About Us
SecTune GmbH
Huttropstraße 60
45138 Essen
Consulting
Take advantage of our professional consulting services to implement security efficiently.
Portfolio
SAP Security & Compliance Management
Certified SAP Audits
SAP Project Management
SAP Authorization Concepts
Implementation of SAP Roles
SAP S/4HANA-Migration
SAP Security Concepts & Guidelines
SAP Risk Management
Proof of Concept GRC Software
SAP Security & Compliance Management
SAP Security & Compliance Management
Our professional consulting team advises you on complying with external and internal compliance requirements. Our portfolio covers all technical and process-related levels of an SAP system.Certified SAP Audits
Certified SAP Audits
With our certified SAP Security & Compliance Audits, we enable you to identify the current risk situation of your SAP system and detect the potential vulnerabilities of your system. The audit covers all technical levels of a system and its environment. A complete audit includes system landscape realted checks such as RFC connections and SAP Gateway as well as critical system parameters and settings. Furthermore we focus your technical authorizations according to segregation of duties (SoD) and critical permissions. The audit focus can be defined on your individual needs.SAP Project Management
Project Management
We support you in planning your security projects efficiently and according to your project goals. Before you start your project we recommend a detailed analysis of the current situation with a reflection of the target situation. In the analysis, we will check whether your compliance requirements are being fulfilled and identify the potentials for an optimization. As a result you will receive an individual project plan with cost estimation. The project plan with its detailed work packages guides the project team to achieve your goals. Of course, we can also take responsibility for managing your projects if you are looking for a project manager.SAP Authorization Concepts
SAP Authorization Concepts
The complexity of authorizations increases with the number of users and business requirements. In addition compliance guidelines are getting stricter with regard to critical authorizations and segregation of duties (SoD). As complexity increases it is more and more difficult to define and assign authorizations according to business nedds. We support and advise you with our copetence to adapt your authorization concept according to your compliance regulations or if necessary to redesign it. In addition to the business processes your identity management processes are also taken into account. Our approach is standardized and individually adjustable to your needs. Please contact us and we will plan the next steps with you.
Implementation of SAP Roles
Implementation of SAP Roles
In our experience user permissions are often grown historically and consequently lead to SoD conflicts and critical permissions. Internal and external compliance requirements cannot be fulfilled as a result. The auditor reports this situation as a finding and you are forced to act. More than 90% of all permissions can be reduced without major dialog with the business and without having a negative impact. Our experts support you in the implementing of authorization roles or in redesigning roles to achieve your compliance requirements. You define the scope of the required support by your own. Please feel free to contact us and we will plan the next steps with you.
SAP S/4HANA-Migration
SAP S/4HANA-Migration
Are you planning to migrate your systems to S/4HANA and need to convert your authorisation structures as efficiently and securely as possible? We can assist you in this challenge with our long-term experience in this area. We offer different approaches for a successful S/4HANA migration:
Brownfield approach: Transformation of existing roles from your legacy system (Role Conversion Service).
Greenfield approach: Redesigning your SAP authorisations on the basis of changed processes
Selective Data Approach: Redesign your SAP authorisations based on actual processes
The question of which approach is the most appropriate for the design of your S/4HANA authorisation concept depends on the quality of your current roles and on your internal requirements. We can support you in this decision as part of a preliminary authorisation study and in all project phases.
SAP Security Concepts & Guidelines
SAP Security Concepts & Guidelines
Security guidelines and updated concept documents are a key factor in achieving IT compliance requirements. Completely documented guidelines and concepts make sure that IT is operated in an organised and secured manner as hey provide guidance to employees. For this reason it is important to keep a high level standard in your document landscape. Last but not least it is also a key check point for your external auditor. We support you in setting up or updating your document landscape in the following areas:
SAP Authorization Concept
SAP User Administration Concept
SAP Role Administration Concept
SAP Emergency User Concept
SAP Risk Management Concept
SAP Security Guideline
SAP Hardening Guide
SAP Patch Management
SAP Development Guideline
SAP HANA Database Security Guideline
Use our well-proven concept templates to reach your goals even faster. We are looking forward to support you in updating your concept landscape to ensure that you are perfectly prepared for the future.
SAP Risk Management
SAP Risk Management
The topic of IT Risk Management is on the agenda of many companies, but it often still has a minor role in the organisation. The main reason for this is to keep the business running and to focus on the companies expansion. Without the monitoring of IT risks and adequate measures you will quickly fall back to an unsecure level. To avoid this situation we will support you to establish a Stay Clean Process. We consult you independently whitin the selection process of a suitable monitoring solution and support you to implement the global Stay Clean Process in a short time so that your systems can be monitored permanently and security gaps are alerted immediately.
Proof of Concept GRC Software
Proof of Concept GRC Software
Every company is facing IT risks. The question of how to deal with risks is essential for an efficient risk management. Companies that systematically observe and evaluate risks are able to prevent threats efficiently.
The selection of a suitable software is a crucial factor in this context. Good solutions already provide a general risk database on which basis you can adapt your own risk management process. It is important to be aware of compliance violations such as segregation of duties conflicts (SoD) in order to be able to react to risks at an early phase.
We support you in selecting the most suitable software solution for managing your risks in the GRC context. We have the overview of the leading market solutions and support you in the proof of concept phase so that you can find the best solution for your individual requirements.
Hacking anything to secure everything.
According to the police crime statistics (PKS) of the german Federal Criminal Police Office Cybercrime, there were more than 108,000 recorded cases of hacking attacks on IT systems in 2020. The number of factual cases is much higher and we can observe an immense increase in recent years.
The audit of SAP systems shows that 95% of all SAP systems are at risk.
From security audits we know: Every system is vulnerable. It is just a question of time and effort to hack a system and get access to sensitive data. We very rarely find SAP systems where the infrastructure is secured in the best way and an effective authorisation concept is established. Threats are almost detected too late. With the right concept, the probability of a successful attack can be reduced significantly.