Contact us today.

Subscribe me to your mailing list

SAP BI Security

What is SAP Business Intelligence (BI)?

SAP Business Intelligence (BI) is among of the most widely-used, it is responsible for business system analytics and visualization of critical corporate data. It is used for analysis of both regular and Big Data imported from other management and accounting systems. In some way it is an aggregator of data. On the basis of this data plans are made for the corporate business processes. The fact that it often has connections with industrial control systems makes it extremely appealing for attackers.

SAP BI Security Risks

There are multiple risks related to SAP Business Intelligence Systems (SAP BI). Here you can find descriptions for some of them.

Financial reports: Document theft (Espionage)

After having gained unauthorized access to business intelligence system, an attacker gets hold of sensitive financial data and can publicly disclose it or use it for financial fraud purposes. As a result, the company may get embroiled in lawsuits that would incur serious financial losses.

Financial reports: unauthorized data modification (fraud) (sabotage)

Unauthorized changes made to financial reports that are processed in SAP BI may cast doubt on the credibility and accuracy of the company’s financial statements. This could be done to divert the attention of the management from something else, to jeopardize organization’s relationships with auditors or to put at risk investment returns on the projects.

Tangible and intangible resources unauthorized data modification (sabotage)

Unauthorized modification of analytical reports on available resources may cause incorrect estimations of the resources being spent or employee workload. This can result in misuse of funds and other indirect losses.

Sales reports unauthorized data modification (sabotage)

Distortion of sales report analytics may cause wrong conclusions about the product range development, pricing strategy and material purchase policies. This can lead to misusing funds or provoke other indirect losses.

SAP BI Vulnerabilities

SAP BI uses SAP Business Objects Application Server as a main platform, thus it is potentially vulnerable to all the vulnerabilities of the platform, which approximate to at least 100. These vulnerabilities can compromise access to the system. In addition, there is a risk that attackers can obtain default passwords.

The number of vulnerabilities found in this system is not as high as in the others, however the amount of available research papers is comparatively small. The report “Analysis of 3000 vulnerabilities in SAP” shows a gradual increase of the percentage of vulnerabilities found in SAP BusinessObjects Application Server platform.

How can we help our customers with SAP BI Security?

ERPScan Security Monitoring Suite for SAP have specific checks to analyze your SAP BI system for security issues. This award-winning software is the only solution on the market certified by SAP SE to identify, analyze and remediate all security issues, and to protect against cyber-attacks and internal fraud. It embraces the three tiers of SAP security: vulnerability Management, source code review for custom programs, and segregation of duties (SOD).