• 1000

Cyber attacks are one of the biggest challenges facing companies today. SAP systems are also increasingly becoming the focus of external attackers and internal threats. The right approach to dealing with this constantly evolving threat is crucial to the survival and success of your organisation.  

Digital transformation offers an opportunity to secure the future. Digital transformation means, among other things, strengthening the security of data and processes and actively taking action before a security incident occurs. The methodology developed by KPMG helps companies to protect their SAP systems against attacks and security vulnerabilities and to strengthen the operational readiness and protection of confidential data, which is of fundamental importance for business processes.

Based on recognised good practices such as the SAP Secure Operations Map and the SAP Security Baseline Template, we have developed an extended KPMG methodology that helps companies to comprehensively implement SAP security.

SAP Secure Operations Map

Individual analyses for all SAP system types make it possible to identify potential risks for all on-premises and cloud systems and to identify and implement customised recommendations for improving security. In addition to these analyses, overarching aspects of cyber security in the overall architecture are also examined with the aim of creating a secure framework for the operation of SAP systems in the long term.

Your advantages

  • Survey of the current state of security in the entire SAP landscape (on-premises and cloud systems)
  • Identification of procedural, organisational and technical risks
  • Determination of necessary steps to improve cyber security and establishment of a robust framework for the cyber security of SAP systems
  • Support in the selection of suitable tools for the permanent and independent monitoring of the security status of the SAP landscape

Preparation and implementation of a customer-specific workshop to determine the status quo and develop initial priorities on the topics of the SAP Secure Operations Map, in particular hardening, patching, code security, monitoring and governance.

Security assessment of on-premise SAP systems in accordance with the above-mentioned best practices, consisting of automated tests (checks in the priorities "Critical", "Standard" and "Extended" as required), supplemented by manual checks, which are collected in interviews and document reviews.

Security assessment of SAP cloud systems such as BTP, SuccessFactors and others using an established catalogue of questions, consisting of automated tests (checks in the priorities "Critical", "Standard" and "Extended" as required), supplemented by manual checks, which are collected in interviews, system views and document reviews.

Project-related support in establishing the necessary SAP security settings and processes; support in conceptualisation and implementation as well as go-live check.

Support in the selection of SAP security tools (e.g. for logging and monitoring, SIEM integration, code security scanner, hardening/baselining, patching, setting up a dashboard)

Penetration test against SAP systems and landscapes from the internal network and from the Internet, provided the systems are accessible from the Internet. Attack simulations at SAP application level, operating system, database and network level as well as on technical SAP components (e.g. SAProuter, SAP Gateway, SAP Message Server).

Authorisation analysis using the KPMG AIM tool, consisting of checks on the allocation of functional authorisations (e.g. separation of functions, dual control principle, etc.) and administrative authorisations (super users, administrators, emergency processes).

We organise a regular "SAP Security Roundtable" for interested companies, at which those responsible for SAP security in companies can meet in person under the "Chatham House Rule" and exchange information openly. If you are interested, please contact us.

Magazinbeitrag IT-Sicherheit: Ausgabe 5, 2024

S/4HANA-Transformation als Booster für mehr SAP-Sicherheit

Opens in a new window

More interesting content for you

Cyber Security

KPMG develops security models for the entire IT lifecycle, including analysis, planning, d

Hands on laptop
Kreditinstitute category
Cyber security for the financial sector

We support you in all questions around cyber risks

Finger auf Tastatur
SAP category
AIM für SAP Security Scan

Sichern Sie Ihre Systeme durch eine umfassende Überprüfung der Sicherheitskonfiguration

Your contacts

Wilhelm Dolle

Wilhelm Dolle

Partner, Consulting, Head of Cyber Security

KPMG AG Wirtschaftsprüfungsgesellschaft
+49 30 2068 2323 Wilhelm Dolle Phone number
Jan Stoelting

Jan Stoelting

Partner, Consulting

KPMG AG Wirtschaftsprüfungsgesellschaft
+49 711 9060 42774 Jan Stoelting Phone number

Connect with us

Submit RfP

Stay up to date with what matters to you

Gain access to personalized content based on your interests by signing up today