Internet Connection Framework, insecure database installations, incorrect configured system trust relationships, insecure communication channels and a poorly designed & implemented network design and security architecture.
Development
SAP Secure Development
Mitigation Strategies for Identified ABAP Code Vulnerabilities
About 80% of all SAP customers develop their own custom code. Most of the custom code is still developed using ABAP or WebDynpro for ABAP.
The Quality Assurance process for the custom code development usually comprises of a functional quality check before the code is released to the production environment. An adequate code review for possible security vulnerabilities, like cross site scripting, missing authorization checks, and SQL script injections are not performed in most cases.