Together, IKB Data and Ergon Informatik have come up with secure web access to an SAP portal of the IKB Deutsche Industriebank AG. Requirements for user log-on were a two-factor authentication against the Active Directory as well as access to SAP via single sign-on. The Ergon web application firewall Airlock WAF and its authentication module meet these requirements.
When it comes to lifecycle management, IKB Data was facing the replacement of the previous web application firewall (WAF). In this time IKB Deutsche Industriebank decided in favour of the SAP solution SRM-SUS (Supplier Relationship Management/Supplier User Service) to be implemented as external web access. It thus lent itself to adjusting special wishes regarding the WAF to the requirements on SRM-SUS. SRM-SUS helps simplify supplier management in that external employees and suppliers can enter their own invoicing information and timesheets. To limit access to SRM-SUS, VPN was not the desired option for data exchange. Instead data exchange was enabled directly via Internet.
A WAF made as restrictive as possible and two- factor authentication were used to meet the high security requirements of the bank. Single sign-on (SSO) was added as a convenience feature to the specifications so that users do not have to also sign on to SAP. In addition to securing the SRM-SUS portal, the idea was to replace the existing WAF connections for the web applications of other customers.
“When it came to updating our web application firewall we placed great importance on an appropriate security level for our customers in addition to looking at it from an economic standpoint”, explains Markus Repges, IT Security & Business Continuity Manager at IKB Data. “For this reason we were looking for a product with a good reputation in terms of filtering data traffic and flexible options for strong authentication. On top of that, the capability for location-redundant high availability mode was a crucial prerequisite.”