Switchable Authorization Checks is a solution provided by SAP that allows developers to deliver authorization changes in an SAP system without disrupting the productive systems. This solution allows system administrators to decide how and when new authorizations are applied in the system. It is managed through transaction SACF (Switchable Authorization Checks Framework) which supports administrators to identify users requiring additional authorizations due to the new check. Authorization checks can be activated after completing the required changes to user roles. We will explain step by step how to perform a complete implementation of a switchable scenario, since installing a Switchable Authorization Checks note activates the scenario and its objects.
SAP SuccessFactors contains some of an organization’s most sensitive and regulated data, including employee PII and bank account details to support payroll. Protecting this data – ensuring only authorized users can access and modify it, minimizing risk of breach – is essential for avoiding fraud and costly compliance violations.
Protect business processes from the core to today’s new cloud edge
Connecting a Complex Mix of Application Environments
The mission-critical applications that run your business-supply chain management (SCM), human capital management (HCM), enterprise resource planning (ERP), customer relationship management (CRM), business intelligence (BI) and other systems-have shifted from running solely within a controlled, self-managed environment to a complex and interconnected mix of on-premises, infrastructure as a service (laaS), platform as a service (PaaS) environments and software as a service (SaaS) offerings.
At the same time, digital transformation, including cloud, DevOps, artificial intelligence, robotic process automation and other initiatives, introduces new software and capabilities in the most agile, fast and cost-effective way possible, with security often being an afterthought. As a result, constant change from continuous integration and continuous deployment can introduce errors, overly privileged user access and vulnerabilities that put the business at risk. While cloud computing and interconnectivity bring operational benefits, such as agility, cost savings and efficiencies, they also create new challenges. IT, cybersecurity and risk professionals must overcome these challenges to protect the enterprise against internal and external threats, ensure compliance with regulatory requirements and optimize availability. Without a complete view across on-premises, laaS, PaaS and SaaS environments, it’s impossible to understand your company’s true application security risk or accurately identify and address the most severe gaps, vulnerabilities and threats.
Protecting Business Processes from the Core to Today’s New Cloud Edge
Onapsis is purpose-built to protect organizations from cyber threats, streamline regulatory compliance and improve availability and performance of mission-critical applications from SAP, Oracle, Salesforce and others across cloud, hybrid and on- premises deployments. You will get a complete view into your most important applications and how they connect to one another, no matter where the applications are running-without multiple tools and additional expertise. Onapsis simplifies interconnected systems and uncovers risk introduced by connecting applications to help you protect the intelligent enterprise, while ensuring compliance and enhancing performance and availability.
With The Onapsis Platform, you can:
Reduce the security and compliance risk of extended business processes
Enforce security and compliance baselines
Monitor application security, user activity and threats in production
Accelerate and ease cloud adoption
Trust, but verify, security of cloud applications
Uncovering Risks in Interconnected Applications
As business processes get extended into the cloud, it becomes increasingly difficult for IT, cybersecurity, development and audit and compliance teams to understand which applications and services support critical business processes, how they interconnect with each other and how changes impact compliance, security and performance over time.
Onapsis can help teams answer these and other questions about their extended business processes:
Are interconnected processes compliant with relevant regulations and standards?
Do connected SaaS applications follow best practices for configuration?
Are users assigned too many privileges, violating Segregation of Duties requirements?
Is there misuse of privilege?
Delivering Context into the Entire Application Environment
With The Onapsis Platform, your company gains application- and business-level context to the entire application environment, with a 360-degree view of cyber risk across your critical applications, both on-premises and in the cloud. Designed for cross-functional collaboration among IT, cybersecurity, development and audit and compliance teams, The Onapsis Platform gives you:
Complete protection of mission-critical applications
A holistic view into applications on-premises, in the cloud, in a managed service or in a SaaS model
Expertise and experience to help you understand how mission-critical applications can be exploited
Security, continuous compliance and the ability to ensure performance and availability
Onapsis Delivers Proven Results
Companies using Onapsis have experienced:
80% reduction in the cost of security testing associated with application modernization
50% acceleration of cloud migration and digital transformation projects
90% automation of manual audit reporting tasks
Protect the Core and Cloud Edge with The Onapsis Platform
Onapsis delivers the actionable insight, secure change, automated governance and continuous monitoring capabilities required by cross-functional teams to optimize workflows and automate manual tasks. Your teams will embrace and accelerate application modernization, cloud and mobility initiatives while keeping your company’s most vital systems and data protected and compliant.
