Three More Reasons for using Solution Manager to Secure SAP Systems from Cyber Attack
Our recent article outlining the advantages of using SAP-delivered components versus third party software resonated strongly with customers seeking an effective and cost-efficient solution to address cyber threats impacting their SAP systems. The article examined the five key benefits of a Solution Manager-based strategy that included lower costs through the avoidance of licensing and maintenance fees for third-party software, the ability to configure custom security checks to address system, company or industry-specific risks, alerting for critical security events, detailed reporting driven by SAP Business Warehouse, and the availability of SAP support. The article presented a compelling argument for selecting SAP Solution Manager over the host of competing solutions offered by independent vendors.
The benefits delivered by Solution Manager stem from the depth and volume of security-related data that is continuously pulled from managed systems into the platform. Solution Manager lays at the core of SAP system landscapes and therefore occupies a central vantage point to oversee the security of connected systems. In contrast, third party software solutions are not embedded within SAP landscapes to the same extent and therefore lack the connectivity and range of Solution Manager.
Aside from the advantages mentioned above, there are three other benefits delivered by Solution Manager for security monitoring. The first is the availability of security dashboards. SAP delivers three security apps through the standard WebDynpro dashboard application in Solution Manager, located in the Cross-Application section for dashboard apps. This includes the Security Overview app, which summarizes security policy compliance by system across landscapes, the Security Details app, which displays compliance levels for software, configuration and user categories, and finally, the Security List app, which conveys security compliance levels for every SAP System ID. Dashboards apps can be automatically refreshed as often as every 5 minutes to provide security information in near real-time.
The second is Solution Manager’s ability to deliver detailed metrics for analyzing changes. Like third party solutions, components such as Configuration Validation in Solution Manager are able to pinpoint differences between actual and recommended security settings. However, Solution Manager goes a step further by enabling users to drill-down into the underlying changes that created risks identified by security scans. This is performed through Change Analysis which provides timestamps for changes in managed systems and the original values for instance, profile or other parameters before the changes were implemented.
The third is Solution Manager’s flexibility to support security policies aligned to any compliance framework. This includes not only familiar frameworks such as SOX and PCI DSS but requirements that are unique to specific industries or sectors. The transparent security checks performed by Configuration Validation can be customized for all regulatory, statutory and other forms of compliance standards.
Organizations do not have to look far for the solution to remove security vulnerabilities in their SAP systems. Most are delivered with standard license agreements by SAP and can be leveraged immediately at zero cost. Tools such as Configuration Validation provide a powerful and cost-effective alternative to third party solutions. They are also fully supported by SAP. You can learn more about SAP Configuration Validation here or contact Layer Seven Security to unlock the value of your Solution Manager systems.