Real-world advice and practical steps to secure your business critical SAP applications.
Do you know that 95% of SAP systems are exposed to vulnerabilities, effecting compliance, performance and the overall business?
Hear veteran SAP security expert Gordon Muehl provide a detailed State of SAP Security with expert advice on how to ensure your systems stay safe, current and efficient.
Gordon, handles the state of security slides 4-6
Rafi will moderate 7-8
Rasmi will then talk to slides 9-14
Guy will take panaya and demo
Rafi will come back at slide 23 thank guy and moderate
How do you handle ABAP security in SAP system today?
Have not yet secured/do not have resources for security
Not concerned with ABAP security right now
Currently evaluating available security tools
Already have a security tool in place
We will wait a few moments allow everyone to answer the question
95% of ERP Systems are exposed to vulnerabilities
60% of IT & IT security professionals feared the impact of a an attack on their SAP applications would be catastrophic
The average estimated cost of SAP systems taken offline $4.5 Million
Ponemon Institute Research report Feb 2016. surveyed IT & IT security practitioners involved in the security of SAP applications
75% of IT and IT security professionals think that it is likely their sap platforms have at least one and possibly more malware infections
SAP ERP applications were ranked within the top 5 SAP applications most vulnerable to attack
While 70 % of enterprises skip security and compliance audits of their ABAP code
Only 25% of respondents were confident that they could immediately discover a SAP application breach
47% of those surveyed expect the frequency of attacks against SAP infrastructure to increase over the next 2 years.
*Based on Ponemon Institute Research 2/16
A Key take way from Ponemon’s research was that senior leadership values the importance of and the criticality of SAP installations to profitability. Yet, 63% say C-level executives tend to underestimate the risk associated with insecure SAP applications and only 21% of senior leadership were aware or shared the concern of an attack on their SAP application.
But before we carry on, let me ask you another question….
Do you think your organization would favor
A one time security project – handled by internal resources
A one time security project – using staff augmentation, consultants or outsourced
Ongoing security practice built into daily releases and change management
One time internal project and ongoing automatic review
One time aided project and ongoing automatic review
Do you think your organization would favor
Strict approach - Fixing all security issues and making sure no new issues are added
Practical approach - Fixing only the critical security threats
Trust and improve approach - Reviewing the current state and making sure no new issues are added
Not sure - we need to review the issues 1st and then decide
Panaya CloudQuality Suite has simplified the remediation of security issues, by streamlining the automation of code security audits into the ongoing ERP maintenance activities.
Organizations no longer need to take on major security projects that require extra IT time, budgets and manpower.
PCQ will provide a code quality assessment that pinpoints critical vulnerabilities in ABAP® program code, identifying core security and quality issues, guidance on how to correct and integration with development processes
Manage
Automation
Evidence
General – best practice
Automate
Integrate security in ongoing ERP maintenance
Train developers to write secure code
Guy’s visuals
Would you like a Panaya representative to contact you to set up a free assessment?
We will wait a few moments allow everyone to answer the question…
For those of you who don’t know, Panaya is the leading organization when it comes to implementinf your SAP changes. With more that 2000 customers and 9000 projects, we know how to deliver change faster, better, safer.
Landscape Health check assessment
Customization and usage mapping
Market trend analysis
Details and accurate simulation of change impact , fix and test
Alerts on Recommended Patches and security breaches
Real-time reporting and project tracking
Crowd wisdom insights
Eliminate initial testing to identify defects
Actionable, task-based plan for all code fixes and tests
Automated and prioritized tasks for efficient execution
Ability to work in parallel for test and development activities
Tight workflow with collaboration between all project participants
Automation of project assessment, plan, impact analysis, testing and validation processes to avoid human prone errors
Proven and standardized processes based on the experience of thousands of projects analyzed with Panaya
Machine learning algorithm continuously identifies break patterns and transforms them into best practices for the Panaya community
Static code analysis of ABAP code identifies, prioritizes vulenerabilitie sand performance issues