ASUG News + Views
The Why and How of SAP Fiori Security
ASUG Admin Jul 13, 2016
Bookmark
Share Article:

SAP Fiori is SAP’s front-end user expe­ri­ence for SAP S/4HANA, as well as an instal­la­tion option for cus­tomers to improve the look and feel of their SAP appli­ca­tions. The nature of SAP Fiori as an exter­nal-fac­ing fea­ture leaves it more vul­ner­a­ble to secu­ri­ty attacks. Those vul­ner­a­bil­i­ties aren’t addressed out of the box with SAP Fiori, accord­ing to Gary Prewett and Michael Pytel, authors of the SAP PRESS e‑bite title Imple­ment­ing SAP Fiori Security.”

SAP out-of-the-box doesn’t do a great job with secu­ri­ty. It’s got six known vul­ner­a­bil­i­ties on Day 1,” says Pytel, who is the co-founder and CIO at SAP part­ner and pro­fes­sion­al ser­vice firm Nim­bl. SAP is a real tar­get now, as we are expos­ing stuff out­side of the firewall.”

Prewett, SAP secu­ri­ty and com­pli­ance prac­tice lead at Nim­bl, says he has spent much of his 18-year career in IT hard­en­ing sys­tems which may be tar­get­ed not only by orga­nized crime, but also by niche hack­ers. Where SAP falls short out of the box, he explains, is the hard­en­ing steps to pro­tect applications.

App secu­ri­ty is very com­pli­cat­ed, tak­ing all the dots and con­nect­ing them,” Prewett says. That’s what we’ve tried to do in the book.”

In the course of his work, Prewett has come across many SAP shops which have secu­ri­ty blind spots. They may exe­cute on some secu­ri­ty pre­cau­tions well — such as roles and autho­riza­tions — how­ev­er, a lot of shops assume that SAP Basis or devel­op­ers will han­dle every­thing. But they all need to be work­ing togeth­er to deploy secu­ri­ty,” he says. Secu­ri­ty prac­ti­tion­ers aren’t going to fix ABAP code, but they need to know what to address.”


Imple­ment­ing SAP Fiori Secu­ri­ty,” which was writ­ten with less tech­ni­cal prod­uct man­ag­er roles in mind, address­es hard­en­ing Fiori secu­ri­ty with step-by-step instruc­tions which even a secu­ri­ty team with­out a lot of Basis sup­port could under­stand. We spent a lot of time on tech­ni­cal steps for deploy­ing secure­ly,” says Prewett.

And even though Nim­bl itself can pro­vide help with the process, hav­ing oper­at­ed a SAP Fiori imple­men­ta­tion prac­tice since before SAP Fiori became a free prod­uct, We make it so [Fiori secu­ri­ty] is self-ser­vice,” says co-author Pytel.

We are not SAP, we are able to say what is good and bad about prod­ucts,” he adds. We install in the real world.”

You can pur­chase Imple­ment­ing SAP Fiori Secu­ri­ty” on this SAP PRESS land­ing page or see oth­er SAP PRESS titles.

You Might Be Interested In


Insights Included in Membership
View All Insights
Bookmark
Bookmark
Bookmark
Bookmark