Enterprises use SAP well beyond simple back-office only accounting software. Today’s SAP systems are highly integrated and used by thousands of people daily across dozens of departments, and that’s just for a single large enterprise! As a central part of business operations, getting SAP security right, and durable operations with it, have become essential responsibilities for IT teams.
The term “security” covers a huge range of topics in IT operations, and we don’t claim to address them all. However, Avantra does do Five critical things to make SAP and SAP operations more secure. These items are often missed by solutions not specifically designed for SAP, and topics well-run SAP shops should monitor carefully.
SAP Notes, HotNews & Patches
Systems with documented vulnerabilities are easy targets. But managing updates can be a daunting task: different deployed SAP versions and architectures determine applicability and patch processes.
What if you had a system that monitored SAP releases for all HotNews and SAP Notes, and automatically identified which patches apply to your specific environments across all SAP systems? That’s exactly what Avantra does, providing a real-time report of applicable notes, already deployed notes and the status of manual steps if required.
SPAM and SAINT patching are similarly automated, and especially useful when preparing to update SAP systems.
Configuration Drift
Things can change over time and for numerous reasons: numerous accidents, restoring backups with old configurations, even bad actors – the list is long. Avantra automatically detects these changes at the OS, SAP kernel, and SAP application layers, and in many cases, automatically corrects them with automation as well.
An extensive library of checks is available, spanning everything from the OS and database level to ABAP and JAVA core services, and up through to the SAP application level - including certificates, settings and more. Avantra leverages a combination of best practices and custom configuration to monitor systems across the estate on a regular basis, automatically detecting and reporting configuration changes.
Backup and Restore
Everyone backs up their core SAP systems and database, right? For customers with 24/7 operations, backup isn’t a trivial task. Avantra automates the process of bringing systems on-and-offline, starting and stopping SAP services, and orchestrating the SAP backup process.
But what about the SAP operations solution?
Large SAP customers are discovering a limitation of Cloud ALM – the lack of a client-specific backup and restore. So, those with very large configurations have a risk exposure where an unintended change is not easily recoverable.
Avantra supports backup and recovery of the Avantra platform on a client-specific basis. Its policy-based approach scales to hundreds of servers and thousands of individual monitors and checks across SAP whether running in the cloud, at hyperscalers or in classic on-prem deployments.
Segregation of Duties
Avantra supports the concept of segregation of duties.
First, Avantra itself is designed around a role-based security model. Individual users are provisioned with visibility and authorizations specific to their role in SAP operations. This ensures access to systems is based on policy and correct authorizations only.
Second, Avantra continuously monitors SAP itself, ensuring there are no users with too many or the wrong set of permissions. (SAP-ALL, anyone?) Avantra monitors access policy, too. For example, if a certain user has authorization A, they must not also have authorizations B and/or C or violate any business rules that apply.
Removing Old Users Across the SAP Estate
Good SAP operations hygiene means keeping user authorizations current. Avantra helps automate this task.
In addition to monitoring user profiles for role assignments and client access, Avantra User Profile automation readily reports on profiles with access to SAP systems under management. This makes it easy to identify systems with lingering accounts or other user profile-based security exposures, and automate cleanup.
Tight and Tidy
Good SAP operations are often an exercise of consistent discipline. Avantra helps by automating many common SAP operations tasks, ensuring compliance across all systems in the SAP estate.
Automation configuration and operations checking can save hundreds or thousands of man-hours annually - especially in larger SAP estates - while increasing the reliability and security of everyday SAP operations.
To learn more about Avantra SAP Security, System Checks and Automation, speak with one of our experts to find out how we can help transform your SAP operations and make your landscapes more secure.