At the conference on SAP Security - Tips for Security, I shared with you the knowledge I've gained from both SoD and authorizations reorganization projects and daily tasks in Managed Services. For those of you who could not attend the conference, we have prepared a brief summary.

SAP is secure in itself. However, it is up to the customer's actions to take care of data security issues. In this particular context, it is impossible to ignore the inventory benefits of dedicated SAP Security tools.

Backups are an exact copy of our organization's most important data. Such backups should be kept off the affected system - so that a potential failure or attack does not deprive us of access to all our data.

The concept of Entitlements, in addition to the entitlement reorganization project appears like a horror to audited managers and entitlement administrators. However, this is only the case if such documentation has not been kept in the organization or has not been updated for many years, and often since the implementation of SAP in the company. One could

You may already know that as of SAP 7.40 SP8, you can use SAP security policies (SECPOL) to define user-specific security parameters, as opposed to system profile values.