Cyber attacks are one of the biggest challenges facing companies today. SAP systems are also increasingly becoming the focus of external attackers and internal threats. The right approach to dealing with this ever-evolving threat is critical to the survival and success of your business.

Comprehensive implementation of SAP security

The digital transformation offers an opportunity to secure the future. Among other things, digital transformation means strengthening the security of data and processes and actively taking measures before a security incident occurs. The methodology developed by KPMG helps companies to protect their SAP systems against attacks and security vulnerabilities and to strengthen the operational readiness and protection of confidential data, which is of fundamental importance for business processes.

Based on recognized good practices such as the SAP Secure Operations Map and the SAP Security Baseline Template, we have developed an extended KPMG methodology that helps companies to implement SAP security comprehensively.

Ready to talk? Contact us

assessment

Analysis of the current security configuration of your SAP systems and identification of suitable measures to minimise security risks.

Let us advise you now

Our range of services

Individual analyses for all SAP system types make it possible to identify potential risks for all on-premises and cloud systems and to identify and implement tailored recommendations for improving security. In addition to these analyses, overarching aspects of cyber security in the overall architecture are also examined with the aim of creating a secure framework for the operation of SAP systems in the long term.

Your advantages

Survey of the current state of security in the entire SAP landscape (on-premises and cloud systems)
Identification of procedural, organizational and technical risks
Determination of necessary steps to improve cyber security and establishment of a robust framework for the cyber security of SAP systems
Support in the selection of suitable tools for the permanent and independent monitoring of the security status of the SAP landscape

For interested companies, we organize a regular "SAP Security Roundtable", where those responsible for SAP security in companies can meet in person under the "Chatham House Rule" and exchange ideas openly. If you are interested, please contact us.

Interested in our services? Contact us

IT security magazine article: Issue 5, 2024

S/4HANA transformation as a booster for more SAP security

Download

SAP Security Workshop

Preparation and implementation of a customer-specific workshop to survey the status quo and develop initial priorities on the topics of the SAP Secure Operations Map, in particular hardening, patching, code security, monitoring and governance.

SAP Security Assessment

Security assessment of on-premise SAP systems in accordance with the above-mentioned best practices, consisting of automated tests (checks in the priorities "Critical", "Standard" and "Extended" as required), supplemented by manual checks, which are collected in interviews and document reviews.

SAP Cloud Security Assessment

Security assessment of SAP cloud systems such as BTP, SuccessFactors and others using an established catalog of questions, consisting of automated tests (checks in the priorities "Critical", "Standard" and "Extended" as required), supplemented by manual checks, which are collected in interviews, system views and document reviews.

SAP-S/4HANA-Projektsupport

Project-related support in establishing the necessary SAP security settings and processes; support with design and implementation as well as go-live check.

Guidance for the selection of SAP security tools

Support in the selection of SAP security tools (e.g. for logging and monitoring, SIEM integration, code security scanner, hardening/baselining, patching, setting up a dashboard)

SAP Penetrationstest

Penetration test against SAP systems and landscapes from the internal network and from the Internet, provided the systems are accessible from the Internet. Attack simulations at SAP application level, operating system, database and network level as well as on technical SAP components (e.g. SAProuter, SAP Gateway, SAP Message Server).

SAP-Berechtigungsanalyse

Authorization analysis using the KPMG AIM tool, consisting of checks on the allocation of functional authorizations (e.g. separation of functions, dual control principle, etc.) and administrative authorizations (super users, administrators, emergency processes).