About patrickboch

patrickboch · 09-29-2023

SAP S/4HANA, the core ERP product from SAP, is a complex solution. With more than 300 million lines of code, and a broad variety of modules and components, it’s not only very powerful – it can also be overwhelming to find the settings and features y...

patrickboch · 02-24-2023

When we speak to customers about security, we often hear the requirement for “more encryption”. Which makes sense, doesn’t it? After all, with todays’ encryption algorithms, anyone who is able to steal encrypted data cannot really do anything with th...

patrickboch · 02-24-2023

3.3 Terminated or Transferred Users Risk Users have access privileges even though they transferred to a new business role, potentially creating a segregation of duties conflict or users who have been terminated are still active in the system, creatin...

patrickboch · 11-30-2022

This blog post is part of our series about how to audit SAP S/4HANA Cloud public edition.Role Concept: Business Catalogs vs. PFCG Roles SAP S/4HANA Cloud simplifies the role assignment by introducing business catalogs as the smallest assignable entit...

patrickboch · 10-11-2022

Two-thirds of the Earth's surface is covered with water. The other third is covered with auditors from headquarters.”- Norman Ralph Augustine -Trigger & BackgroundIronic as it is, the quote above does carry some truth. For every larger and/or publicl...

patrickboch · 03-01-2023

Hi GeorgiaFrom my understanding, IEC 62443 is tailored very specifically to Industrial Automation and Control systems, for example the software that controls a robot that puts together car parts. The scope of SAP S/4HANA is different to that. Having ...

patrickboch · 08-10-2022

Hi Gerardwhat log files are you looking for specifically and why?Please keep in mind that not all events, especially infrastructure related log events, can be shared for confidentiality reasons. Nor would they need to, as we as cloud provider operate...

patrickboch · 06-09-2021

Hi Marian sorry about that - I changed the reference in the blog post and will let you know once the note is actually published. Something to look forward to, though 

patrickboch · 02-23-2021

Hi Yonko thanks for the insight. I'd definitely agree that the bug bounty program is helpful in developing a more secure application - and ever since we participate, it has become an important pillar in making S/4HANA more secure.

User Statistics

User Activity

Everything you always wanted to know about S/4HANA security, but didn’t know where to find.

The handkerchief problem with encryption

Terminated or Transferred Users / User Access Review (Part 3.3/3.4)

What’s different – 3 new key functionalities in SAP S/4HANA Cloud, public edition

How to audit SAP S/4HANA Cloud, public edition

Re: ISA/IEC 62443

Re: Can the Public Cloud integrate with a 3rd Party SIEM Solution?

Re: Security by Default - HANA Audit Policies for S/4HANA

Re: Bug Bounty – financially motivated crowdsourced and hacker powered application security