SAP is a complex and ever changing system, whether because of changes introduced to your SAP implementation to better suit your business or through the application of Security Notes (Patches) to ensure that newly disclosed vulnerabilities are mitigated. In order to provide a predictable and scheduled flow of vulnerability mitigation information and security patches, SAP releases their latest Security Notes information on the second Tuesday of every month.
SAP systems include a reduced set of security features, which cover the SAP authorization concept and user authentication based on passwords. SNC is a software layer in the SAP Netweaver system architecture that provides an interface to an external security product offering stronger authentication methods, by encryption and by single sign-on mechanisms allowing SAP customers to extend SAP system security beyond the built in set of features shipped with SAP.
SAP takes their responsibility to help their customers be secure seriously. They have released the SAP HANA Security Guide to help their customers deploy HANA in a secure way. SAP Security Guides are nothing new, they help define a minimum benchmark of a securely deployed SAP system.
Since the Sarbanes-Oxley (SOX) Act passed in 2002, an organizations' emphasis on their internal controls and risk management has increased significantly. United States Federal Law set new standards for all publicly traded US company’s boards, management and for public accounting firms. As a result of SOX, top management of these companies must individually certify the accuracy of their reported financial information.