limkedin Skip to main content

SAP Security & Why your SOS or EWA report is not enough

By 26 February 2019August 8th, 2022No Comments

When talking to customers we are often asked in what way Protect4S differs from the tooling already available in the SAP solution Manager, such as the Security Optimization Service (SOS) report or the EarlyWatch Alert (EWA) report. The free tooling from SAP provides only very basic insight into the Segregation of Duties (SoD) part of security, has a limited scope and the SAP security related functionality is not integrated. Therefore, it is difficult to get a complete overview of the state of secuity in your SAP systems. In addition, these security-related tools need to be setup properly first as they don’t work out-of-the-box.

Protect4S, on the other hand, is an agentless SAP Security add-on that shows customers business critical risks that may be present in their SAP infrastructure. Based on the security assesment of hundreds of SAP systems for the last 8 years, we are able to provide some statistics on the state of SAP Security. And the results are quite alarming:

sap security real life figures

When your SAP system is business-critical, our recommendation is to check how your organization handles these problems seen above.

To summarize:

  • SAP provides some tooling for basic insight, but although free, these tools have a limited scope and are not integrated
  • The EWA report is not specifically designed for security
  • The EWA chapter on ABAP security is very limited (only ~8 topics)
  • The SOSS Report focuses mainly on the SoD part of security and not so much on the cybersecurity part
  • The EWA and SOS report do not help you in the remediation part
  • Protect4S provides around 2000 SAP Security controls and even helps you remediate issues by automating the installation of SAP ABAP Security notes.

For more information, request a free trial to see the benefits for your organization.