The IBM Security Maturity & Strategy Analysis Services for SAP Solutions helps organizations properly address security challenges and complexities in their SAP systems that arise from the domains of cybersecurity and regulatory compliance. This service brings a holistic view of all security aspects that affect the SAP technology.

The service package offerings:

Lite Package – Duration: 4 weeks

IBM will assess and advise in the following areas:

• SAP compliance posture: high-level assessment of internal security policies and procedures for SAP, general IT cybersecurity controls, and the most recent audit findings
• SAP security hardening posture: an overall review of internal SAP security baseline, and its technical implementation
• Automated SAP Security scan: uses an IBM Security Monitoring Automation scan to gain insight of current control weaknesses
• Access management approach: an overall view of zero trust principles, including identity and access management, authentication, provisioning processes and SAP role model
• Review of Security & Governance Organization

Advanced Package – Duration: 6 weeks

Includes the "Lite" scope and adds the following areas:

• Vulnerability & Threat Management posture: inspection of implementation of these processes
• Perform a Vulnerability Assessment with market-leading solutions
• Access management analysis: a detailed probe of the security role design and full review of identity management implementation

Comprehensive Package – Duration: 10 weeks

Includes the "Advanced" scope and adds following areas:

• Automation of Vulnerability & Threat Management: internal automated processes or adoption of new solutions.
• DevSecOps posture: analysis of SAP application development processes and tooling
• Data Protection posture: analysis of current security hardening of data in-transit and at-rest, including usage of standard SAP technologies

For each of the services packages described above, the service is delivered in three phases:

• Discovery: In this phase an overall understanding of the SAP systems is achieved through interviews with relevant stakeholders, examination of key internal documentation such as policies, procedures, and audit reports, and clarification of main concerns.
• Detailed Analysis: The IBM team performs analysis based on all the information gathered in the Discovery phase. Additional interviews may be needed to clarify or further analyze certain aspects of the SAP systems.
• Strategic Recommendations: The IBM team prepares the final report, including all the observations and recommendations. This content includes a prioritized risks findings report, strategic roadmap, remediation tasks, process improvements and tool considerations.

IBM services are based on the IBM Security Point of View for SAP:

Notes:

• The 13 layers of SAP security is a stratified approach that decomposes security aspects in different layers, following a top-down approach that moves from Regulatory and Compliance to the most technical aspects of security hardening for SAP ensuring a full coverage of the organization’s needs.
• IBM’s service aligns with the SAP application layers: SAP application security, SAP application server security, and SAP HANA security. Infrastructure security aspects of the SAP systems are not included in the scope of this service.

How is this service delivered by IBM?

• Expert advisory from the IBM Security Center of Competence for SAP
• Use of IBM assets and enablers to speed-up and automate the analysis
• Support from market-leading technology solutions for SAP Security scanning

What will be the benefits for my organization?

• Identification of current SAP Security weaknesses in the analyzed systems
• Next steps needed to address challenges and pain points
• A tangible roadmap for the SAP Security program
• Insights on industry trends and considerations
• Advice in preparing the migration to AWS and S/4HANA transformation from an SAP security perspective

Other SAP Security Service Offerings Beyond the services described above, IBM Security Services for SAP Solutions provides numerous offerings to address cybersecurity and critical data protection concerns such as:

IBM Security Monitoring Automation Services for SAP Solutions: SaaS service to automate SAP controls testing for compliance and security hardening

IBM Threat Detection Patterns Services for SAP solutions: Threat detection patterns for SAP systems via SAP Enterprise Threat Detection (ETD), support and operation monitoring services, and integrate with a SIEM (System Information Event Monitoring) solution.

Migrate SAP to the Cloud

Security in Cloud-based system RISE with SAP: Accelerate SAP cloud Enterprise Resource Planning (ERP) deployment, simplify cloud infrastructure security hardening, meet regulatory compliance and data residency requirements.

IBM Security is a leader in comprehensive AWS Level 1 MSSP services. See #3 in Additional Resources