Automation for SAP IT Teams | Expert Insights

How many users have access to sensitive data within your SAP systems?

Written by Rick Porter | April 4, 2023

As expected, the Latitude Finance announcement of the theft of 255,000 customer records was just the beginning. The most recent tally has this one as the largest data breach so far, with 14,000,000 customer records dating back to 2005. The data includes millions of driver’s licence records, thousands of passport details, and facial photographs.

How safe is sensitive data within SAP systems

Given the extent of recent data breaches, one can reasonably assume that no one's personal data is safe. It is unlikely that any service provider can be relied upon to keep data safe from bad actors.  But how safe is the data when often hundreds of users have unnecessary access to sensitive areas within the system?

The Medibank systems were accessed using stolen user credentials; therefore, minimising users’ access to sensitive data from within can protect unauthorised access from without.

SAP system user management

User credentials, such as usernames and passwords, are critical in preventing unauthorized access.

Effective management of user credentials helps to ensure that only authorized users have access to the system, reducing the risk of data breaches, fraud, and other security incidents that could have severe consequences for the organization.

User credential is half the story; user roles is the other half.

By ensuring the appropriate assignment of roles to each user, administrators ensure that users only have access to the data and functionality needed to perform their job duties, reducing the risk of data breaches, fraud, and other security incidents.

However, over time user credentials and roles can get out of hand. Third-party service providers come and go, developer and tester access needs change, systems and modules change, and business processes evolve.

Keeping up with user access and roles is difficult, and bringing both under control is a mammoth task, particularly for larger organisations with many thousands of users.

Fortunately, there is a solution.

SAP system user management tool

VOQUZ Labs setQ is a third-party software solution that helps SAP teams manage users effectively to help to reduce the risk of data breaches and other security incidents that could result from stolen credentials.

setQ provides a range of features and tools that enable administrators to streamline user management tasks and ensure the security and compliance of the system.

For example:

  • Assign and revoke user roles and authorisations easily, ensuring that users have the appropriate level of access to the system.
  • Manage important user credentials, such as password policies and password reset mechanisms, preventing password-related issues and ensuring only authorized users can access the system.
  • Monitor user activity and track changes to user roles and authorizations to maintain compliance with SoD policies and data privacy laws.

With tools like setQ, SAP teams can more easily manage and control their user roles and authorisations, thus minimising the risks associated with uncontrolled access to sensitive data.
View full post