SAP & Information Security
Security within a SAP system is key to your internal control environment and to ensure availability and reliability of its data. If your SAP security is not designed carefully, sensitive and confidential information may leak, your mission-critical business operations may be interrupted or fraud may be left undetected.
Deloitte’s experience shows indeed a shift from the traditional external attacks and internal security incidents to the more complex environments of applications, including SAP and its underlying database. The complexity is caused by the custom-development, the customisations, the complex interfaces and the difficulty of deploying off-the-shelf tools to fully protect the applications.
Why Deloitte?
To verify the level of security of an SAP implementation, Deloitte performs an Application Vulnerability Assessment to provide a snapshot independent of the organisation and application history. Such an assessment highlights flaws in the configuration, customisations, the coding of peripheral services or the interfaces with other applications. The root cause behind such flaws may be errors, omissions or even malicious intent.
In addition, using the Deloitte Authorisation Concept Analyser, we extract, identify and report SAP access control issues and identify areas of weak passwords, weak account control and inconsistent security settings, with special attention to the set up and monitoring of powerful SAP roles and profiles. In addition, our assessment covers system-level and database security supporting your SAP.
Our methodology is designed to support any or all of the four phases of our security services: Assess, Architect, Align, Attest.
Material on this website is © 2013 Deloitte Global Services Limited, or a member firm of Deloitte Touche Tohmatsu Limited, or one of their affiliates. See Legal for copyright and other legal information.
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms.