News Stay informed about the latest enterprise technology news and product updates.

SAP takes its security measures one step at a time

Online collaboration is risky business without the proper security safeguards. SAP recognizes that and has created a three-step process to govern the security of e-business transactions conducted through its platform.

In any online collaboration, fear is never far from the surface. Whether they are connected through the Internet or through back-end communication, companies fear for the safety of their data.

SAP AG takes that fear into consideration with the security features of its software platform, which allows for collaborative e-business via portals and marketplaces. To prevent the wrong eyes from peeking at a company's data, SAP designed a three-step process for e-business security to encompass registration, authentication and authorization.

The first step in SAP security is to define a security policy, according to Sachar Paulus, an SAP director of product management. A company needs to define goals and decide which data will be kept private at the management level, as well as at the IT level.

Next, the company needs to implement the processes for security. SAP provides a set of standard processes, sufficient for 80% of transactions, he said. These processes cover user management, which is typically the most expensive due to the different rules that need to be implemented.

The third step is applying the security technology, such as a single sign-on. SAP supports security markup language, digital signatures, Public-Key Cryptography Standards (PKCS) standards and x.509 standard certificates, according to Paulus.

"We provide interfaces for all of this ... so customers don't need to buy additional software if they don't have specific needs," he said.

The security for mySAP is basic security out of the box, said Lance Travis, service director at Boston-based AMR Research. "It's middle-of-the-pack, comparable to everyone else that has an Internet application," he said.

For customers needing higher levels of security, SAP has partnerships with Entrust, RSA, VeriSign, Computer Associates International and Safelayer, among others, Paulus said.

SAP could be better at providing more support for security and being more aggressive with its security partnerships, Travis said.

Overall, though, security for mySAP is as tight as anybody else's, and companies don't need to worry about their data, said Travis. "What they provide native is what 60% of the people in the world are comfortable with,'' he said. "For those who are either more security conscious or have more stringent requirements, third parties get (those companies) the things they need."


searchSAP's Featured Topic links on securing SAP


Dig Deeper on SAP security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.