SAP ® Mobile Security

SAP® Mobile Security

The SAP mobile security cannot be ignored.

The technical landscape of mobile devices is an environment riddled with weak spots and vulnerabilities. There is the mixing of business data with non-business data, as many devices enjoy both business and social networking applications. Connectivity weak-spots, via the internet, SAP ® gateways and middleware, each of which exposing their own vulnerabilities. There are back-ups, connection to the cloud, data encryption, social engineering factors, and the remote enablement of cameras and microphones to keep you awake at night. This is the age of BYOD (bring your own device), where employees, customers and vendors expect to use the mobile device of their choice to host applications and browsers that connect to company information systems. This brings enormous flexibility, and is hugely enabling for a highly mobile work-force. However, it does also bring enormous challenges in the sphere of information security. Ensuring company information security policy is adhered to across multiple devices, and geographically diverse locations, and ensuring that both PII (personally identifiable information), and sensitive company data are kept secure is a quantum headache. Devices that are easily portable, are easily lost and stolen. The same devices that hold PII and sensitive company data, also play host to social media, email, and internet enabled applications.

Soteria are familiar with the SAP Mobile cecurity risks, concerns, and attack vectors, and have over 15 years experience mitigating such risks.

  • Data encryption can be implemented and fortified for both data in transit, and data at rest.
  • Many devices support remote wiping in the event of loss or theft, and we can advise how best to exploit this facility.
  • We can recommend employee usage best practice.
  • Device specific security configurations. (Passwords, backups, connectivity, Wifi).
  • We look at user authentication process for connecting to SAP ® systems, and ensure that they fully conform to your security policy, and that account privileges are consistent across different entry points. (Ensuring not only the device, but also the user of that device can be authenticated).
  • We can help you align your BYOD policy with your corporate Security Policy.
  • Advice on HTML5 application security.

HTML5 is fast being adopted as the standard being used for web applications. The enhancements that HTML5 brings in terms of location awareness, local data storage and graphics rendering are very welcome, but HTML5 also considerably increases the amount of sensitive data it holds in the browser, such as email header data and CRM data. This changes the attack vectors that can be exploited against such web apps. Soteria has experience in locking down these applications to reduce the attack surface and reduce the likelihood of such exploits occurring. SAPUI5 is a clutch of SAP ® programming libraries that can be used to construct HTML5 web applications, and HTML5 applications are vulnerable to XSS (cross site scripting). Their only capacity to prevent these attack vectors is in the processing and rendering of controls, as a consequence, comprehensive input validation exists for all input typed elements.

Soteria have an in depth understanding of the emerging technologies used to build the SAP ® mobile applications of today. This allows us to make recommendations for your security landscape as it evolves over time.