We thoroughly understand the SAP environment from a security perspective and want to help you do the same. What we do best is help organizations like yours get smart, get strong, and crazy protected when it comes to SAP. Allow our advisory service to come in and spends some time learning about your current security posture, your risk appetite, your processes, controls, and employee’s skill sets, then we can design a dedicated SAP Security Strategy that empowers your organization defenses, equips your employees with the right skills, and supports the technology you have in place.

This is how we can help

  • We can design an individual SAP Security Road Map for you, specific to your industry and organizational needs
  • We can easily spot gaps in your controls and help you fix them
  • We can help you fully utilize your internal three lines of defense more efficiently by identifying knowledge, communication, and process gaps
  • We can reduce your risk of internal attacks
  • We can improve your response to security failures with easy-to-follow playbooks designed individually for your organization
  • We can help you find and fix breaches faster

NO MONKEY Advisory Services

Each organization we work with has different needs. We offer a suite of services to help you better understand and protect your SAP landscape. Our advisers work one-on-one with your organization to determine which combination of services will provide the most impact when designing your SAP security strategy.

  • SAP Security Assessment

    A hollistic approach identifies gaps and weaknesses throughout the different SAP control areas within the organization. Starting with different governance controls such as change and configuration management to a more technical assessment such as vulnerability assessments, helps ensure control areas are protected, implemented, and deployed as per the organizations requirements.

  • Core Business Application Security Workshop

    Throughout the workshop representatives of the three-lines of defense can describe their activities in regards to securing the SAP core business applications of the organization against cyber security threats. Within the workshop potential gaps and overlaps can be identified according to the core business application governance framework.

    The customers can scope the workshop in regards to a specific project, major change, or the security activites related to SAP in general. The workshop is prepared and moderated and guided by the advisor which will also acting as a translator between the three lines of defense.

  • SAP Penetration Testing

    To get governance about vulnerabilities and their severity for an SAP application, a penetration test using a grey box approach provides an efficient way to determine and classify vulnerabilities in an SAP application. As a result, activities to remediate vulnerabilities or mitigate the risk they expose can be conducted.

  • SAP SDLC Security Evaluation Review

    The security of the software delivery pipeline is crucial to the security of core business applications and often ignored by audit, conducting review can provide transparency on critical threats. Due to the fact that SAP is very specific about the tools and approaches for development, integration, and deployment, common tool chains of DevOps Boilerplates and SSDLC (Secure Software Development lifecycle) concepts can't be applied.

    This area determines gaps in the current SDLC setup and also provide ways to close them in consideration of the overall SSDLC or DevSecOps strategy, which in return will improve the security culture in SAP customizing activities.

  • Network Security Infrastructure Concept Review

    To understand the security implications of the companies core business application network setup with requirements to connect cloud services, vendor support accesses, and different data center sites, a review of the network infrastructure concept of the core business applications is an efficient way to mitigate application security risks by minimizing the attack surface on the network level.

  • Security Aptitude Assessment

    Skill, knowledge, and responsibility gaps are a primary cause of miscommunication and security weaknesses within an organization's IT operations, security, and compliance areas. The governance around skill and knowledge gaps is essential to make an efficient decision to improve an organization's security posture, starting with increasing the staff's security capabilities to protect the organization's core business applications and data.

  • Solution Evaluation

    The SAP Security Solution Evaluation supports organizations in identifying solutions and qualify their vendors regarding their capabilities to assist organizations in increasing their SAP security posture. To determine which solutions and vendors are the most suitable for implementing an SAP security strategy, NO MONKEY ADVISORY evaluates your requirements and resources, creates and issues RFI/RFQ's for you, and evaluates the responses.

    To create an unbiased and transparent rating of vendors and tools, the capabilities, maturity, and cost of ownership are rated by independent experts. This minimizes the risk for dissatisfaction and internal procurement and evaluation efforts.

  • SAP Security Roadmap Definition

    The SAP Security Maturity Model allows organizations to determine their SAP security posture based on controls used to define a maturity level. Depending on individual risk appetite and requirements, the maturity model enables organizations to increase their maturity or maintain the current level. This enables to plan and enhance the security mechanisms and controls when protecting SAP resources.

  • Code Security Review

    To get transparency of the security of ABAP based 3rd party or custom implemented business applications and interfaces, a code security review can provide insights about code-based security flaws as well to what level the code applies to the code security standards in the organization as well as common code security best practices in the ABAP technology.