Professional Documents
Culture Documents
4/30/13
Agenda
Solution Capabilities Implementation Plan Proof of Concept Impact on the Business Support Service Summary Q & A.
2007 SECUDE International AG, Lucerne
SAP Applications are the Basis for Automating and Managing Business Processes
confidentiality of data in SAP compliance with laws and regulations successful audits protect reputation of company
Controls and security mechanism for SAP are required to ensure smooth execution of business processes and optimized business results
2007 SECUDE International AG, Lucerne
Financial information
(costs, revenue, profit)
HR data Production data Customer data Price lists R&D projects Partnerships
Order entry Online business Production control Supply chain Financial transactions Employee self service
Data integrity:
SAP SNC uses the GSS-API V2 (Generic Security Services Application Programming Interface Version 2) interface to communicate with the external security products. SECUDEs solution as market-leading offering for secure SSO to SAP certainly fulfills this. We provide the broadest offering in regards to platform support, support authentication mechanisms, and support of multiple cryptographic algorithms. SECUDE securelogin uses the x.509 certificate to provide integrity. To guarantee the integrity of the data the message is hashed and digitally signed so that it cannot be modified once sent.
Confidentiality:
SECUDE solution provides confidentiality and integrity of all communication including the communication of the authentication of data. There are three level of security for SAP system Authentication only Authentication & integrity Authentication, integrity and privacy = confidentiality SECUDE solution needs not to change the Crypto Library of the SAP, because the Crypto Library in SAP system is from SECUDE. All client-to-server and server-to-server communication is encrypted, thus ensuring that company data remains confidential on the network.
2007 SECUDE International AG, Lucerne
Authentication:
SECUDE solution enables customers to implement alternative user authentication mechanisms for SAP, even in a mixed mode. SECUDE securelogin support a variety of alternative mechanisms, including Windows logon info, Windows Kerberos, One-Time Password Tokens (e.g. from RSA or Secure Computing), Smart Cards (from various vendors) and Soft Tokens. Organization can choose the mechanism that fits best to their requirements (convenience / productivity / security). SECUDE securelogin provides Single Sign-On to SAP R/3 Enterprise Platform, SAP Enterprise Portal, and SAP Web Application Server.
Internet
ITS/WebAS Server
HR Server
CRM Server
BW Server
Identity assumption
Protection Mechanism
authentication of sender digitally signed data proof of origin / identity encrypted communication
IT
Solution Capabilities
SECUDE Solutions for Secure Single Sign-on for SAP
SECUDE Solution Frontend
SAP Business Applications SAP Technology Basis SAP User Interfaces
Secure Communication
(Confidentiality, Integrity, Proof of Origin)
Windows Username/Password SDK for Custom Authentication RSA Authentication Radius SAP Username/Password Externally Provided Certificates
Improved user and IT productivity through single sign-on Protection of confidential data Control against fraudulent transactions Compliances with laws and regulations
2007 SECUDE International AG, Lucerne
Solution Capabilities
Secure Communication for SAP
personal security environment SNC SSL SAP server
single sign-on
user workstation
SECUDE enables the convenient and efficient use of secure communication for SAP high user acceptance
2007 SECUDE International AG, Lucerne
Solution Capabilities
Single Sign-on for SAP - An Example for Windows Logon / ADS
1 SECUDE secure login server 2 Microsoft Active Directory server
1 2
3 4
Solution Capabilities
Single Sign-on for SAP - An Example for Windows Logon / ADS
Implementation
Time Line
Implementation
Operations in Enterprise Environments (1) Mass Installation and Configuration on Thousands of User Workstations
personal security environment
configuration policies
policy server
MS Active Directory (group policies) SECUDE secure login server
Low cost of ownership through efficient installation and configuration of the software on a large number of user workstations in enterprise environments and through integration with existing standard tools & processes
2007 SECUDE International AG, Lucerne
Implementation
Operations in Enterprise Environments (2) High Availability, Logging, Backup,
Authentication request from user workstation SECUDE secure login server 1 SECUDE secure login server 2
failover
authentication server
enterprise operations
backup, logging, startup / shutdown,
SECUDE secure login server runs as web application on standard environments like Tomcat, BEA WebLogic, SAP NetWeaver
Reliable use in large enterprise environments, with support of typical enterprise operations features
2007 SECUDE International AG, Lucerne
Administration Console
SAP
compression protocol SNC
Protocols:
SECUDE
Windows/ ADS SAP
SECUDE Library
RSA
But Secure Single Sign-on of SECUDE also Works with SAPs Web-based Applications
