It is vital to optimally administer key system configurations to keep systems secure and robust. As important, you must monitor the systems to safeguard against potential changes that could cause a threat.
Both services ultimately aim to improve an SAP system's overall performance, stability, and security, albeit with a specific focus on different aspects of the system.
To improve the overall performance, stability, and security of an SAP System, SAP provides several services:
- SAP EarlyWatch Alert (EWA)
- SAP Security Optimization Services
- SAP Code Vulnerability Analyzer (CVA)
1. SAP EarlyWatch Alert (EWA)
SAP EarlyWatch Alert is an automatic service that analyzes the essential administrative areas of an SAP system and alerts the administrator about any potential issues—whether it is an On-Premise system or an SAP Cloud Solution. Alerts indicate critical situations and provide solutions to improve performance and stability. SAP EWA enables you to uncover missing security configurations, making it possible to identify standard problems before they become acute.
To check and display these alerts, SAP offers the SAP EarlyWatch Alert Workspace, where you can also download the complete results as a report document, which recommends suitable countermeasures in the resulting report.
SAP EarlyWatch Alert is most effective for all SAP components running On-Premise systems or private or public cloud services. It gives a weekly overview of KPIs and alerts.
The EarlyWatch report also analyzes system security issues in terms of authorization and, therefore, covers the following topics:
- SAP Security Notes about ABAP and Kernel Software Corrections
- Default Passwords of Standard Users
- Password Policy
- Gateway and Message Server Security
- Users with Critical Authorizations
You can view these alerts by accessing your SAP Solution Manager and, from there, the EarlyWatch Alert report. This report provides information like system performance, configuration settings, hardware capacity, and so on. It uses meters and tables to highlight system performance and potential issues that need attention. If there are issues, a red mark is shown next to the problematic component. The green mark means that everything is working correctly.
Use the SAP EarlyWatch Alert Workspace for convenient access to SAP EarlyWatch Alert information. This cloud service is available as an application tile in SAP for Me. The central landing page comprehensively overviews your system landscape regarding stability, configuration, hardware utilization, and performance.
Your maintenance agreement with SAP covers it at no extra charge, and it is a technical prerequisite to deliver other remote services.
Read more at SAP EarlyWatch Alert.
2. SAP Security Optimization Services
Security optimization service focuses on identifying and addressing potential security vulnerabilities within the SAP system. By acting proactively, the service ensures the smooth operation of your system. This includes conducting security assessments, implementing security best practices, and providing recommendations for improving the overall security posture of the system.
Keeping the security and availability of your SAP solution high is a tremendous value to an organization. The SOS analysis will:
- Decrease the risk of a system intrusion
- Ensure the confidentiality of business data
- Ensure the authenticity of the system users
- Substantially reduce the risk of costly downtime due to wrong user interaction
Go for a deep dive at SAP Security Optimization Services Portfolio.
3. SAP Code Vulnerability Analyzer (CVA)
The security of business applications and software solutions depends upon the security of its source code. Business applications are complex, having evolved over many years across numerous technical platforms. They have been adapted or enhanced for specific customer needs. Changing business requirements need continuously reviewing and optimizing business functions and performance to keep pace with industry change. In short, custom code can represent one of the most significant sources of risk to an organization's software components, functions, infrastructure, and business data.
To properly secure an application, all its components, functions, infrastructure, and related threats must be understood. This understanding must consider new and evolving technology, which introduces new vulnerabilities and potential risks. Firewalls, intrusion detection systems, digital signatures, and encryption are only sometimes sufficient.
Vulnerabilities in the code can lead to negative publicity, damage to a corporate image or brand, lost revenue, legal repercussions, and regulatory fines and penalties. News stories abound with examples of companies struggling with security hacks, data breaches, system outages, and so on. The shift towards mobility and cloud-based solutions can multiply this risk.
SAP Code Vulnerability Analyzer (CVA) is a static code scanning tool that helps to identify and fix security vulnerabilities in ABAP programming language before the code is deployed to customers, avoiding potential exploits and cyberattacks. CVA is available both in the cloud on SAP BTP and On-Premise. SAP software solutions can also be put at risk as most customers have teams of developers creating custom programs or making modifications or enhancements to SAP objects.
The SAP CVA scans companies' custom code during the development process and is tightly integrated with the ABAP Development Workbench toolset and the ABAP Test Cockpit (ATC). Analysis scans are designed to detect security flaws and dumps to make custom code secure before deployment. Integration with standard ABAP development and change management tools allows developers easy access to testing functionality and extensive documentation to resolve identified or potential coding issues.
SAP CVA ensures that development and quality assurance teams have access to the technical capabilities to:
- Automatically detect weaknesses in your ABAP source code.
- Reduce false-positive rate through data flow analysis.
- Support exemption workflows to ease the handling of false positives.
- Integration into standard ABAP development infrastructure (ABAP Test Cockpit).
- Support for single object and group object testing.
- Capture manual and automated check executions.
- Access extensive documentation to avoid and remediate issues in custom code.
The cloud solution is part of ABAP Test Cockpit (ATC) and comes with SAP BTP ABAP Environment. Pricing is based on CPEA (Cloud Platform Enterprise Agreement) credits or Pay-As-You-Go. It does NOT require a separate SAP CVA license, while the On-Premise solution requires an SAP CVA license based on the number of users.
The cloud solution has several benefits compared to On-Premise:
- SAP CVA on SAP BTP is always up-to-date and has the latest checks.
- SAP CVA on SAP BTP does not require an SAP CVA license. It requires only SAP BTP ABAP Environment, which is cheaper.
- SAP CVA on SAP BTP allows the analysis of usage data so you can identify code that is rarely or never used.
- The setup time for SAP CVA on SAP BTP is shorter.
- SAP CVA on SAP BTP runs in SAP BTP ABAP Environment. Once you have this, you can use it for all sorts of other things, such as custom code analysis for SAP S/4HANA, ABAP Cloud, or SAP BTP ABAP Environment migration, developing ABAP coding on SAP BTP for innovative use cases, and so on.
For more information, go to SAP Code Vulnerability Analyzer at SAP Community.
Lesson Summary
You can now describe each of the three SAP solutions for Configuration and Monitoring: SAP EarlyWatch Alert (EWA), SAP Security Optimization Services, and SAP Code Vulnerability Analyzer (CVA).