Ensuring the security of data and systems is particularly important today in the face of increasing reports of cyber attacks. Proper protection of a company’s IT system is a complex issue which should be divided, already at the stage of risk analysis, into separate areas. SAP interface analysis using professional SNP Interface Scanner (SNP IFS) software is simple and effective, as well as quick to implement. These solutions have been available as part of the CrystalBridge platform since 2019. This analysis will increase security by identifying interfaces that exchange messages with the external world and data with sensitive systems such as HR. This knowledge can be crucial to protect against attacks that can cause financial damage due to downtime or negative impact on your brand.

Compliance with the license

In the short term, compliance and licensing may be of particular concern to IT managers. Interfaces that open SAP systems outwards or allow access to sensitive data are a particular area of audit interest for the purpose of assessing compliance of the system with the regulations. In this context, it is worth recalling that Regulation 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data, known as the General Data Protection Regulation (GDPR) came into force on 25 May 2018. Due to the scope of impact of the new regulations of GDPR, there is no single solution on the market that would ensure compliance with the requirements of GDPR. SNP company has software tools to support customers in the process of achieving compliance with the regulations of GDPR. One of them is SNP IFS, which addresses complex requirements for documentation of SAP interfaces. Thanks to updated and constantly analyzed documentation, obtained with SNP IFS, customers will be able to demonstrate due diligence in the analysis of data exchange to and from systems storing personal data

Get to know own interfaces

One of the most important first steps in determining potential responsibility and additional fees within the SAP licensing structure is a quick and accurate familiarization with the interface environment in the SAP installation owned by the customer. Interfaces are “doors" that allow access to data and their flow to the SAP system and in the opposite direction. These are also mechanisms whose use may result in the obligation to pay license fees for indirect users based on SAP license agreements. Unfortunately, many companies do not have precise information about their interface structure. They are exposed to high licensing, safety and compliance risks.

It is important that customers scan their systems to get an accurate picture of all their interfaces. There are different methods of scanning the interfaces. The most common method is manual review and control of the system. A manual process is not the right solution. It is characterized by high labor intensity, time consumption low efficiency with a very high probability of lack of accuracy. Due to the critical importance of accuracy and speed, SAP customers should only use proven, automated solutions and services, such as SNP IFS, which ensures the accuracy of results.

Development enforces control

The development of the company’s information systems results in the creation of new applications, data and interfaces for the exchange of information. These new application resources are often used by independent customers (business lines, processes, services, roles and accesses). This may lead to a situation where knowledge and documentation about interfaces is dispersed, incomplete and outdated. Another risk is the natural tendency to implement new business solutions while avoiding optimisation and exchange of existing interfaces.

Undocumented or outdated interfaces are a security risk, and outdated or incompatible interfaces may adversely affect business processes conducted in the company’s information systems. This is particularly important when preparing the SAP environment for major changes, such as upgrading the software to the latest version or migrating the system to the latest IT infrastructure. When planning a company’s transformation, for example when implementing a system to subsequent units or when separating companies into independent units, we recommend reviewing the interfaces in use. Analysis and documentation of communication infrastructure using SNP IFS is a simple and quick task to be performed by people without IT skills.

A useful tool

The SNP IFS solution supports the above business situations and is certified by SAP. SNP IFS enables automatic analysis and documentation of interfaces with minimal work effort. This gives you valuable insight into system structure and any introduced changes – for example, to identify and eliminate unused interfaces and connections that are not longer needed, to optimize business processes and to increase operational efficiency and security of information systems.

SNP IFS is a central repository of interface data, collected and available for complex analyses immediately outside the SAP system. Data from SAP systems are acquired and filtered automatically, while providing various analysis and visualization options Multiple business or technical oriented interface analyses are defined and available as standard solutions and in addition they can be freely developed or created by users without SQL knowledge. The most important methods of visualization in SNP IFS include: export to MS Excel, built-in graphs on interface analytics, with the ability to export to MS Office, html or pdf formats, and MS Visio maps showing systems and interfaces between them, together with many useful additional information about interfaces, with the ability to export the map to html format.

SNP IFS usage case: query, chart, MS Visio map

A typical case of using SNP IFS is first of all formulating a query about systems and logs in interfaces, for example we ask about SAP ERP system and all systems occurring with it in the communication infrastructure, built on the RFC protocol in a selected period of time for analysis. In the next step, we decide whether the visualization of the results should be presented on a chart or in the form of a MS Visio map. At the end of a typical use, we decide on the scope and formats of the data to be exported outside the SNP IFS solution, for example for use in audits, documentation updates or ad hoc analyses.

The most important benefits resulting from the implementation of SAP IFS include:

  • Very good preparation for transformation projects, e.g. migration to HANA and Cloud, combining and sharing SAP systems.
  • Current analysis of interfaces (unused, generating most traffic, incorrectly implemented and non-standard).
  • Up-to-date analysis of remote, unknown and production-connected systems.
  • Changes in the structure of interfaces from the perspective of different periods of analysis.
  • Excellent transparency, thanks to graphical presentation of interface and system topologies.
  • Analytical data on interfaces, logs and systems in the form of graphs.
  • Reduction of manual activities during analyses of the communication infrastructure to 10%.
  • Security analyses of the communication Infrastructure.
  • Compliance with regulations and licences.
  • Comprehensive documentation support.