Background

This is a companion piece to our other post on TikTok and potential security concerns with SAP. The geopolitical background issues are the same. China has a history of corporate and other espionage and a history of inserting its interests into the affairs of corporate entities, even technically private ones, at home. It is also the world’s most developed surveillance state, and recently, it and the United States have been increasingly at odds on a variety of issues.

Unlike TikTok, Zoom is not headquartered in China. Its owner, Eric Yuan is originally from China, but moved to the United States in 1997.

The Rise of Zoom

As most people now know, Zoom has been one of the greatest beneficiaries of CoVid lockdowns, seeing an almost twentyfold rise in usage over the past year. People isolating to slow the spread of ‘the virus’ have flocked to the platform for social and work purposes. The subsequent discovery by many workers (and some businesses) that much of what they do doesn’t depend on their being on-site has contributed to its continued expansion. Lots of educational institutions and social services and primary medical services have adapted to employ video as well.

The ease with which Zoom can be accessed and its full but intuitive feature set have spurred its widespread adoption, but that same broad suite of functionalities and ease of access have made it a broad target for hackers and other online bad actors.

The Problematic History

There have been a series of security issues with Zoom that are, perhaps, not surprising given the nature of the platform. Early on, many people using the platform were declining to use the password option, which gave an opening to bombers and grifters to bust in to meetings and wreak havoc. In one infamous example, a major university’s graduation, held online because of CoVid, was interrupted with racial invectives. The platform has been used for information scraping, malware injection, password stealing, and just about anything else a hacker might want to do. At one point, Zoom partnered with a Chinese firm to generate cryptographic keys, which threw up warning signs among politicians and security experts. Additionally, Zoom agreed to de-platform several well-known Chinese dissidents at the request of the Chinese Communist Party (CCP).

The list of exploits and possible vulnerabilities is very long, and you can read about them in depth in this excellent compilation at Tom’s Guide. The most problematic thing about Zoom, though, has been its lack of candor at times, for instance claiming to have inaugurated end-to-end encryption when it hadn’t done so. In response to various criticisms, Zoom has taken steps to mitigate its vulnerabilities, but very few of these steps seem, from an outside perspective, to have been taken proactively. A variety of alternatives to Zoom are available. If you share sensitive information on such a platform, you might be better off to look elsewhere until Zoom has established a more robust security track record, and this is probably more likely to be true of businesses that employ SAP services than those that do not. Zoom’s vulnerabilities make it not just problematic in view of the Chinese, but also corporate espionage, sabotage, and sundry black-hat exploits. As with TikTok, your vulnerability profile will depend entirely on the potential value of the information that you share to those who shouldn’t have it.

Geo-Political Background

Recently, the Trump administration has kicked around the possibility of banning the use of TikTok in the United States. This comes against a backdrop of increasing tensions between the United States and China due to China’s emergence as a military and economic rival superpower, and exacerbated by what some in the West view as China’s military and economic expansionism against a backdrop of long-time institutional infiltration, technological and other espionage, and unfair trade practices. Recently, relations have been further strained by internal Chinese crackdowns on civil dissent, reneging on the conditions of its treaty with Great Britain regarding the status of Hong Kong, and what some (though not all) view as blame for not having blown the whistle earlier about CoVid-19, which has had devastating health, social, and economic consequences around the globe.

India, which has recently clashed with China above the disputed Galwan Valley between China and Indian-administered Kashmir, has banned the popular short-form video plus sound application. There have been rumors, though denied, that Australia and the Philippines might also follow suit. Both of those nations have been alarmed by Chinese expansionism in the South China Sea.

Does TikTok Pose a Danger?

Does the application pose a danger? It’s hard to say. Like most such applications, new versions often are filled with security issues that need to be patched, and TikTok does a comparatively decent job of doing so. The company that owns TiKTok, ByteDance, is headquartered in China, but not ‘owned’ by the government per se. ByteDance swears up and down that it would never convey any user information to the Chinese government, but the rights and responsibilities of ‘private’ corporations in China vis-a-vis the government are more . . . negotiable, let us say, there than they are in the West.

