Security (ACS)

THIS EVENT WILL TAKE PLACE FACE TO FACE

Cybersecurity, the practice of protecting critical systems and sensitive information from digital attacks, is always a trending topic as the threats are always unpredictable. In this event, we will be talking about everything you'll need to know about cybersecurity including internal and external threats. How the boundary-less cloud poses security concerns and what are the counter-measures? When it comes to cyber identity, hat are the key things we will need to know about access governance and cyber identity?

Our Audit, Control and Security (ACS) SIG is a well-supported group attended by a cross-section of professionals working with SAP and representing the following business areas: IT Security; (including SAP Basis experts) IT & Financial Audit and Risk Management.

Join Jonathan Cooper from Onapsis who will be talking about the Onapsis Customer Spotlight: How Dow Chemical Leverages Onapsis for Harmonized, Proactive Security & Compliance

Traditionally, cybersecurity and compliance have been two very separate functions where oftentimes the misalignment has been emphasised more than alignment toward a common goal. Add in the complexities of the compliance landscape and ever growing threats to business-critical applications, and defenders have a difficult challenge to solve with limited resources.

Andrew Morris will be speaking about Applying a Zero-Trust Approach to SAP

What is Zero-Trust?

At its most basic level, zero trust is about an approach to securing systems and data which means we must ensure we know WHO is accessing data, for WHAT purpose and intelligently limiting access to that data at all times. It is a cybersecurity term, but when applied to SAP, has a lot of touchpoints with elements with which we’re already familiar.

Authorisation management in SAP is the first step to implementing a zero-trust approach – are you limiting users’ access to only the systems and data they need to access to do their job? PAM, or EAM then extends this solution to ensure that privileged access is approved and monitored.

Infosec have tools in place to validate devices, but digital transformation in SAP, adoption of new UI, like Fiori and mobile devices can mean this is more of a challenge…

Contextual authorisations, such as UI masking, which can overlay access policies (PBAC) on top of role-based authorisations, allow us to further enhance the controls over access to data, such as limiting interaction based on location, time etc.

Tooling such as SAP GRC allows the limitation of access, visibility of interactions and better understanding of the zero-trust approach, as well as embedding the risk ownership within the business, so the access granted can be tied to the risk of that access to the underlying data and processes. Combining this with BIS, ETD and other solutions will permit extension of the Zero Trust approach to further secure your business-critical systems and data – gaining visibility of vulnerabilities and if they are being exploited allows integrations with other cyber-defense initiatives. Integrating your SAP systems with enterprise-level cybersecurity initiatives, such as DLP, security training and identity governance all permit you to grant access only where required.

This is especially relevant where we’re operating in managed services environments, where the most privileged access to our systems and data may be granted to users outside the organization. PAM initiatives especially can reduce the threat posed by these privileged accounts.

Barbara O'Cain and James Howgego from SAP will be sharing on the tools for customers to use to manage such governance and compliance. Data governance encompasses the people, processes, and information technology required to create a consistent and proper handling of an organization's data across the business enterprise. Learn how SAP SuccessFactors helps your organization exercise positive controls over handling and accessing data from the perspective of an employment attorney and a global technology advisor.

Join Chris Soden from SAP who will present SAP Updates on journey of creating Sovereign Cloud Services

SAP Sovereign Cloud offerings are deployments of security-hardened SAP cloud solutions designed to adhere to national security and secrecy requirements such as government accreditation, attestation or certification programs. Solutions offered by SAP Sovereign Cloud support personnel sovereignty requirements such as requiring SAP employees to undergo security clearance by a local government.

They will also being doing a tour of their SCIF facility in CHP.

As this is a Partner sponsored webinar, there may be some restriction on which members can attend. This means that even if your initial booking is accepted, we may contact you to cancel your booking.

Your SIG Chair:

Brian Froom, your ACS SIG Co-Chair and Information Security Manager TSE from Tata Steel will provide an update on his attendance at the Meet the Developers, where he will have met and had discussions with the SAP Experts.