In today’s 24/7 economy, businesses require data to be available anywhere, anytime, from any device. As their SAP systems need to communicate with other SAP and non-SAP systems, internally and externally, this creates significant security concerns. To protect your system from malware, virus and ransomware attacks and stay compliant with regulations like GDPR at the same time, Expertum has developed a practical solution.
On the second Tuesday of every month, SAP releases security fixes for vulnerabilities reported by external researchers, partners, customers, and SAP’s internal development teams. Those security patches are listed on SAP’s Community Wiki, where customers can access them and verify their applicability to their systems. As ensuring the safety of your SAP system is as valuable as your data and processes themselves, SAP’s security patch list is an invaluable source of information.
Unfortunately, the sheer volume of patches released monthly can be overwhelming, making their classification and prioritisation a full-time job. Because Expertum, as a value-added reseller (VAR) and primary support provider for SAP, considers security a priority, we have now implemented an automatic notification system with the help of Focused Run that alerts our support team every time SAP releases high-priority security vulnerabilities and fixes. These notifications are automatically matched against the configuration of our customers' systems, making change management much more efficient as only those corrections applicable to your specific environment are listed.
These security services are an extension of our application management support offering. Every month, the released SAP security patches are evaluated against the SAP software release of our customer's systems, and a review report is generated classifying the patches according to their significance: very high, high, medium, and low. This report is accompanied by our recommendations based on our experience and best practices. It can be used by our customers to plan the patching process themselves or to ask our support services to do so for you.
If you are interested in these security services, feel free to contact Aaron Beerens directly.