FEDER
C/María Berdiales, 20, 4ª Vigo (Spain)
+34 886 113 106
info@inprosec.com
enEnglish
esEspañol

SAP® Security Services

Optimise the security level of your SAP® installation

Secure your SAP and minimise risks

At Inprosec we have a solid experience in SAP security services and, therefore, we can help you with the implementation of  policies and procedures that improve productivity and avoid risks in SAP systems, such as role design, SAP security assessment, identity management and customised projects.

Role Design

Reduces SAP user accesses that may pose risks or conflicts

We use the best practice methodology to review and create task-based roles, minimize SoD conflicts and guarantee the role model to save time on processes.

Knowing and understanding

We know the business and work to understand your needs.

Efficiency

We create just the accesses that the business needs.

Saving

The role model we designed requires less effort. (=10 min/role).

SAP® Security Assessment

Check the security level of your SAP® systems

The SAP Security Assessment is an integral security product that Inprosec offers to its clients to provide information on the main risks existing in SAP ® systems.SAP ® systems.

One of the biggest issues regarding Segregation of Duties (SoD) in SAP systems is the lack of information about it. Is it a problem or not? Are the existing risks specific from several departments or process?; etc. Inprosec offers a Risk Analysis to SAP customers in order to provide them with reliable and concise information about SoD Risks.

Benefits

  • To have information regarding SoD Risks in SAP systems.
  • To define actions and improvement proposals to reduce SoD Risks in SAP Systems.

The first step to understanding and reducing SoD risks in a SAP system is to know how the Role Model is built and also how it is assigned to users.

Inprosec offers a Role Model Analysis, due to the SoD Risks and the transactional usage, in order to analyze the hypothetical reduction of risks using the current role model or by introducing a comparison against the implementation of a Role Model based on Best Practices.

This service also includes a SoD Risk Analysis because it is necessary to perform a proper Role Model Analysis.

With this service, the company can get an overview of the security level of the SAP Systems, including the following sections:

  • Users and passwords.
  • IT Sensitive Access Risk Analysis.
  • Technical Analysis of Vulnerabilities.
  • Security Parameters.
  • Performance System Overview.
  • Policies and Procedures.

The goal of the Intrusion Test in SAP systems is to compromise them, simulating a cyber attack in order to find out the security weaknesses, both from the targeted platform or from any other surrounding system.

Phase 1

Information gathering

Phase 2

Vulnerability detection

Phase 3

Technical vulnerability analysis

Phase 4

Permits escalation

Another major challenge in making SAP systems more secure is designing and developing secure custom applications (commonly called Z).

Inprosec offers a code analysis that helps companies to guarantee that those custom applications do not present security vulnerabilities or performance problems in order to ensure the required quality and regulatory compliance.

With the results from this report, it will be possible to perform specific actions to correct and improve the application performance, in order to satisfy both internal and external audit requirements.

Identity Management

Optimise access management of your SAP® systems

Single Sign On

One of the biggest issues, that affects companies that present multiple SAP systems, is the effort spent in password management. The implementation of a Single Sign On in SAP systems will result in a reduction of the required effort in this task, due to the fact that the user will only need to choose which SAP system wants to access without typing neither his/her SAP user and password.

Benefits

  • Reduction of the time and effort spent in password management (creation and modification).
  • Reduction of risks related to the publication of passwords by users.

Implementation SAP IDM

One of the biggest challenges is to achieve an efficient and productive access management process. SAP Identity Management supports companies to centralize identities (one person can have several users under one unique identity). SAP IDM has a free license to use it in SAP systems (however, it is not free for Non-SAP systems).

Benefits

  • Allows the usage of Password Self-Service without the need of other application´s licenses.
  • Allows the creation of Approval Workflows previous to the access assignment.
  • Creation, Modification and Deletion of users in any system (not only SAP).
  • Assignment of accesses based on positions. If an employee promotes to GM, IDM will assign the accesses needed in the required system and will remove the previous ones.

Custom Projects

Our expertise and flexibility at your disposal

  • Risk matrix
  • User management procedure
  • Backup policy
  • Program change procedure
  • Password policy
  • Contingency plans

Due to the adaptability of Inprosec, while doing its projects, there are a lot of them that cannot be directly assigned to any of the business areas described above. These are the most relevant ones:

  • Process Automatization (Scripts) through transaction LSMW.
  • Setting up of security applications in SAP Solution Manager: EarlyWatch Alert, Service Optimization Service and Configuration Validation.
  • Installation of the tool “Read Access Logging”.
  • SAP Licensing Audit.

Why choose Inprosec?

people

Multidisciplinary team

At Inprosec we have a multilingual team formed of various academic profiles (engineers, business, analysts, audit, …) who perform their duties assuming the roles of consultants, auditors, project managers, etc.

signal_cellular_alt

Continuous improvement

In a world that is constantly changing, it is fundamental learn and improve to adapt and offer services aligned with the needs of Customers.

add_task

Value proposition

  • We are not incompatible with audits.
  • We are independent. We are Consultants.
  • We do not compete in markets that are unfamiliar to us.

Can we help you with the SAP Security of your company?

Contact us
keyboard_arrow_up