Security Configuration Services for SAP ® is a suite of services which typically follow a vulnerability assessment, (carried out in Soteria Healthcheck), or as a follow on from a Requirements definition (SAP ® Security Architecture & Security Project Management).
Security Configuration Services for SAP ®
Soteria Security Baseline
Soteria Security Baseline is a detailed assessment of nearly 100 specific configurations which are categorised into five security domains. These span Configuration Management, Log Information Maintenance, Basis Function Protection, Remote Function Call Protection and Network Security. This approaches security from all sides (including the inside), taking in data encryption, firewall configuration, RFC user configuration, control of access to data dictionary, SAP ® Router logging and software patch management. Read more…
Soteria Layered Defence
Soteria Layered Defence is a review of the prevailing cyber security from a strategic level of abstraction. It looks at the systems architecture to ensure that appropriate defences are implemented at web servers, network, application, database and operating system levels. We review the high value corporate assets, ensuring that the greatest defences are afforded to the greatest value assets, and that the security spend is allocated wisely. Soteria Layered Defence concerns user management and reviews the cradle-to-grave handling of employee systems accounts. We also review logging, data back-up procedures, data encryption and security policy. Read more…
Security for SAP HANA ®
Security for SAP HANA ® focuses on implementing the best practice security settings of SAP HANA ®. We build on that baseline to examine the security gaps which may be manifest in the landscape in which SAP HANA ® resides, plugging some known vulnerabilities, e.g. server separation and data redaction issues. Read more…
SAP Mobile ® Security
SAP Mobile ® Security focuses on the additional risks and vulnerabilities that are introduced when mobile devices are linked to the SAP ® environment. We examine BYOD policy, device security, consistent security policy for user accounts, software security, data back-ups, data sharing, weak-spots in the data communications, and cross application leakage with the internet and external applications to name but a few. Read more…
Security Configuration Services for SAP ® is typically a service carried out to validate existing or greenfield SAP ® implementations from a security perspective. It can also be tailored to complement your organisations efforts towards achieving ISO27000 series, COBIT 5 ®, or NIST compliance. For more information on our Security Configuration Services for SAP ® please contact us.