This article introduces a new product that Inprosec will make available to its clients: Power BI reports that display the security status of connected SAP systems.
Introduction
In business environments where SAP systems play a critical role, ensuring their security and stability is essential. These systems manage core business processes, so having clear and real-time visibility of their status is a key factor to minimize risks, ensure operational continuity, and optimize response times in unforeseen situations.
To address this challenge, an integration between SAP HANA and Power BI has been implemented, allowing the creation of interactive reports that show key information about the current status of SAP systems. This provides a consolidated and dynamic view of various key indicators, such as user access, role assignments, and system risks.
This tool combines the real-time processing and storage power of SAP HANA with Power BI’s visual and data transformation capabilities. As a result, large volumes of complex data can be analyzed and displayed quickly, facilitating decision-making.
Implementation
To develop these reports, it is necessary to create a connection between Power BI and an SAP HANA database, which acts as a bridge between both systems, ensuring that the most up-to-date SAP information is always available for analysis and visualization in Power BI. This connection is implemented through an ODBC driver, using a DSN configured for this purpose.
It is important to mention that this ODBC connection is only feasible for systems using an SAP HANA database, since the ODBC driver is not compatible with other SAP database engines.
In addition, to ensure secure and controlled data access, a dedicated user is created in SAP HANA with restricted access only to the strictly necessary information. This prevents exposure of the entire database and ensures that Power BI only accesses data relevant to the analysis.
This approach not only establishes an extra security layer but also controls information access by centralizing all queries through a single user. With this configuration, Power BI can connect directly to authorized real-time data, ensuring that the reports display an up-to-date view of the SAP systems.
Types of Reports
The developed reports have been designed to differentiate between systems integrated with SAP GRC and those without it. This separation ensures that the reports adapt to each environment’s reality, efficiently leveraging the available information.
Currently, these reports show basic information related to security topics; however, the architecture is designed to allow access and visualization of any data stored in the database tables, enabling the analysis to be expanded according to specific business needs.
Reports for Systems with GRC
In SAP environments integrated with the Governance, Risk and Compliance (GRC) module, information is centralized, providing a consolidated view of all connected systems. This centralization facilitates the creation of unified reports that analyze multiple systems without having to query each one individually.
Based on this shared foundation, three types of reports have been developed:
- Users and Access: Displays, for each system, the number of users and roles, as well as their current status, along with averages of roles per user, transactions per user, and transactions per role.
- Transactional Usage: Shows how users interact with the different transactions available in the systems.
- Risk Analysis: Displays data about existing risks within the systems. It indicates the number of risks per system, their levels, and the associated business processes, as well as the number and types of conflicts identified in each system.
Below is a visual example of the risk analysis report template for GRC-integrated systems.
Reports for Systems without GRC
For SAP environments without the GRC module, information must be obtained directly from each system since there is no centralized source consolidating the data. Therefore, in this case, an individual report must be generated for each system.
Three types of reports have been developed for these systems, two of which are common to those implemented for GRC systems. Therefore, only the last one will be described below:
- Users and Access
- Transactional Usage
- Critical Events from the Security Audit Log: This report shows the changes made in the different clients of the system, as well as in each of their components.
Benefits for the Organization
This Power BI dynamic reporting solution provides multiple benefits to organizations seeking to enhance visibility, control, and efficiency in managing SAP system security.
The main advantages offered by this tool are detailed below:
- Centralized and Real-Time System Overview: Provides a consolidated and up-to-date view of all available SAP systems from a single tool.
- Optimized Decision-Making: The availability of key system information presented clearly and intuitively allows quick identification of potential threats, deviations, or risks, facilitating the prioritization of corrective measures and a more efficient response.
- Regulatory Compliance: Ongoing analysis of access, events, and risks helps align SAP systems with internal security policies and regulatory frameworks, simplifying audit and monitoring tasks.
- Flexibility and Scalability: This solution adapts to both centralized (with GRC) and distributed (without GRC) SAP environments and allows new systems or indicators to be added easily as the organization evolves.
- Improved Access Control: Comprehensive analysis of users, roles, and transactions enables detection of excessive privileges, incorrect assignments, or unexpected situations, facilitating the implementation of more effective controls.
Future Enhancements
Below are some planned measures and improvements to further enhance this tool, aiming to provide organizations with increasingly comprehensive and efficient solutions:
- Automated Alerts: A potential future improvement would be the implementation of automatic notifications upon detecting critical events within the systems. This would immediately inform security or administration teams when unauthorized access, sensitive role assignments, or suspicious changes occur, enabling faster and more effective responses.
Through the integration of Power BI and SAP HANA, an effective and scalable solution has been developed for analyzing security within SAP environments. By using this tool, organizations can gain a clear, unified, and up-to-date view of their systems’ status, facilitating early threat detection and compliance with security regulations.
This solution consolidates dispersed information from multiple SAP systems, improving monitoring efficiency. Moreover, by adapting to both SAP GRC and non-GRC environments, it ensures applicability across various corporate scenarios.