Security Monitoring Solution by LogPoint for SAP FIORI APPS

SAP Fiori is a user interface platform developed by SAP designed to enhance the user experience of mobile and multi-device applications using modern user interface technology. SAP Fiori is a user interface platform designed and developed for use in various SAP solutions. SAP Fiori enhances the user experience by using modern technologies used in SAP HANA and other SAP solutions.

Securing SAP Fiori system ensures that the information and processes support your business needs, are secured without any unauthorized access to critical information.

You must ensure that the user errors, negligence, or attempted manipulation of your system must not result in loss of information or processing time.

To secure Fiori properly, we must make sure we are considering each layer that is involved. These layers include:

SSL communications: All the communications must be configured using SSL with proper certificates. This is a key and mandatory action. Especially since failing to use SSL will expose your confidential data.

Proxies / Load Balancers: Reverse proxies/load balancers on the DMZ act as a barrier from the external world to the internal network. These servers forward the Fiori traffic to the appropriate internal servers and provide an extra layer of security.

Firewalls: Firewalls need to be used to allow only the traffic that we want and call ports are closed except the ones used by Fiori. This can vary depending on the organization, but at least an external and internal firewall is recommended.

?Single Sign-On: Make sure all users connect to a central repository database that can be easily monitored and maintained. With the proper configuration, the Fiori environment can be configured to only allow single sign on (SSO) connections (and correspondingly disabling the less secure “basic” login to the Fiori Launchpad).

?Two-Factor Authentication: When integrating sign on with Azure (for example) two-factor authentications can be enabled to provide another layer of security. This secondary verification of users greatly increases the overall security.

SAP Gateway Security: It is also important to properly secure the SAP Gateway. This means understanding and properly configuring the system parameters to disable different threats from the outside. In addition, it means creating proper roles with specific functionality and always following the SAP best practices for user security.

SAP Backend Security: In combination with the Gateway, the backend needs to be properly designed for user security. You need to make sure you properly design all of the roles so the different types of users have only the roles necessary to access their data.

?Monitoring Network: Enabling monitoring tools for network interfaces. It is important to have tools that monitor all the incoming traffic and detect treats and configure them to automatically notify you when threats are detected.