The global and independent platform for the SAP community.

SAP security must not be a niche product

Hackers make no distinction between general IT systems and SAP applications. Consequently, the issue of security must also be given greater consideration with regard to SAP software.
Kai Grunwitz, NTT Security
February 1, 2017
The-current-keyword
avatar
This text has been automatically translated from German to English.

Most companies have a lot of catching up to do in this area.

KaiGrunwitzUnderestimating the security issue is no longer in keeping with the times. Only a fully integrated and comprehensive cyber defense strategy that spans the entire IT can reliably protect against current and future threats.

This means that excluding SAP from a holistic security concept in the company cannot be effective.

Even a pure focus of security on infrastructure issues no longer does justice to the current threat situation.

Just as no one would think of leaving the heart out of a comprehensive health check-up, it should also be clear that SAP applications cannot be left out of security strategies.

After all, SAP applications are the "heart" of many companies, through which all central business processes are controlled.

More focus on SAP

After all, companies are increasingly recognizing the security problems in the SAP environment.

One reason for this is that auditors are currently also increasingly targeting the SAP world and examining SAP applications in terms of security during audits.

And cases in which SAP departments receive "red flags" here are by no means an exception anymore.

For management, this results in the need to give greater weight to the issue of safety than has been the case in the past.
But where do we need to start? First of all, there are the current organizational structures of companies.

At SAP, one can still generally speak of a compartmentalized world. SAP departments are usually separated from the rest of the IT teams and function as independent, autonomous units that attach only a subordinate role - if any - to the issue of security.

The SAP theme is clearly business-driven. When it comes to security, however, this organizational separation must be eliminated.

Old systems not enough

Conventional security concepts are no longer adequate. They are usually based exclusively on perimeter protection and reactive measures.

What is needed, however, are end-to-end security solutions that also include active protection.

The classic network protection wall is supplemented by proactive security mechanisms that extend to business-critical applications such as SAP software.

This means that IT security today must be about much more than pure infrastructure and technology management. They are merely the basis.

The first step in implementing new security and compliance strategies should be an inventory, a clear analysis and risk assessment that covers all of IT.

Only in the further steps can a decision be made about the use of the right tools or services.

Many new possibilities

And here there are numerous new solutions especially for SAP applications, since SAP itself has been increasingly addressing the issue of security for some time and has been launching security products on the market.

Examples include SAP Single Sign-on for secure access to SAP and non-SAP systems and SAP Identity Management for efficient user administration.

However, the use of such SAP security tools is by no means enough. It would only lead to more isolated solutions being present in the company.

Equally important is the consistent linking of the various solutions, for example in the area of user administration.

It is obvious that only a company-wide implementation of authorization concepts makes sense. Setting up a parallel world of SAP and the rest of IT cannot be the last word in wisdom.

In other words:

Use of SAP tools yes, but also linkage with the solutions otherwise used in the company, i.e. implementation of a holistic approach with a move away from silo thinking with a patchwork of solutions.

And one thing must not be forgotten in the whole "security discussion": In the past, security was purely an IT issue.

Increasingly, however, a paradigm shift is emerging that is characterized by two aspects: on the one hand, security is increasingly business-driven, and on the other, security also drives business.

This means that security is increasingly being classified as a mission-critical business process and is also being used as a competitive differentiator by marketing security as part of product, solution or service quality.

Security is thus increasingly becoming a central business factor - both as an important component of the value chain and as a complementary business driver.

avatar
Kai Grunwitz, NTT Security

Kai Grunwitz is Senior Vice President Central Europe at NTT Security


Write a comment

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork.

Venue

More information will follow shortly.

Event date

Wednesday, May 21, and
Thursday, May 22, 2025

Early Bird Ticket

Available until Friday, January 24, 2025
EUR 390 excl. VAT

Regular ticket

EUR 590 excl. VAT

Venue

Hotel Hilton Heidelberg
Kurfürstenanlage 1
D-69115 Heidelberg

Event date

Wednesday, March 5, and
Thursday, March 6, 2025

Tickets

Regular ticket
EUR 590 excl. VAT
Early Bird Ticket

Available until December 20, 2024

EUR 390 excl. VAT
The event is organized by the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes attendance at all presentations of the Steampunk and BTP Summit 2025, a visit to the exhibition area, participation in the evening event and catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due course.