Our Audit, Control and Security (ACS) SIG is a well-supported group attended by a cross-section of professionals working with SAP and representing the following business areas: IT Security; (including SAP Basis experts) IT & Financial Audit; and Risk Management.
The full agenda and content for this session will be online shortly, but take a look at our confirmed sessions:
Learn Why Security is Key to a successful migration to S/4 HANA
Security should always be a key part of a successful SAP system, and if you are making the move to S/4 HANA involving the security team all the way through will make that transition go as smoothly as possible. S/4 HANA can look and be used differently to SAP ECC, so to really maximise the investment of implementing or migrating, processes could be updated to better practise and the Fiori user interface be fully utilised.
All phases of the change process require good security, being an enabler for process workshops, and to control the phases of whatever transformation process and methodology is being followed. Deployment scenarios and architectural considerations bring different security considerations into your project.
Security will need to partner with every team on the project, all the time – enabling access to new functionality like process changes or using Fiori apps instead of transactions, but doing this securely and right first time, to avoid pain later with data migration, performance tuning, testing, training and go live.
During this session Cavan Arrowsmith from Turnkey Consulting UK will cover:
Cavan will also provide you with frameworks to help you with the development of effective Fiori and S/4 HANA role design, access controls and process change - while showing you how to accelerate the security and compliance components of your SAP S/4 HANA transformation programme.
Cavan will also present Beyond the Application – securing the whole SAP estate
Securing SAP systems is about much more than just the roles and authorisations maintained within the application. You must consider the wider threat landscape, which is more prevalent with the modern SAP estate than ever before. Ransomware, penetration, account takeover, data exfiltration, lateral traversal – all of these terms are becoming increasingly visible and SAP is not immune from the cybersecurity challenge. It is no longer valid to say “SAP is within the network, so is safe” – zero trust means that you must assume a breach will happen, and how you’re set up to deal with that is essential in securing yourselves and your operations.
Cavan will discuss the evolving threat landscape to the SAP estate and the key integration points between securing SAP the application, and the IT components on which the application is running. We will explore the kinds of protections which are applied to other IT systems and explore the integration points which allow you to take advantage of those protections around your critical business applications.
He will explore some of the initiatives you can undertake to minimise this risk and, importantly, how to involve your stakeholders in understanding and addressing risks which impact their operations, whether those be business application owners or the wider IT security organisation within your company. Cavan will show how common approaches to layered defense can help to break down silos between business applications and IT security functions to achieve a coherent, integrated approach to defending critical assets.
At the end of this session, you should have an understanding of the changing nature of the threat landscape, an appreciation for some of the techniques used to exploit vulnerabilities within the estate and some key points to discuss with the business and IT leadership to ensure your SAP systems are integrating with (and integral to) your cyber defense strategy.
Our UKISUG Audit Control & Security SIG Chairs:
Brian Froom has 21+ years’ experience as an IT Auditor across different sectors. He is currently involved in the security and monitoring of Tata Steel’s SAP installations across UK and Europe.
Rhian Parry has been leading Welsh Waters IT External Audits since 2012 along with the SAP Access and Authorisations Annual user reviews with SAP licence Management now in her remit as Dwr Cymru Welsh Water’s SAP Assurance Lead within the SAP Centre of Excellence.
THIS EVENT WILL TAKE PLACE ON ZOOM