At present, there’s no reason to believe that TikTok collects any more information than other ‘free’ social media applications, such as Facebook and Twitter, which monetize metadata from their users to target ads and such, but following revelations of what Cambridge Analytica was able to infer from access to Facebook’s information during the 2016 election, there is some concern about how China might use such information for similar purposes (or worse) such as: wargaming, propaganda/disinformation and election meddling. We have already seen that they take a very aggressive line against their own citizens at home and abroad who use online platforms to criticize the government, and like the Russians they seem to be cultivating their own troll farms.

With Regard to SAP Users . . .

The problem here is that many SAP users are companies whose information is not only valuable to themselves, but potentially also to others. One of the things that TikTok was criticized for was maintaining access to clipboard information. They were criticized, when found not to have fixed the problem. They excused the delay by saying that there was a conflict with the spam filter. Theoretically, a government with access to such information might leverage it either through simple data mining or blackmail. A surveillance state such as China might exploit or introduce backdoor methods of accessing data on devices with the TikTok application, as they are said to have done with Huawei, their 5G cellphone network.

So there is no clear-cut answer on whether to prevent employees from using TikTok on devices that also might be used for work purposes. As a precaution, and partly because of the conflict, India has banned certain Chinese apps (including TikTok). The State Department would like Microsoft or some other US-based company to buy it. They have given a deadline before it is banned. For the moment, we advise caution.

Just as important as any products you make or any services you deliver, your data is a byproduct of your business activities. Without precise inventory, accurate customer information, impeccable accounting, and other data driven information, you would be hard pressed to compete in today’s marketplace. So when you need to upgrade your systems, data migration must be done properly as well. Stated simply, data migration is the process of transferring data between computer storage types or file formats. You might need to transfer data from hardware to cloud-based systems; or from a non-SAP system to an SAP system; or upgrade from an older SAP format to the newest SAP HANA. In any event, data migration must be handled carefully. Be sure to call the experts at 1st Basis to deal with any data migration you might need.

Different Organizations, Different Needs

1st Basis understands that each company is unique and is committed to working with you to determine what kind of data migration best meets your needs. For instance, S/4HANA helps a business reduce its IT costs by streamlining its SAP landscape. Your business may prioritize financial data migration as essential to speed up your drive towards S/4HANA in a profitable way, then have other (legacy) data moved as well. 1st Basis will help you perform data evaluation in your current framework in order to plan the best way to move, maintain, and utilize data. With sound planning, your company can minimize risk, keep administrative consistency, and increase your return on investment.

Essential Considerations for Data Migration:

• Define the standards for the data quality, data mapping, and data conversion.

• Involve key data stakeholders throughout the data migration project.

• Use the appropriate tool to mechanize the execution of mapping of data, data transformation, and data quality responsibilities.

• Focus on 4 factors: comprehensiveness, consistency, compliance, and conformity.

• Meet the clear data standards and guidelines during the time of data entry in the system.

• Set up monitoring and reporting and establish action plan for data remediation.

Tools – Business Object Data Services (BODS)

BODS system is a tool used to extract, transform, and load data from one system (source) to another (target). It can be used with disparate systems and is tightly integrated into SAP, so it can acquire data from a variety of source systems, change it into readable data for SAP, and upload it into your SAP system. You are able to read business data at application level with BODS, and it has effective debugging and monitoring as well.

Tools – Batch Data Conversion (BDC)

With this kind of data migration, data is transferred using the batch input program. You can do it using a call transaction method or a session method. It helps to transfer a large amount of data entries related to the data entries from a legacy system to an SAP system. Only the data related to a single transaction is transferred initially with the help of a correct data format map. It automatically moves all the outstanding data entries that run in various lines using the same data format. This entire process happens in the background and the data are transferred one by one, just like they would be by hand (only a lot faster, of course).

