Security within a SAP system is key to your internal control environment and to ensure availability and reliability of its data. If your SAP security is not designed carefully, sensitive and confidential information may leak, your mission-critical business operations may be interrupted or fraud may be left undetected.
Deloitte’s experience shows indeed a shift from the traditional external attacks and internal security incidents to the more complex environments of applications, including SAP and its underlying database. The complexity is caused by the custom-development, the customisations, the complex interfaces and the difficulty of deploying off-the-shelf tools to fully protect the applications.
To verify the level of security of an SAP implementation, Deloitte performs an Application Vulnerability Assessment to provide a snapshot independent of the organisation and application history. Such an assessment highlights flaws in the configuration, customisations, the coding of peripheral services or the interfaces with other applications. The root cause behind such flaws may be errors, omissions or even malicious intent.
In addition, using the Deloitte Authorisation Concept Analyser, we extract, identify and report SAP access control issues and identify areas of weak passwords, weak account control and inconsistent security settings, with special attention to the set up and monitoring of powerful SAP roles and profiles. In addition, our assessment covers system-level and database security supporting your SAP.