SAP Security & Authorisation

Implement SAP Security Concepts to protect customers SAP environment

Technology Services


By definition, SAP systems contain corporate information and sensitive personal data, all data that must be safeguarded from improper access, managed and stored in compliance with a series of laws, regulations and frameworks relating to privacy and security. However, the task of protecting and safeguarding does not end with mere user profiling for the timely access to data, it also involves a series of activities aimed, at a technical SAP infrastructural level, at reducing the opportunities for attacks by potential hackers, implementing all the fundamental precautions for security, such as creating ACL files, encrypting communications and changing parameters. It is worth keeping in mind that security is not a tool, but a process that involves all corporate functions.
The SAP BASIS expertise gained our company over the years has allowed us to develop vertical skills in the field of ​​perimeter security for individual SAP instances and communications between systems. To complete the range of services offered, as well as ensure efficiency, productivity and security for our partners during the implementation and management of their IT solution, has also accumulated expertise on the use of the main cutting-edge tools in this field.

SAP profiling projects

The skills and experience gained on numerous Security projects allow us to deal extensively with every aspect of this type of project and to offer our skills and knowledge to our partners and their personnel. Over the years, we have gained significant expertise in the management of SAP user profiling and SAP GRC projects that allow the procedures and flows related to the customer’s business to function in an optimized and safe manner. We work in critical contexts where our groups are required to ensure compliance with regulations, for example (GDPR, SOX, ISO, GXP).
Anyone connecting to SAP systems must have all the necessary authorizations to carry out the cycle of activities for which they are responsible, but they must not be able to access or interfere with other procedures. Through innovative Secure Login solutions (SAP Single Sign-on), productivity is improved for both the user and the IT department. We protect business-critical data in SAP solutions through a single secure connection to the environment. Secure access is guaranteed by a high level of encryption, managing accesses centrally, ensuring the speeding up of activities and increasing the level of security of the entire IT structure.

Infrastructure security/SAP hardening

The service consists of sequential phases designed to structure analysis and implementation work tailored to the customer. Starting from an exploratory phase of the SAP systems and their specific use in the customer’s business processes, we then perform a specific security analysis of individual SAP components, so that we can outline the security level of the infrastructure with a list of weak points, vulnerabilities and consequent corrective actions.
A short interview with the customer provides a general view of the business flows of the various systems and related technologies in use. This phase is of strategic importance to properly structure the subsequent phases for the analysis and definition of security implementations.

The details of the analysis

Analysis of individual SAP systems and communication channels by BASIS experts
  • Landscape SAP ABAP
  • Landscape SAP Java
  • SAP Web Dispatcher
Areas of ACL (Access Control List) analysis Creation of specific ACL rules to filter incoming communications on individual systems, blocking any unwanted or unknown calls
Communications encryption Implementation of SAP Cryptographic Library and Secure Network Communication (SNC) security products to ensure secure communications for communication channels between SAP server components (e.g. RFC) and with front-end devices such as the users’ SAPGUI
HTTPS security protocol checks for all WEB communications
  • Hardening of the Message Server and SAP Gateway components
  • Encryption of network traffic through SAP Web Dispatchers
  • Management of digital certificates signed by the Certification Authority (CA)
  • Isolating the publication of specific pages/services shown through SAP Web Dispatcher
  • Creation and analysis of SAP Early Watch (EWA) reports for the identification of any additional security parameters recommended by SAP specifically for the system in question

Data analysis and categorization by the following categories

- Alert
- Description
- Urgency/Criticality
- Implementation effort
- Impact on the Customer

Sharing of results

Every detail of the reports is provided, including the actions to be taken weighted on the basis of the urgency/criticality of the vulnerabilities, implementation effort and impact on the customer.
This allows the shared identification of the implementations that need to be completed with a particular focus on possible impacts.

Security measures

The last phase is a purely operational one, in which our SAP BASIS engineers implement all the agreed security solutions to achieve the desired level of security.