Tools – SAP S/4HANA Migration Cockpit

This is a new migration data tool that uses preconfigured migration content. It is designed for SAP S/4HANA and was initially obtainable for cloud release only. There is now an on-premise version. This tool is made for improvements and modifications of already defined migration objects. It provides such capabilities as:

• Pre-configured content and mapping for each migration object, e.g. G/L open items.

• Predefined templates (Microsoft Excel XML files) for each object.

• Automated mapping between template and target structure.

• Migration programs are automatically generated – no programming required by the customer.

• Available for private and public cloud or on-premise.

 

These are the basic tools needed for successful data migration. There is also a Legacy System Migration Workbench (LSMW) system designed to take data from non-SAP systems to SAP R/3 systems. Contact us today to find out more.

All About Service Level Agreements

SLA stands for Service Level Agreement and it defines the parameters of service and behavior between the provider and the customer. As more and more businesses turn to SAP solutions and SAP utilizes Cloud technologies more and more, the various SLAs gain importance. You chose SAP because you wanted to concentrate on your actual business, not all the systems around it. SAP can integrate your business functions, from customer databases to financial analysis, and it’s crucial that it continues to deliver. It is inevitable that problems occur, and when they do, the SLA that you have will determine how your issue is managed.

SLAs: Good for Provider and Client

Anytime something goes wrong, it interrupts your business in some way. It may seem to you that you are always having issues. A good SLA delineates expected performance levels, initial response times, and resolution times, as well as disaster recovery processes. That means that you will have a thorough understanding of what to expect from your Managed Service Provider (MSP). If there is a top priority fault in a system, the SLA specifies the time in which the MSP will respond, and the time within which the issue will be resolved. When deciding on a MSP, it’s crucial that you have a SLA that genuinely reflects your needs. 1st Basis develops our SLAs with our client’s input to do just that.

SLAs – Plural

You need to have a SLA for infrastructure, and one for each of the different applications that you have. While the infrastructure SLA is foundational, it won’t address an issue with a cloud-based application. Here at 1st Basis, we take the time to understand your business needs so that you have the technology you need, and the SLAs to match. 1st Basis makes sure that your requirements at every level correspond, and the various SLAs involved.

Elements of SLAs

SLAs should include metrics like Disaster Recovery and Incident Response Time, Recovery Point Objective, SAP Application Response Times, SAP Application Availability, and Infrastructure Availability. Because of the increasing emphasis on applications within SAP, you should also look for application-specific SLAs with guarantees written into the agreement. If your MSP only offers SLAs on infrastructure or Disaster Recovery, be cautious. 1st Basis, as an SAP partner with a cloud platform built for SAP HANA, provides an application SLA along with dedicated support, in addition to infrastructure and Hosting.

SLAs should include:

• Description of services

• Delineation of exemptions and exclusions

• Expectations of performance levels

• Process for disaster recovery

• Timetables for problem management (initial response and resolution)

• Implementation of service tracking and reporting

• Schedule for periodic review

Single MSP = Better Service

Having a single managed services provider allows the MSP to understand your business needs and streamlines your SLA process. It makes it easier to develop exactly what you need, and enforce it with a higher level of reliability. It’s difficult for you to be directed from one place to another and back again if there is only one MSP. At 1st Basis, we are committed to providing our clients with appropriate products and exceptional service with our outstanding application, hosting and infrastructure support. Contact us today to learn more.

Remember when you were a small child and the sandbox could become a battleground, or a bakery, or just a place to bury your toes? You could do anything there, use your imagination to create monsters or mountains. And, once you were tired of that particular game, you could flatten out the sand and start all over with building an entirely different kingdom.

