"S-KPI“ (Security – Key Performance Indicators) is the new DETACK SAP Benchmarking-Tool which realizes a fast and comprehensive overview of the IT security of SAP landscapes. Security risks of the SAP system and not followed compliance restrictions as well as potential cost savings will be identified. The required data extraction for "S-KPI“ is performed by an easy checklist, the following analysis can take place on site or in the Detack test centre.

Top management and IT security officers are personally liable for insecure IT systems according to IT security requirements and compliance restrictions. These requirements as well as cost savings are addressed by the new DETACK SAP benchmarking product "S-KPI“ (Security – Key Performance Indicators). The "S-KPI“ tests (on site or remote) include by Detack frequently identified critical security vulnerabilities on client side installations. The analysis benefits from Detack's wide range experience of more than one decade in IT security audits which are in "S-KPI“ concentrated. This expert knowledge assures a budget friendly and quick analysis which is almost effortless for the client.

"S-KPI“ compares the specific customers SAP area with other companies and competitors with similar SAP landscapes. This makes it to an element of motivation for active collaboration in the elimination and analysis process – the improvements, compared to e.g. competitors, will be clearly visible in a retest. The "S-KPI“ analysis enables a sustainable raise of the IT security level and high costs savings – the responsible persons are legally safeguarded, their measures and their effectiveness clearly documented.

For the "S-KPI“ Benchmarking specific data from the client system is extracted. This extraction can be performed on client side - out of SAP transactions, reports, function modules and / or databases - with an easy checklist. All chosen indicators are based on SAP standard system information, allowing an easy and quick readout. The transfer of the extracts for processing by the auditors can be done with any secure method – on site presence of the auditors is not necessary. On request the "S-KPI“ Benchmark can equally be performed on site.

In the following chosen methods of the "S-KPI“ SAP Benchmarking are listed and described:

SAP Security Notes
Tests to identify missing updates which could endanger the SAP system security

Deviation from the SAP Security Guidelines
Identification if the SAP Security Guidelines are followed and important compliance requirements are met

RFC Connections
Test for critical connections, e.g. RFC connections to test and / or development systems which are normally lower secured than productive systems

Password Security
Test of new code versions (F, G) / strength and quality audit
Existing initial passwords – normally well known by attackers
Password change interval – the password should be changed frequently

User Privileges
Existing Privileged Accounts with comprehensive access

Security Costs
Changed passwords by the helpdesk produce high maintenance costs if multiplied with many users
License usage: Never / very rarely logged on users produce unnecessary license costs

Detack delivers the "S-KPI“ report containing all results of the described test objectives including the respective adjustment recommendations. For a fast overview the results are clearly displayed with a graphical visualization. An onsite presentation of the results and a discussion about the recommendations and follow-up actions is beneficial in order to raise the awareness of the findings. The "S-KPI“ analysis enables the client to define concrete goals and deviate required measures.