5 Reasons (SAP Security) to have an updated test system

Posted by Fabio Mambretti on Feb 4, 2022 8:15:00 AM
Fabio Mambretti

A classic SAP landscape is made of three distinct machines:

 

  • Develop environment
  • Test or quality environment
  • Production environment

SAP test security quality

 

It's possible to define more environments, for example, pre-production or other clients in the aforementioned systems.

 

Why are test systems essential for SAP security, and why do they need to be managed in such a way?

1. Authorizations test

In order to use the test environment, even from an authorizations point of view, it's important that the system is frequently upgraded. This environment should also contain specific users for Job Role so that it may be possible to test single roles and not just test using real users defined in the production system.

 

This kind of test could give the false perception of absence of errors, while instead creating problems in the production system. This is because of the sum of SAP authorizations principle.

 

The test of every single role (instead of user) is grandly more efficient.

 

2. The logical repetition of error cases

In some situations it may be necessary to have the same error case even in the test environment, in order to carry out tests to understand the true nature of the error and correctly authorize a user.

 

3. Security (and not only) Programs Check 

Before the import of new programs in production environment, may these be internally or externally developed, they should be evaluated in various classes, for example:

  • Performance
  • Security
  • Code maintaining through time

Only a test system that is updated and like the production system allows for truthful tests of the above-mentioned classes. Are you equipped with a quality control software for the developed code?

 

4. Should data in the test environment be protected?

Each time that we perform a data copy from production environment to the development one, we must be concerned with which data is transferred and how.

 

When we authorize users to enter the system right after the copy, the degree of security of that system should mirror the production one.

  • Do you carry out data scrambling?
  • Do you carry out data cleaning for sensitive data?
  • How is personal data managed? Read more about GDPR here
  • How is the data copy stage managed? Are there exchange files? If so, how are they managed?

 

5. How to secure infra-system connections?

It often happens to set connection routes between SAP systems. The main ones, for example, are due to the SAP transports system (Transport Management System). These ones must be secured also.

 

It is recommended to activate secure communication connections (SAP data cryptography) to protect the transferred data.

 

It's of the uttermost importance to check for the presence of active routes containing valid and usable credentials from systems of minor security (develop or test systems) towards productive systems (which have a higher level of security)

 

Blog post originally translated from: https://www.aglea.com/blog/5-motivi-sap-security-per-avere-un-sistema-di-test-aggiornato

 

Iscriviti al blog se ancora non lo hai fatto!

Topics: gdpr, quality, test system, audit sap, sap security guidelines

Yes Subscribe!

Blog Aglea, what you could find out?

Every Friday a new post, interview or content related to SAP Security.

  • Tips on how to design SAP Security
  • How to
  • Checklist
  • Common error and pitfall on security SAP
  • Interview with experts
  • Who we are and Aglea vision on SAP Security

Recent Posts

Post By Topic

See all

SAP Security Blog AGLEA RSS Feed

Aglea s.r.l. - Subject to the management and coordination of Horsa S.p.A. - P. IVA: IT 03868780960 - 2024 | Privacy Policy - Cookie Policy