 

The SAP Sandbox System is similar in that it provides you with a space to experiment with any kind of data or scenario you want. In the SAP Landscape, there are three divisions: Development, Quality, and Production. SAP Sandboxes are part of the development section. It’s the best venue for exploring your imagination through trial and error without and real-world consequences. Because it’s isolated from other systems, data, or clients, it allows for complete freedom without fear. Basically, it’s a playground for consultants.

 

Uses

The SAP Sandbox System can be used for any exploration, really. Think of it like scrap paper that you can scribble code on, or sketch out a sample configuration application on. Then work through whether or not it functions the way you think it should. Your company might use SAP Sandboxes for research and development, for testing different distribution systems, or for recalibrating client databases. It can really answer any need (almost like Hogwart’s Room of Requirement). Generally, it is used for testing before implementation of any changes or enhancements. Obviously, it is crucial for good business practice to anticipate all possible implications of a new development, an SAP Sandbox lets you do just that.

 

Reminders

Just as someone’s greatest strength is also their greatest weakness, SAP Sandbox System’s isolation from all other systems and applications can make things difficult. Whatever configurations or developments are done in Sandbox cannot be transported out of it easily. It doesn’t affect other servers or clients, which is absolutely wonderful, until you want it to affect other servers or clients. So whatever discoveries or enhancements you come to appreciate in a Sandbox will need to be manually recreated in the environment that you intend them for (or manually exported and imported).

 

Access

There are various ways you can access an SAP Sandbox System, depending on the type of system or access type you are seeking. The best way to go about determining your point of access is to clarify what your system really needs. For instance, you may require a system for SAP BW, SAP ECC or an SAP Solution Manager System. If in doubt, check with the experts at 1st Basis who can make sure that your SAP Sandbox System is the one you need to quickly and easily deploy and explore the value and benefits of using SAP to their fullest.

 

An SAP Sandbox System can allow your SAP System consultants to really optimize the landscape for your business needs. With the freedom to explore how different scenarios play out, how different components interact, or how databases respond to various factors, SAP Sandbox can provide you with information that gives you the edge on your competition. 1st Basis can install and host an SAP Sandbox system for you for the period of time you need it. No long-term contracts and not high-priced hosting fees.

 

IDES stands for “Internet Demonstration and Evaluation System” and in the SAP R/3 world it represents a model company. Using IDES, you can do training that will increase your knowledge and competence with SAP. In the newer S/4HANA IDES System, SAP offers Model Companies that offer the same training advantages, and also gives you the option to use them as templates to accelerate implementation and development. This blogpost examines SAP IDES and Model Companies and how they can help your business maximize SAP systems.

 

SAP IDES – What Is It

SAP IDES is a theoretical company running SAP, an international organization with subsidiaries throughout the world. It demonstrates how real-world business processes and scenarios would play out. It includes application data for a number of different possibilities, all of which can be run in the SAP system. IDES is designed for the amateur; it will walk you through different scenarios, showing you how the SAP R/3 System works and how it enhances your best practices. Basically, it is an educational system for SAP users who want to become more proficient and use the SAP R/3 System to its fullest. Many of the demonstrations and exercises used by SAP for the R/3 System training program are based on IDES data. IDES is the perfect complement to the SAP training program.

 

SAP IDES – What It Covers

IDES includes logistics, finances and accounting, as well as human resources. It can develop your skills in product cost planning, overhead management, profitability analysis, and planning. It can show you how best to deploy your sales and distribution resources, materials management, and production efficiency. It shows how the R/3 System is able to support a variety of industries, from boutique single-item production to engineering-to-order to repetitive manufacturing. IDES is not based around a particular kind of company though; it is the processes and practice-oriented data that are common to them all. The IDES group manufactures products as diverse as escalators, automobiles, and concrete.

 

SAP IDES – Subgroups by Geography

IDES has four subgroups based on geography; European, Asian, Latin American, and North American. There are two IDES model companies in the North American sector. Each of these model companies has its own clearly defined business objectives and is organized according to local business practices and legal requirements. Accounting and human resources for each individual company have been adapted to meet the particular business objectives. The American companies produce goods, carry out purchases, and engage in sales activities. They have also been set up to use flexible, standard, costing. The data and built-in best practices incorporate various U.S. legal requirements as well.

