SAP Operations: Patching and Security
Yesterday SAP ran behind the firewall. Today, SAP is the centerpiece of enterprise operations with an exposed attack surface. Your business depends on running SAP securely. Avantra helps you get there.
Trusted by 500+ SAP teams worldwide | 20+ Years SAP Operations Excellence
Avantra: Observability and Automation for SAP security management
Proactive SAP security management, anywhere SAP runs. Avantra provides observability and automation for three critical areas of SAP security: Software, Configuration and Users
Software
The statistics for SAP production systems are staggering: A substantial portion aren’t current on SAP Notes and HotNews. Unfortunately, triage is both time consuming and tedious: reading release documentation, comparing each system, determining applicability. Make it automatic. Eliminate the applicability guess for systems. Deliver the shortest possible window between notification and protection through automated application.
Avantra automates HotNews, SAP Notes, Kernel Upgrades and underlying Operating System patches.
Configuration
The right settings keep systems functional and secure. Unfortunately, it’s easy for environments to drift from policy, even accidentally. Updates, newly provisioned systems and run-time environment changes all create opportunities for configuration drift. And it’s not just systems: SAP profile parameters drift, too.
With Avantra, automated checks automatically verify each system for correct configuration and detect configuration drift. Enterprise policy remains consistent across the SAP systems landscape, catching changes in hours instead of audits. Avantra monitors certificates, too, alerting Basis teams before certificates expire. Automatically monitor on-premises, BTP, CPI and Cloud Connector, preventing unnecessary unplanned downtime
Users
The most common source of audit findings is unchecked user access. With Avantra, SAP systems are continuously monitored for compliance with authorization policy. Monitor user credentials, identify elevated access, and automatically detect incorrect separation of duties authorization errors.
Avantra automation helps manage the authorization lifecycle, automatically removing orphaned accounts, provisioning and deprovisioning users and performing access reviews.
Comparing SAPOps Solutions
The hybrid SAP estate is the natural outcome of an incremental and pragmatic journey to Cloud ERP. During this multi-year period, enterprise IT organizations concurrently operate legacy on-premise SAP ECC systems, newly deployed hyperscaler infrastructure, Cloud ERP and SAP Business Technology Platform (BTP). Hybrid increases the operational burden on SAP Basis teams tasked with maintaining legacy stability while simultaneously architecting the future state.
As Solution manager was ideal for the on-premises estate, and Cloud ALM is excellent for cloud-first, cloud centric SAP customers, Avantra is the best choice for SAP operations when firms require a single pane of glass across both.
| Capability | Avantra | Others |
|---|---|---|
|
SAP Landscape Support
| Supports security operations anywhere SAP runs: On-premises, hyperscaler, Cloud ERP, BTP, Integration Suite and more |
Not designed specifically for SAP: generic IT security solutions |
| SAP Notes, HotNews, Kernel Upgrades and OS Patches | Robust SAP-specific support includes monitoring, applicability analysis and automated application in many cases. | OS level capability only, with manual activities required for SAP Notes and HotNews analysis |
| Systems, Settings and Profile Configuration Monitoring | Detects configuration changes and drift across dozens of SAP paremeters and configuration elements. Specifcally designed to detect changes in the SAP runtime environment. | OS and infrastructure only, without SAP application tier configuration and security policy monitoring |
| User Lifecycle and Authorization Policy | Directly manages SAP users and provides continuous monitoring for audit compliance with authorization policy in SAP | None |