The global and independent platform for the SAP community.
The current keyword, The opinion of the SAP community, MAG 17-02

SAP security must not be a niche product

Hackers make no distinction between general IT systems and SAP applications. Consequently, the issue of security must also be given greater consideration with regard to SAP software.
Kai Grunwitz, NTT Security
February 1, 2017
Content:
The-current-keyword
avatar
This text has been automatically translated from German to English.

Most companies have a lot of catching up to do in this area.

KaiGrunwitzUnderestimating the security issue is no longer in keeping with the times. Only a fully integrated and comprehensive cyber defense strategy that spans the entire IT can reliably protect against current and future threats.

This means that excluding SAP from a holistic security concept in the company cannot be effective.

Even a pure focus of security on infrastructure issues no longer does justice to the current threat situation.

Just as no one would think of leaving the heart out of a comprehensive health check-up, it should also be clear that SAP applications cannot be left out of security strategies.

After all, SAP applications are the "heart" of many companies, through which all central business processes are controlled.

More focus on SAP

After all, companies are increasingly recognizing the security problems in the SAP environment.

One reason for this is that auditors are currently also increasingly targeting the SAP world and examining SAP applications in terms of security during audits.

And cases in which SAP departments receive "red flags" here are by no means an exception anymore.

For management, this results in the need to give greater weight to the issue of safety than has been the case in the past.
But where do we need to start? First of all, there are the current organizational structures of companies.

At SAP, one can still generally speak of a compartmentalized world. SAP departments are usually separated from the rest of the IT teams and function as independent, autonomous units that attach only a subordinate role - if any - to the issue of security.

The SAP theme is clearly business-driven. When it comes to security, however, this organizational separation must be eliminated.

Old systems not enough

Conventional security concepts are no longer adequate. They are usually based exclusively on perimeter protection and reactive measures.

What is needed, however, are end-to-end security solutions that also include active protection.

The classic network protection wall is supplemented by proactive security mechanisms that extend to business-critical applications such as SAP software.

This means that IT security today must be about much more than pure infrastructure and technology management. They are merely the basis.

The first step in implementing new security and compliance strategies should be an inventory, a clear analysis and risk assessment that covers all of IT.

Only in the further steps can a decision be made about the use of the right tools or services.

Many new possibilities

And here there are numerous new solutions especially for SAP applications, since SAP itself has been increasingly addressing the issue of security for some time and has been launching security products on the market.

Examples include SAP Single Sign-on for secure access to SAP and non-SAP systems and SAP Identity Management for efficient user administration.

However, the use of such SAP security tools is by no means enough. It would only lead to more isolated solutions being present in the company.

Equally important is the consistent linking of the various solutions, for example in the area of user administration.

It is obvious that only a company-wide implementation of authorization concepts makes sense. Setting up a parallel world of SAP and the rest of IT cannot be the last word in wisdom.

In other words:

Use of SAP tools yes, but also linkage with the solutions otherwise used in the company, i.e. implementation of a holistic approach with a move away from silo thinking with a patchwork of solutions.

And one thing must not be forgotten in the whole "security discussion": In the past, security was purely an IT issue.

Increasingly, however, a paradigm shift is emerging that is characterized by two aspects: on the one hand, security is increasingly business-driven, and on the other, security also drives business.

This means that security is increasingly being classified as a mission-critical business process and is also being used as a competitive differentiator by marketing security as part of product, solution or service quality.

Security is thus increasingly becoming a central business factor - both as an important component of the value chain and as a complementary business driver.

Download as PDF only for members. Please create an account Here

avatar
Kai Grunwitz, NTT Security

Kai Grunwitz is Senior Vice President Central Europe at NTT Security


All articles of the author

Write a comment

Aleph Alpha and the Innovation Park Artificial Intelligence (Ipai) Conduct Cutting-edge AI Research

Precisely Extends AWS Solution with Support for IBM

SAP Man in Davos

Work on SAP Basis is crucial for successful S/4 conversion. This gives the so-called Competence Center strategic importance among SAP's existing customers. Regardless of the operating model of an S/4 Hana, topics such as automation, monitoring, security, application lifecycle management, and data management are the basis for the operative S/4 operation. For the second time already, E3 Magazine is hosting a summit in Salzburg for the SAP community to get comprehensive information on all aspects of S/4 Hana groundwork. With an exhibition, expert presentations, and plenty to talk about, we again expect numerous existing customers, partners, and experts in Salzburg. E3 Magazine invites you to Salzburg for learning and exchange of ideas on June 5 and 6, 2024.

Venue

Event Room, FourSide Hotel Salzburg,
At the exhibition center 2,
A-5020 Salzburg

Event date

June 5 and 6, 2024

Tickets

Early Bird Ticket - Available until 29.03.2024
EUR 440 excl. VAT
Regular ticket
EUR 590 excl. VAT

Secure your Early Bird ticket now!

Venue

Event Room, Hotel Hilton Heidelberg,
KurfĆ¼rstenanlage 1,
69115 Heidelberg

Event date

28 and 29 February 2024

Tickets

Regular ticket
EUR 590 excl. VAT
The organizer is the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes the attendance of all lectures of the Steampunk and BTP Summit 2024, the visit of the exhibition area, the participation in the evening event as well as the catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due time.