 

Model Companies

Since SAP S/4HANA, SAP has offered Model Companies, taking the IDES package a bit further. These Model Companies give the client pre-packaged, ready-to-use end to end solutions. The Model Company combines best practices with those solutions and includes data packages that deliver relevant outcomes. These Model Companies do more than offer training opportunities; they offer real-world applications. The include versions covering 17 industries and 12 Lines of Business (LoBs). They are available as ready-to-run and as assemble-to-order. You can also decide on pre-packaged applications, configurations, and sample data. All of this means accelerated implementation, and therefore increased efficiency and productivity.

 

SAP IDES gives you the chance to really exploit the capabilities of your SAP system. With the Model Companies, you can even have a template to bring your organization into the digitized, integrated future – which is now. 1st Basis offers hosting and support of IDES system at a lower cost than the cloud.

Most people hear the word “audit” and begin to tense up. That’s probably because it is typically used in the context of an IRS audit, and nobody wants that. However, an audit is simply an objective examination and evaluation, usually of financial records, and in this context, including systems, applications, and products as well. When you use an SAP landscape, you have the finest business architecture around. It only makes sense to make sure that it is performing at optimal levels. With good SAP Auditing, you will have no worries about governance, risk, or compliance (GRC).

SAP Governance Auditing

Enterprise Resource Planning systems (ERPs) are integrated programs that maintain all of a company’s transactions in a single database. They are key components of your SAP landscape whether you have SAP HANA or any other type. With your SAP landscape reflecting your particular business model, the roles and responsibilities of every agent in the organization is clear. SAP Audits can assess risks to the critical business data that is accessed by multiple users across the company. Inaccurate, invalid, or fraudulent data entered at one point can affect the accuracy of data across the system. Ideally, integration with SAP Risk Management and SAP Process Control will make the SAP Auditing process seamless. You will be able to gain precise insights and real-time analysis of potential problems.

Risk Auditing

Security audits are procedures that let an auditor trace a single transaction as it interacts across a range of connected applications. SAP internal security audit systems can automatically detect transactions that violate security protection protocols. SAP managers and internal auditors use security audits to search for fraudulent transactions, discover control system failures, and access violations. Other security concerns that auditors search for are unauthorized customer profile changes and unauthorized changes to master data files. SAP Auditing streamlines these processes with automated checks and mobile capabilities. That means the ability to assess risks at high speeds and clarify problematic situations keeps your business running smoothly.

Compliance Auditing

Companies have a duty to adhere to all state and federal regulations for their particular industry as well as to protect clients’ private information. SAP Auditing keeps them current with regulations and evaluates whether a business is complying with state and federal rules governing the privacy of information in the company’s control. Businesses that operate internationally are required to comply with any applicable international business and privacy regulations as well. With SAP Auditing, companies can be confident that their SAP systems protect the privacy of consumer information, employee information, and proprietary business information. SAP Auditing means that you have the internal controls demanded by the Sarbanes-Oxley Act (SOX) too.

SAP Auditing keeps your company running smoothly and safely. It chooses high-value issues for further investigation. It empowers your internal auditors to conduct timely risk assessments, and it automates and accelerates the auditing process. With SAP Auditing, you have a simpler approach to creating, tracking, and managing audit issues. It also speeds up the resolution of those issues. Unlike an IRS audit, SAP Auditing allows you to relax, knowing that your SAP landscape is being monitored and objectively assessed.

SAP Security is like an extraordinarily complex, multi-person juggling act. You may have seen performances where a couple people juggle several balls, throwing them between each other, while always keeping them in the air. Imagine if that were expanded to include every person in your business and all those balls represented every one of your customers, every item in your inventory, and, all of your financial information. With SAP Security in place, every person in your organization has access to the data needed to do their jobs, while restricting access to other areas. That means that there is limited possibility of accidentally damaging or deliberately misusing vital information. This post explores SAP Security, how it mitigates risk, best practices, and more.

