Contact us today.

Subscribe me to your mailing list


GDPR for SAP: How to find personal data and assess privacy risks?

Numerous organizations, which implemented SAP products, have a large backlog of measures needed to establish secure information processing. SAP systems are so complicated and mission-critical that many IT professionals consider unsafe but functioning SAP systems as an upbeat state of affairs.

The forthcoming GDPR will disrupt the status quo and force CISOs to implement data privacy controls in SAP systems. This article is intended to contribute to the improvement of security of existing SAP systems and data handling to meet GDPR requirements.
Read more..

EAS-SEC. Oracle PeopleSoft Security Configuration. Part 5: Open remote management interfaces

In most cases, enterprise applications provide functionality for remote administration of the systems as well as access to various technical services. Such services can be available for connection from the Internet, and, in case of unsafe settings, be remotely managed without any authentication procedure.

PeopleSoft applications are integrated, and most of the remote configuration is performed in Portal by a user with certain privileges. However, there also may be the ability to interact with the PeopleSoft Servlets by sending to them certain commands.
Read more..

More than 1000 PeopleSoft applications are exposed to the Internet. What are the risks?

Oracle PeopleSoft is widely implemented in midsize companies and large enterprises (many from the Fortune 100) in various industries to manage resources. This software is also in use at Governmental and Higher education institutions.

PeopleSoft Suite includes Human Capital Management, Financial Management, Supplier Relationship Management, Supply Chain Management, and other applications. No need to say that these applications store and manage sensitive business-critical data.

A common misbelief is that enterprise software is not running on a public-facing network. Nonetheless, we conducted a scan that revealed there are more than 1000 unique PeopleSoft apps accessible via the Internet.
Read more..

SAP Cybersecurity Framework at a Glance

In the light of the increasing number of attacks against ERP systems and weaknesses discovered almost every day, there is a need to reorient a cybersecurity approach. The trend of coping with countless cybersecurity challenges in a fragmentary manner menaces organizations by sabotage, espionage, and fraud. Without C-level guidance, an enterprise security team working with a chaotic security solution stack, cloud applications, and eroding system boundaries cannot keep up with the imminent security hazards. This way, aiming to systemize the methods of coping with potential attacks, SAP Security Framework was created.
Read more..

SAP Security for CISO. Part 12: SAP Mobile Infrastructure Security

SAP, like any other large vendor, is evolving towards greater mobility and providing access to its applications from different devices located anywhere in the world. Therefore, its product portfolio includes solutions that allow mobile users to interact with business applications such as those based on ABAP, Java or HANA platforms. In this article, you will learn the most relevant explanatory notes about SAP Mobile Platform and SAP Afaria, their vulnerabilities and security trends.
Read more..

GDPR Explained: What are the Security Requirements?

The upcoming GDPR will bring substantial changes to how organizations process personal data. Companies will learn how to be transparent and credible or face fines of up to €20 million or 4% of annual global turnover – whichever is the greatest. The key elements of GDPR will be explained here.
Read more..

IT Controls in SOX-Compliant SAP Systems

Notorious frauds such as Societe Generale and UBS highlight the importance of internal controls. Societe Generale’s trader was assigned to a low-risk/low-return Delta One desk. He used his knowledge of the trading system and related controls to enter fictitious trades into the system to offset his real unhedged trades. He knew about certain nightly system checks and reconciliations built into the trading controls that would flag his fictitious trades. To elude controls, he erased his fictitious trades when the system checks happened and reentered them into the system after the checks were completed. The system did not flag temporary imbalances. As result of the massive trading positions he entered into, Societe Generale lost $7.2 billion. At UBS, too low-risk/low-return trader exploited his knowledge of the ETF trading system that led to bank’s loss of $2 billion.
Read more..