Services for Security Lifecycle Management

The following services are available from Active Global Support to assist you in maintaining security in your SAP systems on an ongoing basis.

Security Chapter in the EarlyWatch Alert (EWA) Report

This service regularly monitors the Security chapter in the EarlyWatch Alert report of your system. It provides the following information:

  • Whether SAP Security Notes have been identified as missing on your system

    Analyze and implement the identified SAP Notes if possible. If you cannot implement the SAP Notes, the report should be able to help you decide on how to handle the individual cases.

  • Whether an accumulation of critical SAP NetWeaver authorizations has been identified

    Verify whether the accumulation of critical SAP NetWeaver authorizations is OK for your system. If not, correct the situation. If you consider the situation OK, check for any significant changes compared to previous EWA reports.

  • Whether standard users with default passwords have been identified on your system

    Change the corresponding passwords to nondefault values.

Security Optimization Service (SOS)

Use the Security Optimization Service for a more thorough security analysis of your system, including the following:

  • Critical authorizations in detail
  • Security-relevant configuration parameters
  • Critical users
  • Missing security patches

This service is available as a self-service within SAP Solution Manager, as a remote service, or as an on-site service.

Security Configuration Validation

Use Security Configuration Validation to monitor a system landscape continuously for compliance with predefined settings, for example, from your company-specific SAP security policy. This service primarily covers configuration parameters, but it also covers critical security properties like the existence of a nontrivial Gateway configuration or making sure that standard users do not have default passwords.

Security in the Run SAP Methodology / Secure Operations Standard

With the E2E Solution Operations Standard Security service, a best-practice recommendation is available on how to operate SAP systems and landscapes in a secure manner. It guides you through the most important security operation areas and links to detailed security information from SAP's knowledge base wherever appropriate.

Related Information