Switchable Authorization Checks is a solution provided by SAP that allows developers to deliver authorization changes in an SAP system without disrupting the productive systems. This solution allows system administrators to decide how and when new authorizations are applied in the system. It is managed through transaction SACF (Switchable Authorization Checks Framework) which supports administrators to identify users requiring additional authorizations due to the new check. Authorization checks can be activated after completing the required changes to user roles. We will explain step by step how to perform a complete implementation of a switchable scenario, since installing a Switchable Authorization Checks note activates the scenario and its objects.
SAP SuccessFactors contains some of an organization’s most sensitive and regulated data, including employee PII and bank account details to support payroll. Protecting this data – ensuring only authorized users can access and modify it, minimizing risk of breach – is essential for avoiding fraud and costly compliance violations.
Protect business processes from the core to today’s new cloud edge
Connecting a Complex Mix of Application Environments
The mission-critical applications that run your business-supply chain management (SCM), human capital management (HCM), enterprise resource planning (ERP), customer relationship management (CRM), business intelligence (BI) and other systems-have shifted from running solely within a controlled, self-managed environment to a complex and interconnected mix of on-premises, infrastructure as a service (laaS), platform as a service (PaaS) environments and software as a service (SaaS) offerings.
At the same time, digital transformation, including cloud, DevOps, artificial intelligence, robotic process automation and other initiatives, introduces new software and capabilities in the most agile, fast and cost-effective way possible, with security often being an afterthought. As a result, constant change from continuous integration and continuous deployment can introduce errors, overly privileged user access and vulnerabilities that put the business at risk. While cloud computing and interconnectivity bring operational benefits, such as agility, cost savings and efficiencies, they also create new challenges. IT, cybersecurity and risk professionals must overcome these challenges to protect the enterprise against internal and external threats, ensure compliance with regulatory requirements and optimize availability. Without a complete view across on-premises, laaS, PaaS and SaaS environments, it’s impossible to understand your company’s true application security risk or accurately identify and address the most severe gaps, vulnerabilities and threats.
Protecting Business Processes from the Core to Today’s New Cloud Edge
Onapsis is purpose-built to protect organizations from cyber threats, streamline regulatory compliance and improve availability and performance of mission-critical applications from SAP, Oracle, Salesforce and others across cloud, hybrid and on- premises deployments. You will get a complete view into your most important applications and how they connect to one another, no matter where the applications are running-without multiple tools and additional expertise. Onapsis simplifies interconnected systems and uncovers risk introduced by connecting applications to help you protect the intelligent enterprise, while ensuring compliance and enhancing performance and availability.
With The Onapsis Platform, you can:
Reduce the security and compliance risk of extended business processes
Enforce security and compliance baselines
Monitor application security, user activity and threats in production
Accelerate and ease cloud adoption
Trust, but verify, security of cloud applications
Uncovering Risks in Interconnected Applications
As business processes get extended into the cloud, it becomes increasingly difficult for IT, cybersecurity, development and audit and compliance teams to understand which applications and services support critical business processes, how they interconnect with each other and how changes impact compliance, security and performance over time.
Onapsis can help teams answer these and other questions about their extended business processes:
Are interconnected processes compliant with relevant regulations and standards?
Do connected SaaS applications follow best practices for configuration?
Are users assigned too many privileges, violating Segregation of Duties requirements?
Is there misuse of privilege?
Delivering Context into the Entire Application Environment
With The Onapsis Platform, your company gains application- and business-level context to the entire application environment, with a 360-degree view of cyber risk across your critical applications, both on-premises and in the cloud. Designed for cross-functional collaboration among IT, cybersecurity, development and audit and compliance teams, The Onapsis Platform gives you:
Complete protection of mission-critical applications
A holistic view into applications on-premises, in the cloud, in a managed service or in a SaaS model
Expertise and experience to help you understand how mission-critical applications can be exploited
Security, continuous compliance and the ability to ensure performance and availability
Onapsis Delivers Proven Results
Companies using Onapsis have experienced:
80% reduction in the cost of security testing associated with application modernization
50% acceleration of cloud migration and digital transformation projects
90% automation of manual audit reporting tasks
Protect the Core and Cloud Edge with The Onapsis Platform
Onapsis delivers the actionable insight, secure change, automated governance and continuous monitoring capabilities required by cross-functional teams to optimize workflows and automate manual tasks. Your teams will embrace and accelerate application modernization, cloud and mobility initiatives while keeping your company’s most vital systems and data protected and compliant.
The Onapsis Platform is powered by the Onapsis Research Labs, our dedicated security research team responsible for the discovery and mitigation of more than 800 vulnerabilities in mission-critical applications. The reach of our threat research and platform is broadened through leading consulting and audit firms such as Accenture, Deloitte, IBM, PwC and Verizon-making Onapsis solutions the de-facto standard in helping organizations protect their cloud, hybrid and on- premises mission-critical information and processes.