Supported applications:
" " " " SAP Portal SAP ITS SAP WebAS Java other HTTPS-based applications SSL
Protocol
"
Implementation
Integration with Identity Management Solutions
Support of different LDAP servers (ActiveDirectory, OpenLDAP, Sun Java System Directory Server) as identity and credential store RSA partnership Extensibility through open JAAS interface Integration with user provisioning workflow possible
Proof of Concept
Proof of Concept
Proof of Concept
1. Installation for the Proof of Concept will take 2 days 2. Requirements for Proof of Concept are: Hardware Intel Based System 3.0 GHz Processor 2 GB Ram 80 GB Hard Disk 1 Network Interface Software Microsoft Win 2000, 2003 Server / Linux / Sun Solaris (SECUDE securelogin Server can be installed on the mentioned platforms) but for proof of concept we prefer windows platform JAVA 1.4.1 Servlet Engine 2.3 (Tomcat 4.x) Internet Explorer 5.5 or latest Latest Service Pack Connection to Active Directory
2007 SECUDE International AG, Lucerne
Impact on Business
Single Sign-On (SSO) improves usability and productivity of SAP users by providing or leveraging a single authentication service (e.g. Windows logon) that allows users to logon once and transparently access all SAP applications on different servers. No further logon is being required until after the user logs out. Alternatively, customers can define policies that define after what time interval a user has to re-authenticate.
Improved SAP user productivity Reduced password administration effort Reduced effort for recovering passwords Reduced number of calls to IT help desk due to forgotten passwords
Impact on Business
ROI of Single Sign-on: Single Sign-on investments typically have a very quick return on investment. For an environment with 1000 users, the cost savings can easily add up to multiple 100000 $ per year. Most cost savings come from the improvement in user productivity. With a reduction from an average of 6 logins per day to 1 login, the rate of incorrect logins and subsequent efforts to recover the password or to contact the help desk to reset the password is reduced significantly. Estimations point to more than 100 $ savings per month through improved user productivity. The cost savings for the IT help desk are also significant. With an estimated 35% of help desk calls being related to password reset, the IT help desk can expect about 700 calls per month for a 1000 user environment. Cost savings for avoiding these kinds of calls can easily be more than 10000 $ per year.
2007 SECUDE International AG, Lucerne
Impact on Business
Improved Security An Additional Business Value
Besides the cost savings through single sign-on, companies can also benefit from improved IT security in SAP environments. If IT security risks are not managed properly, a companys valuation will likely be affected at some point in time. According to recent analyst studies, companies with publicized IT security breaches experienced an above-average loss in valuation. This is not only caused by direct cost for managing the security breach, but also by the negative impact on the companys reputation. Many successful companies rely on SAP business software to automate their business processes, making the SAP system the central IT solution to store company-critical information and automate business processes. For many businesses, a problem with the SAP environment or a leak of company confidential data would result in a significant loss of revenue and profit. Single sign-on helps to improve security, because authentication via user name and password is inherently less secure than other mechanisms.
2007 SECUDE International AG, Lucerne
Impact on Business
There are 2 Level Support for SAPin case of problem: First Level Support local SUPPORT in Saudi is the first level support Second Level Support SECUDE is the second level support
2007 SECUDE International AG, Lucerne
Priority
Reaction Time
Escalation Level
Department Manager 1 2 3 1h 4h 8h 3h 3d 10 d
Senior Management 8h
SAP Recommendation
... To transfer data in encrypted form, use our Secure Network Communications (SNC) and an external security product. SNC enables user authentication that is not based on passwords, which means that no password data needs to be sent using the network. For production scenarios, we strongly recommend the use of SNC.
SECUDE and SAP a strong cooperation with benefits for our joint customers
SECUDE is a spin-off from a joint development project between SAP and Fraunhofer Institute Close R&D cooperation since 1996 SECUDE is official software partner of SAP SECUDE is a founding member of the SAP Global Security Alliance SAP certified solutions
Unique functionality
Easy migration from soft tokens to hard tokens Web administration Choice of authentication methods
Proven, flexible solutions with low cost of ownership Adaptable to SAP environments
SECUDE makes access to SAP secure, efficient, convenient, and easy to integrate into existing customer environments. We enable smooth business process execution and optimized business results.
2007 SECUDE International AG, Lucerne
Thank You