Mitigating Risk

SAP Security works by analyzing the different kinds of information your company uses and the people who have access to them, and then building appropriate protections around them. In order to mitigate your risks, you need to establish a baseline. Review who has access to the company’s most sensitive information; what titles do they hold? Then examine your company’s standard operating procedure to determine where protections are most needed. This is where you create a Segregation of Duties (SoD) analysis. It’s also key to think about scenarios outside the norm and plan for those as well. It’s best to include SAP Security in the planning stage; it’s possible to do it after your SAP system is up and running, but security should be integrated from the start. Finally, SAP Security maintains its integrity by performing regular system-wide assessments which should also be included and planned for.

Best Practices – General

There are some basic best practices that should be employed with every SAP Security system, and some that apply to the different kinds of SAP systems and modules. With every SAP system, Admins create a standard role for a position (or title) and that can be assigned to anyone who fills it. For instance, your company may have account managers who deal with specific clients. There would be “keys” available for all account managers, and then more specific “keys” for each manager’s clients. That way, every account manager can access all the information necessary for their clients, but not for another account manager’s clients.

Best Practices – SAP HANA

SAP HANA security requires some adaptations from the standard SAP security system. Best practice here means that SAP HANA Security operates on a least access rights paradigm that diminishes the potential damage an employee could cause with access to more information. SAP HANA permissions work with different implementations than general SAP permissions, and it also handles objects differently, so it’s important to have someone with expertise in SAP HANA Security. If that is not part of your corporate structure, contracting with the professionals at 1st Basis is a wise choice.

Best Practices – SAP Fiori

Again, implementation of SAP Fiori varies from other SAP systems, and the most important best practice action you can take is to ensure that you are working with someone with a comprehensive understanding of SAP Fiori. There are 9 main security best practices that should be followed when using SAP Fiori. Most businesses are taken up with the actual work of the company, not the SAP system or its security. Employing the experts at 1st Basis is best practice.

 

When working correctly, SAP Security should be invisible, allowing each member of the company to access the needed information at the appropriate time so that productivity remains high. It’s a juggling act where the balls are always in the air or in the right person’s hands, never breaking the rhythm of the movement, never concealed in a juggler’s pocket, and never on the floor.

What Is SAP ABAP?

ABAP (Advanced Business Application Programming) is the primary programming languages in which many of SAP’s applications are written. ABAP began life as a purely procedural language and has subsequently incorporated object-oriented features. ABAP programs are run on SAP’s Netweaver ABAP application server, the only publicly available ABAP runtime environment. In most organizations, ABAP experts are programmers and developers.

What is SAP Basis?

SAP Basis is the SAP version of system administration. SAP Basis administrators are responsible for making sure that the SAP application server and applications are installed and configured properly; they also maintain the whole landscape and its smooth operation. SAP Basis is the technical foundation that enables all SAP applications to function smoothly. It consists of programs and tools that support the interactions of multiple systems and the portability of SAP applications across systems and databases.

What’s the Difference?

SAP Basis is the core technical components of the SAP System. It has to do with the SAP Netweaver/ABAP Application Server monitoring and Administration. It includes installing SAP Systems, setting up Servers/Server Instances, creating System Users Management, Memory Management, and Underlying Database Management. SAP ABAP is used to produce Business Applications. SAP Applications are developed by SAP and enhanced by partners or customers using ABAP. That means that the professionals at 1st Basis can take an SAP Application and tweak it for your specific business needs using ABAP. One of our SAP ABAP Programmer/Developers will provide exactly what you want.

