SAP Security Forum June 18-19, 2020 - SAP Live Class - NOTE: Delete the yellow stickers when finished. See the SAP Image Library for other ...
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
NOTE: Delete the yellow stickers when finished. See the SAP Image Library for other available images. SAP Security Forum June 18-19, 2020 SAP Live Class
June 18, 2020 Each lecture is marked according to its level of detail:
Basic - Introduction to the topic, no previous knowledge necessary
Intermediate - Basic knowledge of the solution necessary
Advanced - Extensive knowledge of the solution necessary
From 9:30 Virtual check-in
10:00 – 10:10 Welcome
Michael Janning, Manfred Wittmer, SAP
10:10 – 11:10 Keynote: Secure by default
Michael Altmaier, Matthias Ems, SAP
11:10 – 11:30 Coffee break
A: Infrastructure and B: Identity and access C: Compliance and data D: Repeat the track
communication management protection and privacy
11:30 – 1:00 A1: SAP cloud connector B1: Compliant identity C1: Data protection and privacy – D1: Technical security for SAP
installation to principal – management in hybrid SAP procedure model and the S/4HANA
propagation landscapes (IAG / IPS / IAS) impact of GDPR on the day-to-day Tobias Lejczyk, SAP
Tobias Pahlings, SAP Sonia Petrescu, Gunnar Kosche, processes in IT
Gerald Fest, SAP Ksenia Tretjakova, Andreas Oesterle, SAP
1:00 – 2:00 Lunch break
2:00 – 3:30 A2: Threat modelling – B2: Automate user lifecycle C2: Automated controls with D2: Authorizations in SAP
thinking like a hacker processes in the cloud machine learning capabilities S/4HANA - live demo and project
Tobias Lejczyk, SAP Jannis Rondorf, Ibsolution Dominik Schwarz, Konstantin Pabst, SAP hints
Dr. Ronald Baudisch, Markus Griem, SAP
3:30 End
© 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 2June 19, 2020
A: Infrastructure and B: Identity and access C: Compliance and data D: Repeat the track
communication management protection and privacy
9:00 – 10:30 A3: Technical security B3: Authorizations in SAP C3: Blocking and deletion of D3: Compliant identity
for SAP S/4HANA S/4HANA - live demo and project personal identifiable information management in hybrid
Tobias Lejczyk, SAP hints in SAP ERP and SAP S/4HANA landscapes (IAG / IPS / IAS)
Dr. Ronald Baudisch, Markus Griem, SAP through SAP Information Sonia Petrescu, Gunnar Kosche,
Lifecycle Management Gerald Fest, SAP
Wolfgang Epting, SAP
10:30 – 11:00 Coffee break
11:00 – 12:30 A4: SAP Enterprise B4: Identity access governance – C4: Knowing without seeing D4: Threat modelling –
Threat Detection 2.1: the SAP toolset in a cloud only - GDPR compliant and data thinking like a hacker
features, use cases, scenario and live demo protection conform usage of Tobias Lejczyk, SAP
and demo Sonia Petrescu, Gunnar Kosche, your data for analytical
Fatih Gey, Michael Schmitt, Gerald Fest, SAP evaluations
SAP Wolfgang Epting, SAP
12:30 – 1:30 Lunch break
1:30 – 3:00 A5: SAP landscape – B5: SAP Fiori for SAP S/4HANA: C5: Continuous security D5: SAP Enterprise Threat
secure design pattern new tools for UI activation and monitoring and demo Detection 2.1: features, use
Michael Altmaier, SAP simplification of content Kedar Warunkar, SAP cases, and demo
management Fatih Gey, Michael Schmitt, SAP
Kattia Jordan-Philipp, Marek Barwicki,
Dieter Mauer, SAP
3:00 End
© 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 3Abstracts keynote
K Secure by default When dealing with security, there is often an argument what to prioritize: business or security. The
assumption to prioritize one over the other is not state-of-the-art. Stable operations and security measures
are not two sides of a coin but that they must go hand-in-hand to achieve a professional, robust system
performance that keeps your business up and running in a secure manner. This presentation will show
how delivery of no-disruptive default configurations will support increasing security whilst not affecting the
business.
© 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 4Abstracts A: Infrastructure and communication
A1 SAP cloud connector installation to principal- Learn in this session what is needed to securely setup and operate a cloud connector in your network.
propagation Based on a demo system we will completely demonstrate the installation and configuration with an SAP
Fiori Launchpad example.
A2 Threat modelling – thinking like a hacker The security world can sometimes be overwhelming. Massive amounts of risks, viruses, issues,
D4 possibilities, and products fight for our attention. Where do you begin? This is where threat modeling
comes in. Threat modeling turns the question around and asks: where would an attacker start and how
high is the risk of a successful attack? Where should I start securing my environment? In this talk we will
have a look at the concept of threat modeling and get an insight into the mind of a hacker.
A3 Technical security for SAP S/4HANA Everything is new, everything is different. Or is it? To secure something we first have to understand it. We
D1 will have a look at the SAP S/4HANA architecture and see what the consequences for our security are.
