SAP Security News for September 2019 - Risks, Access Management - Safe O'Clock

SAP Security News for September 2019 – Risks, Access Management

October 4, 2019

SAP Security Patch Day in September

SAP, a German software vendor, has over 425,000 customers in over 180 countries. Their products allow large and medium organizations to manage business processes. 

If you are an SAP customer, you know that every second Tuesday of the month, SAP issues patch releases. For September 2019, the set of security notes consists of 16 items. Each of them includes the fixed vulnerabilities discovered in different SAP products. 

SAP vulnerabilities like any vulnerabilities identified in other vendors’ product lines are assessed according to the CVSS standard, or the Common Vulnerability Scoring System. It communicates the technical characteristics and severity of software vulnerabilities and ranges from zero (least severe) to 10 (most severe). This framework shows the ease of exploit, potential impact, and priority – Hot News (10-9), High (8-7), Medium (6-4), and Low (3-0).

The highest CVSS base score of patch update for September 2019 is 9.1, referring to two OS Command Execution vulnerabilities both addressing SAP JAVA platform. 

Organizations running SAP have to secure data that SAP stores since attacks on their systems allow a cyber attacker to catch or change different business-critical information. 

So SAP strongly recommends that the customer visits the Support Portal and applies patches on a priority to protect their SAP landscape.

Discussing how to manage today’s SAP risks

Today there are many cybersecurity tools that are more or less effective in protecting SAP systems. However, SAP clients should keep in mind that security risks are becoming increasingly serious and always stay alert. Protecting SAP applications is not the only focus business leaders usually expect from teams. They also want more in terms of “adding value across the wider risk management agenda”.

When Turnkey Consulting’s global management team met in Sydney, Australia, some of the biggest risk-related questions were considered facing SAP customers today. 

The discussions on security challenges with SAP implementations, cyber initiatives, security challenges presented by moving to SAP S/4 HANA, etc. are presented in the videos.

SAP Access Management

When it comes to access management, security professionals pay great attention to the application layers. At the same time, the infrastructure of these applications is often left aside while all the information stored in the program layer can be accessed via the infrastructure. To avoid any security failures on this level, there are numerous questions that should be considered in the first place.

To start with, define who can have access at the infrastructure level.  Who are the users that are allowed to access the infrastructure level and what part of their job role requires access?

It is preferable that the access is provided to the basis team, database administrators, backup administrators, and operating system administrators exclusively.

Then, all the users should be logging in with their own identifiable credentials as well. It is important to enable users’ logging functionality to track users’ actions.

Finally, there should be an emergency procedure planned in advance if some users perform inappropriate actions. Here, the response time predetermines the outcome of the critical situation and the impact on the system’s security overall.

You Might Be Interested In

The latest news in the
sphere of SAP security

SAP News Overview for April 2023 – new SAP office in San Francisco, AMD is SAP customer and others

New SAP office in San Francisco SAP is constantly expanding to make its services available to more customers. The company […]

Read more
SAP Security Notes – May 2023

May 2023 On the 9th of May 2023, SAP Security Patch Day, 18 new Security Notes were released. There were […]

Read more
SAP Security Notes – April 2023

On the 11th of April 2023, SAP Security Patch Day saw the release of 19 new Security Notes. There were […]

Read more
SAP News Overview for March 2023 – Industry Cloud for healthcare, Axfood and others

SAP’s Industry Cloud helps healthcare In life sciences and healthcare, SAP is committed to helping its customers develop and advance […]

Read more

Subscribe today to get more insights,
updates, and industry trends

Delivered to your inbox weekly.
No spam. We respect your privacy

    This website use cookies. Learn more