No Conflict

SAP Basis and SAP ABAP are not in conflict. Instead, they complement each other. You could think of SAP Basis as a conduit between ABAP and the computer operating system. When SAP created Basis in order to shift the system out of a mainframe, it enabled ABAP code to run on other platforms too. ABAP programs cannot run directly on an operating system (like Windows). They require the set of programs known as SAP Basis to load and interpret their input and output (“All SAP system data are stored in the database. This includes the application data—such as Pos, invoices, and so on—generated by daily transactions, as well as the system settings—customizing—and the source code of programs” — SAP Administration: Practical Guide, p. 36 Galileo Press, 2011)..

An Analogy

You can think of SAP Basis and ABAP like Windows and Windows programs. When you install Windows on your computer, it creates a directory structure with program files, windows, etc. Then, you can download any Windows program that you want to run. SAP Basis and ABAP do a similar thing on a much greater scale. SAP Basis creates the architecture of the entire systems landscape. Once you have it, you can choose to employ any ABAP enhancement that suits your business needs.

Expert Advice

The professionals at 1st Basis understand the inter-relationship between SAP Basis and SAP ABAP fully. We can help you to optimize your SAP system with whatever enhancements would work best for your business. We are happy to work with you to get the best performance out of your business software so you can concentrate on your business.

“An SAP system administrator ensures that the Basis components of every SAP system and their functions are working correctly during live operation.”
SAP Administration: Practical Guide, p. 17 Galileo Press, 2011.

SAP Basis

SAP Basis is landscape administration for all SAP environments. It is designed to keep all of the different systems in the landscape working at optimum efficiency— all the time. SAP Basis installs and configures all SAP systems and components, backs up and restores data, troubleshoots issues, and manages batch jobs. In addition, SAP Basis configures SAP’s transportation management system (TMS). Generally, it does everything from installing and configuring printers and other devices to running and managing the entire SAP ERP foundation.

SAP Security

SAP Security is user administration in SAP for all the modules and work areas. SAP Security governs what data and processes users can access inside an SAP landscape. It negotiates all the tools, processes, and controls that exist to restrict access to various places within the SAP landscape so that a user has precisely the information needed to do their job, no more and no less. SAP Security analyzes and anticipates what access is needed and disallows viewing or altering other data. By designating access via a role or a position rather than a person, it accommodates easier flow of information while maintaining security.

History – SOX

The functions of SAP Basis and SAP Security used to be combined into one role. However, in the early 2000s, they became decoupled. It became more and more apparent that a unique system was needed to focus exclusively on internal security. On July 30, 2002, a federal law called Sarbanes-Oxley (SOX) was enacted that made companies responsible for the information they reported. The most controversial element of this act was Section 404 that required management and external auditors to report on the adequacy of a company’s internal control over financial reporting.

History – Segregation of Duties

SAP stores and processes all kinds of data, including financial data, and segregation of duties (SoD) are crucial when dealing with different job positions and responsibilities within a company. SoD means that the set of roles/responsibilities should be assigned in such a way that no one individual should have end-to-end access rights over any function. An employee should not have responsibility for more than one of these three transactions components: authorizing transactions (approval), recording transactions (accounting), and handling the related asset (custody).

SAP Basis and SAP Security Now

Before 2006, SAP Security was a synonym for SOX and SoD, even though it was only a small part of SAP Security. Since then, SAP Security has developed into a complex and ever evolving system to guarantee the integrity of all the data within the SAP landscape. SAP Security can grant full access to particular sets of data to users without allowing them to view others. Alternatively, it can allow them full access to some sets of data, altering ability to other sets of data, and denying access to still other sets of data, and every combination thereof. SAP Security not only makes certain that your business is complying with all federal laws and regulations, it sets up the framework for your employees doing their jobs using the soundest business practices.

Just imagine SAP Basis as the President and his cabinet dealing with the large-scale issues facing the country. SAP Security works more like the Department of Homeland Security and the police forces throughout the country. They make sure we are all safe and can go about our day-to-day lives without fear.