Which topics are new? Which topics are old? And which opportunities open for us in an SAP S/4HANA
project?
A4 SAP Enterprise Threat Detection 2.1: features, use SAP Enterprise Threat Detection version 2.1 was successfully delivered in November 2019. A further new
D5 cases and demo version 2.2 is planned for May 2020.
The new releases contain several new and exciting features, presented here. Additionally we show
realistic security attack use cases (for example, manipulation and spying attacks on SAP systems) and
show how the detection and analysis works with SAP Enterprise Threat Detection.
A5 SAP landscape – secure design pattern By introducing mobile scenarios and cloud services, the complexity of SAP landscapes is rising fast. It is
becoming more important to design SAP landscapes and infrastructures with a focus on security to be
able to integrate all services securely. This session recommends secure design pattern for common use
cases.
© 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 5Abstracts B: Identity and access management
B1 Compliant identity management in hybrid landscapes In this architecture session we will present different options to implement a so-called compliant identity
D3 (IAG / IPS / IAS) management scenario in your company. The design will reflect on-premise and cloud applications in a
hybrid setup. We will discuss the pros and cons of the different tool-combinations and approaches.
B2 Automate user lifecycle processes in the cloud Based on different use cases, you will learn options in order to automate identity lifecycle processes in the
cloud including, for example, provisioning your user accounts and authorizations into a cloud system.
In a live technical demo, we explain which solutions SAP offers today and show you tips and tricks you
can use during set up of the scenarios.
B3 Authorizations in SAP S/4HANA – live demo and This presentation will provide you with some insights into the basics and implementation approaches for
D2 project hints authorization concepts in SAP S/4HANA on premise including system demo. You will get some hints from
the current SAP S/4HANA authorization projects covering following topics: methods for troubleshooting,
evaluation options of SAP Fiori artefacts, authorizations for SAP S/4HANA project team, some well-known
challenges, and integration of the authorization implementation into current project methodologies.
B4 Identity access governance – the SAP toolset in a In this presentation we show what identity access governance (IAG) is doing as a product compared to
cloud only scenario and live demo and combined with SAP Cloud Identity Services. This presentation will give a brief overview of parts of the
SAP Cloud Identity Services and compliant architecture sessions but focus on a deep-dive into the IAG
product including a live-demo and dos and don’ts related to features and the general use.
B5 SAP Fiori for SAP S/4HANA: New tools for UI In SAP S/4HANA on premise projects there are many manual and tedious steps to be performed when
activation and simplification of content management activating SAP Fiori applications or configuring SAP Fiori Launchpad content. This process is now much
simpler and faster with new tools like the SAP Fiori Rapid Activation task lists or the new SAP Fiori
Launchpad Content Manager. These tools help to automate activation of SAP or customer business roles
and to manage SAP Fiori catalogs effectively.
© 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 6Abstracts C: Compliance and data protection and privacy
C1 Data protection and privacy – SAP procedure model Join this session to learn about the impact of the GDPR requirements on the daily processes in IT and
and the impact of GDPR on the day-to-day processes how to structure the implementation of these requirements. Project experiences as well as the typical
in IT challenges will also be presented as part of this session.
C2 Automated controls with machine learning In this session we will give you a short overview on SAP Tax Compliance and SAP Business Integrity
capabilities Screening, two mass data analysis tools with integrated automated workflows. We then will elaborate on
the utilization outside tax and compliance and how machine learning can be applied with various business
cases and demonstrate the respective functionalities. You will also learn about the process, technical
requirements, and best practices for a successful implementation.
C3 Blocking and deletion of personal identifiable Have you already implemented blocking and deletion of personal identifiable information in your SAP ERP
information in SAP ERP and SAP S/4HANA through or SAP S/4HANA environment? Do you know how a suitable decommissioning strategy for legacy
SAP Information Lifecycle Management systems can save costs, optimally prepare for the migration to SAP S/4HANA and, at the same time, help
you to ensure legal compliance? In this lecture you will learn how SAP Information Lifecycle Management
covers these requirements and how the solution can be implemented cost-effectively and efficiently.
C4 Knowing without seeing - GDPR compliant and data Taking advantage of priceless data to fuel decision-making is decisive to success in digital business. To
protection conform usage of your data for analytical protect identities while capitalizing on valuable data assets, our customers can harness advanced data
evaluations security and privacy protection with the latest release of SAP HANA. This platform is one of the first to
include an embedded, real-time data anonymization capability that lets you readily analyze data without
compromising security, while opening doors to new opportunities for innovation. New opportunities and
use cases are emerging everywhere.
C5 Continuous security monitoring Continuous security monitoring can help you adopt a proactive approach to dealing with security
monitoring and compliance. This will help to achieve operational excellence through higher degrees of
effectiveness and efficiency in security compliance management. Continuous security monitoring will
address the security strategy across different layers namely platform, application, and user level. The
presentation will also comprise of demo where a sample use case along with an integration (between SAP
GRC solutions and a source system, for example, SAP Solution Manager) as well as an automation
scenario used to ensure security compliance.
© 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 7You can also read
