Data & system migrations
Our consulting portfolio
Automation of processes In an IDM, IT business processes, creating, modifying and deleting a user are defined centrally by means of a unique set of rules. All the necessary steps are then completed using automated workflows. User administration no longer has to be administered separately for each system, but only in a single point of administration. Data Consistency Employee data is created only once in a leading system in an IDM architecture. All attached systems use this data in their user management on demand. In a change of department or a new activity, permissions are automatically adjusted. Security and Documentation In a centralised user administration, users can be locked down efficiently on all systems or access rights can be changed. The connection to the personnel process automatically initiates the change process as soon as the master record is adjusted in the Human Resources Department. Documentation solutions can also be used to archive all processes without any gaps. This creates transparency which also facilitates the detection of a functioning and secure authorisation concept during audit tests. Requirements for IDM systems People get electronic identity attributes describe the role of the person Quality requirements Reliability: Abuse prevention Readability: Documentation and logging Failover: Back-up systems in compliance with legal requirements Data Protection Act What should be taken into account in application processes? When implementing an IDM and also in the day-to-day operation of an IDM, there are certain things that should be taken into account when applying. I have summarised the most important points in the form of a checklist.
Either temporary programme calls are blocked that are actually desired or enormously large gateway logs must be analysed. If, due to the heavy workload, one were to decide to forgo the use of the access control lists permanently, this would be a major security vulnerability. The unprotected system does not have any limitations on the external services that may register, and there are no rules for running programmes. One possible consequence would be, for example, the registration of an external system on which malicious programmes exist. At the moment when foreign programmes are running on your system without any control, you can expect that great damage will be done. For example, it ranges from an unnoticed reading of purchase and sales figures, a diversion of funds, to a paralysis or manipulation of the entire system. In addition, this scenario is also possible for poorly maintained access control lists. Our solution: secinfo and reginfo Generator for SAP RFC Gateway To solve the problem, we have developed a generator that can automatically create secinfo and reginfo files based on gateway logs. The basic idea is based on the logging-based approach. It performs the task of time-consuming analysis of log files and also ensures maximum reliability through automation. Nevertheless, the entries of the generated files should be checked by one person. Since the log files used as input are sensitive data, of course none of the inserted data leave your system. More information about the generator can be found here.
Optimization of the SAP infrastructure
SAP HANA has been one of the major topics in the SAP environment for the last few years. Many customers are currently faced with the question of whether or not to migrate your SAP system. In addition to the actual changeover itself, there are many other topics on which you should have already informed yourself in advance, as these influence the success of SAP HANA in your company. What do you already know about SAP HANA? I would like to encourage you to think about security in the following article. If you would like to learn about the architecture of HANA, I recommend a contribution from our colleagues at erlebe Software. SAP HANA Scenario But why are we even talking about HANA Security? Why is it so important to consider new security strategies with the new technology? With HANA it is possible to analyse data quickly. BW scenarios primarily benefit from the in-memory database (IMDB) used, as speed advantages in data access are particularly positive. Compared to a classic ERP / R3 scenario, the normal DB is replaced by HANA. The desired speed advantages result. However, migration is expected to be required for the changeover. This is caused by customer-specific developments in the system. HANA is not a further development of SAP ERP, HANA is the next stage of an ERP system. It is well known that an ERP system contains the capital of the companies. Therefore a new HANA system like all other ERP systems is also interesting for attackers. On the one hand, such a system contains the critical business data that are available for espionage. In addition, most business processes are mapped in such a system and offer an attack surface for sabotage. In addition, users do not initially know the new technology well. This also applies to administrators in the area of a new technology. Attackers quickly gain a dangerous leap of knowledge over these user groups. SAP HANA has a lot of new features, although many existing ones are used by SAP ERP, so there is a risk here.
SAP offers a huge toolbox of different technologies to support business processes. The usefulness of their use is essentially determined by the task and its technical requirements. We have gained a lot of valuable experience in the following technologies, which we would like to make available to you.
With "Shortcut for SAP Systems" a tool is available that greatly facilitates some tasks in the SAP basis.
It grows and changes with the company.
There are still many weak hash values in your database that can be used to attack your system.