The global and independent platform for the SAP community.

Identity Management and Governance

In the course of the digital transformation, questions regarding cloud providers, on-premises migrations and ROI are in the foreground. In view of the increasing number of digital attacks, cybersecurity should not be ignored either.
Ansgar Steinberg
April 22, 2021
[shutterstock: 1790889008_wacomka]f
avatar
This text has been automatically translated from German to English.

Whether it's international relations between states or protecting homes from break-ins and corporate networks from cybercriminals, security plays a prominent role in everyday life.

In fact, a similar premise applies to corporate networks as to one's own front door: There is no guarantee, and those who do not consistently deal with their own security will, in the worst case, end up with the short end of the stick. While the consequences of a break-in at home are largely foreseeable - and are usually paid for by insurance - negligent planning and implementation of cybersecurity can quickly lead to immense damage and far-reaching loss of reputation for companies.

As many companies are currently working on implementing new concepts for their own IT architecture as part of their digital transformation, cybersecurity issues are increasingly becoming the focus of managers and decision-makers.

For example, if part of the applications and databases are moved to traditional cloud providers as part of a move from previously used SAP systems and landscapes to S/4 Hana, potential vulnerabilities naturally arise within the planned architecture.

In the past, for example, all databases and applications in on-premises solutions were protected by their own firewall within the company's own network, but outsourcing and expansion have resulted in various difficulties that must be clarified as part of cybersecurity assessments. A particularly critical situation arises when third-party data and personal information are also processed in the company.

[adrotate banner="284″]

The three pillars of cybersecurity in hybrid environments

In order to avoid unauthorized access to their own IT architecture and infrastructure, those responsible should focus primarily on three pillars and develop appropriate strategies for integration into the process of digital transformation.

Since cyber criminals use all available means to compromise a network, clear authentication guidelines must be developed. These policies regulate communication within and outside the company's own infrastructure and ultimately also familiarize employees with the cybersecurity guidelines through regular training.

To ensure that only authorized persons have access to the data and applications within an organization, an approach must be found that, on the one hand, holds up employees' work as little as possible with repeated logon processes, and, on the other hand, is secure enough to ensure that they actually belong to the company. Single sign-on solutions, for example, can be an adequate approach here.

With regard to the data stream, which must also be able to take place outside the company's own network, the selection of possible solutions is sometimes more difficult. What is certain, however, is that the data stream must be secured at all times and have end-to-end encryption.

If, for example, the use of a large cloud service provider is planned, redundant WAN structures are a good solution. For employees who work remotely, on the other hand, end-to-end encrypted VPN tunnels can also be a suitable solution.

While these two central pillars of cybersecurity are being implemented through appropriate strategies, employees should be made fit for the new technological infrastructure. In addition to regular employee training on the subject of cybersecurity, special attention must be paid to ensuring that all employees are aware of the advantages of the new applications and understand how they work.

Just as with all other business areas, it is also true for IT that employees are the linchpin of business success. Accordingly, they are also an essential asset in terms of a company's cybersecurity strategy and must not be disregarded in the planning process. Ultimately, only employees who successfully work with the appropriate solutions and applications can achieve the desired increases in productivity.

Through the process of digital transformation, companies can create immense added value for their own employees and processes. However, many managers take the planning of a functioning cybersecurity strategy lightly and are not aware of the possible threats.

In the worst case, the advantages gained are directly nullified and brand trust built up over years is squandered. This can be remedied by concentrating on the three most important pillars of cybersecurity. In addition, those responsible must always be aware that a strategy once established can be useless against new forms of attack in just a few years if it is not consistently developed further. Relying on the supposed achievements of the past is just as dangerous as leaving your front door wide open.


Interview: Cybersecurity from the user's perspective

Mr. Lindackers, Barmer has been using a central identity management system for some time now. How did the cooperation come about and what projects have already been implemented together?

Lindackers: We rely on a comprehensive SAP on-premises system landscape in which several thousand roles and employees are stored.

An obvious step was therefore to also use this system landscape to manage access rights and general authorizations using SAP Identity Management to cover key cybersecurity aspects.

In the course of a call for tenders, we started working with Devoteam employees. Since 2016, we have successively ported the roles and authorization assignment for all employees to the central SAP Identity Management.

What difficulties did you encounter during the changeover?

LindackersIn any case, we had to ensure that we achieved a high level of security when handling relevant data. A large part of the authorizations (e.g., drive assignments and SAP roles) are derived automatically via organizational management, but we still had to rely on manual, multi-level approvals by line managers and special function holders.

Interview with Benjamin Lindackers, Team Leader SAP Competence Center at Barmer

What benefits have you gained from implementing SAP Identity Management?

LindackersWhere we used to process written applications in physical form, we can now rely on automated digital workflows that speed approvals and ensure compliance with company policies at all times.

Furthermore, we have established a recertification process, so manual assignments have to be validated again after one year. All in all, we have achieved a lot and are very satisfied with the results - both from the management and from the employees.

The Covid 19 pandemic has certainly created further challenges in this area. In the course of this, does the topic of the cloud also play an increasing role for you?

What are the advantages of such a partnership?

LindackersThe pandemic has probably posed challenges for all industries. While the traditional office routine shifted to the home office within a very short time, the necessary work on the infrastructure was also running in the background at our company.

With the support of our partners, we managed to set up permissions for all our employees within a tight deadline. We also managed to set up permissions for digital collaboration tools and integrate external employees into our digital infrastructure.

In a privacy-sensitive industry like ours, cloud applications were initially viewed critically for a long time. However, we are increasingly seeing a rethink as a result of the pandemic, also due to the availability of more and more secure solutions. Because of the sensitive information and data we work with, cybersecurity is a top priority.

What developments and plans regarding cybersecurity does the
Barmer for the future?

LindackersBased on our experience in recent years, further automation within the administration of authorization assignments is a core concern. We want to reduce the manual processes as far as possible and in this way make them even more efficient.

In addition, we are currently working on handling our development and quality assurance SAP systems via a separate identity management instance.

This project again has its own requirements in terms of corporate policies and governance. Cloud migration is another project we are increasingly working on.

Thank you for the interview.

https://e3magpmp.greatsolution.dev/partners/alegri-international-group/
avatar
Ansgar Steinberg

Devoteam Alegri


Write a comment

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork.

Venue

More information will follow shortly.

Event date

Wednesday, May 21, and
Thursday, May 22, 2025

Early Bird Ticket

Available until Friday, January 24, 2025
EUR 390 excl. VAT

Regular ticket

EUR 590 excl. VAT

Venue

Hotel Hilton Heidelberg
Kurfürstenanlage 1
D-69115 Heidelberg

Event date

Wednesday, March 5, and
Thursday, March 6, 2025

Tickets

Regular ticket
EUR 590 excl. VAT
Early Bird Ticket

Available until December 20, 2024

EUR 390 excl. VAT
The event is organized by the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes attendance at all presentations of the Steampunk and BTP Summit 2025, a visit to the exhibition area, participation in the evening event and catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due course.