Industry: Manufacturing, Chemicals Company Size: 100k+ employees >60B revenue
Customer Profile
A global chemical company’s manual code review and change management processes were causing long, error-prone development cycles and costly rework, a common challenge for organizations managing SAP security in the chemical industry. By implementing Onapsis Control, the company automated its code and transport checks, enabling them to “get things right the first time” and accelerate their development lifecycle.
The Challenge: Costly Delays from Manual Development Processes
The company relied on custom code to support its business, but its change management process was a major bottleneck. A manual approach to reviewing code and transports led to significant challenges that impacted the speed and security of the business. Their primary pain points were:
Inability to Implement DevSecOps for SAP: A manual code review process was slow and error-prone, preventing the company from adopting a modern DevSecOps for SAP approach and keeping pace with business demands.
Costly Rework: Errors in code and transports were often only discovered after being moved into production, leading to expensive remediation efforts and system downtime.
Increased Risk: It was difficult to implement changes without introducing new performance, security, or compliance issues, creating unacceptable risk for their business-critical applications.
The Solution: Automating Code and Transport Security with Onapsis Control
The company found its ideal solution in Onapsis Control, which allowed them to automate and secure their entire change management process.
Automated Code Scanning
Onapsis Control replaced the time-consuming manual code review process. It automatically scanned hundreds of lines of code in minutes, providing detailed explanations and remediation guidance that shortened the time to resolution.
Deep Transport Inspection
The team gained deep visibility into transports before they were imported into production. This allowed them to identify and resolve problematic configuration or authorization changes that could violate company policy, impact system performance, or create new security and compliance vulnerabilities, backed by timely threat intelligence from the Onapsis Research Labs.
The Results: Faster, Safer, and More Cost-Effective Development
By embedding Onapsis Control into their development lifecycle, the company was able to shift security left, significantly reducing errors, costs, and project delays.
Results at a Glance:
75% Reduction in security and quality errors imported into production.
65% Less cost on remediation activities and rework.
25% Less time spent on manual code reviews.
“Onapsis helps us address two of the biggest trouble areas in our change management processes—custom code and transports. A third-party solution for analyzing these that integrates into SAP ChaRM allows us to get things right the first time and avoid costly rework and manual analyses.”
– Security Architecture Manager, Global Chemical Company
“With Onapsis, we can be more confident that the changes we’re making aren’t going to cause disruptions or performance issues while addressing security and compliance at the same time. It’s a win for everyone.”
– Security Architecture Manager, Global Chemical Company
A Blueprint for Secure SAP Development
This chemical company’s success provides a clear model for accelerating development while reducing risk. Their key to success was automating security checks for their code and transports. Key takeaways for your organization include:
Automate code reviews to find and fix errors early in the development lifecycle.
Inspect all transports before they move to production to prevent the import of risky changes.
Integrate security into your change management process to avoid costly rework and project delays.
Rex Thexton of Accenture discusses why onapsis is an important part of keeping your mission-critical applications secure and compliant, especially when moving to the cloud.
Hear from James Carrigan at Verizon why they decided to partner with us to help their customers secure their mission-critical applications and add value to their offerings.
Highlighted in a recent IDC survey of 430 IT decision makers, 64% of organizations have experienced a breach of their ERP systems, either SAP or Oracle E-Business Suite. Why?
Attackers are specifically targeting the crown jewels of the organization, supported by their ERP systems
More ERP systems are exposed to the internet than ever before
Traditional perimeter-focused security approaches are not effective at protecting business-critical applications
Software vulnerabilities, if left unpatched, create risk and opportunities for attackers
With this in mind, the Onapsis Research Labs works very closely with both SAP and Oracle to help identify and fix vulnerabilities. When we find a vulnerability, it is our mission to help keep organizations protected. We provide a solution, The Onapsis Platform, and best practices and advice.
Dating back to 2019, SAP has issued three HotNews Security Notes for Solution Manager (SolMan). The most recent in March 2020 addresses a critical vulnerability. An exploit of this vulnerability can be unauthenticated, needing no user credentials, leading to access of any SAP system to potentially cause fraud, theft and disruption.
As a result, the Onapsis Research Labs, who found this SolMan vulnerability, has issued an updated SAP Security In-Depth (SSID) report providing best practices for preventing cyberattacks against SAP SolMan. We highly encourage you to apply this latest SAP patch and also follow our guide for keeping SolMan and your SAP landscape secure.
For more information, check out our blog post analysis of the March 2020 SAP Patch Day