The Onapsis Platform is powered by the Onapsis Research Labs, our dedicated security research team responsible for the discovery and mitigation of more than 800 vulnerabilities in mission-critical applications. The reach of our threat research and platform is broadened through leading consulting and audit firms such as Accenture, Deloitte, IBM, PwC and Verizon-making Onapsis solutions the de-facto standard in helping organizations protect their cloud, hybrid and on- premises mission-critical information and processes.
Industry: Manufacturing, Chemicals Company Size: 100k+ employees >60B revenue
Challenge
Costly, unexpected project delays due to manual code reviews and lack of transport visibility
A global chemical company relies on SAP for their business critical applications and leverages custom code development to support their organization. However, the organization struggled to keep up their development cycles at a pace that aligned with the speed of their business. A manual code review process with no way to check transports for errors, led to long, error prone, development cycles for SAP applications. Additionally, it was difficult to implement changes without impacting existing system performance, or introducing security or compliance issues. This resulted not only in missed project deadlines but also unexpected costs, due to remediation efforts and rework when errors in code were brought into production.
“Onapsis helps us address two of the biggest trouble areas in our change management processes—custom code and transports. A third-party solution for analyzing these that integrates into SAP ChaRM allows us to get things right the first time and avoid costly rework and manual analyses.”
Security Architecture Manager, Global Chemical Company
Solution
Onapsis Control automates code scans, checks transports, and reduces development cost and time
The company found the ideal solution in Onapsis Control. They were able to eliminate their manual code review processes and automatically scan hundreds of lines of codes in minutes for errors. Onapsis Control’s detailed explanations and step-by-step remediation guidance shortened their time to resolution and accelerated their development cycle. Deep visibility into their transport errors prior to production enabled the resolution of problematic transports prior to import. This eliminated the need to remediate production errors and also enabled projects to be delivered on time and within budget. The company was able to use Onapsis Control’s ability to check code and transports for quality issues that can negatively impact system performance, compliance, and security. They were also able to ensure that system changes enabled by transports did not impact system performance,. Because they received timely, critical threat intelligence from the Onapsis Research Labs, the company had confidence they could stay ahead of the latest potential threats to their SAP landscape.
“With Onapsis, we can be more confident that the changes we’re making aren’t going to cause disruptions or performance issues while addressing security and compliance at the same time. It’s a win for everyone.”
Security Architecture Manager, Global Chemical Company
Results
25% less time spent on code reviews
65% less costs on remediation activities
75% reduction in security and quality errors imported into production
Implementing Onapsis Control has enabled the company to incorporate security earlier into their application development cycle, thereby reducing costly errors in production that affect manufacturing and delivery processes. Deep scanning of transports ensures that configuration or authorization changes that violate company policy or manufacturing process guidelines are blocked and, ultimately, rewritten prior to being deployed in the production environment.
This resulted in a 75% reduction in the number of security and quality errors imported into production. As a result, their development process is more secure and efficient, and they have eliminated time-consuming rework and costly system disruption or downtime. The development team also replaced their time-consuming manual code review process with the automatic code scans of Onapsis Control, reducing their code review cycle time by 25%.
Hear from James Carrigan at Verizon why they decided to partner with us to help their customers secure their mission-critical applications and add value to their offerings.
Rex Thexton of Accenture discusses why onapsis is an important part of keeping your mission-critical applications secure and compliant, especially when moving to the cloud.
Highlighted in a recent IDC survey of 430 IT decision makers, 64% of organizations have experienced a breach of their ERP systems, either SAP or Oracle E-Business Suite. Why?
Attackers are specifically targeting the crown jewels of the organization, supported by their ERP systems
More ERP systems are exposed to the internet than ever before
Traditional perimeter-focused security approaches are not effective at protecting business-critical applications
Software vulnerabilities, if left unpatched, create risk and opportunities for attackers
With this in mind, the Onapsis Research Labs works very closely with both SAP and Oracle to help identify and fix vulnerabilities. When we find a vulnerability, it is our mission to help keep organizations protected. We provide a solution, The Onapsis Platform, and best practices and advice.
Dating back to 2019, SAP has issued three HotNews Security Notes for Solution Manager (SolMan). The most recent in March 2020 addresses a critical vulnerability. An exploit of this vulnerability can be unauthenticated, needing no user credentials, leading to access of any SAP system to potentially cause fraud, theft and disruption.
As a result, the Onapsis Research Labs, who found this SolMan vulnerability, has issued an updated SAP Security In-Depth (SSID) report providing best practices for preventing cyberattacks against SAP SolMan. We highly encourage you to apply this latest SAP patch and also follow our guide for keeping SolMan and your SAP landscape secure.
For more information, check out our blog post analysis of the March 2020 SAP Patch Day
