Observations from my visit to the historic island of Crete – and why it matters to SAP Cybersecurity
Share Article
This summer, SecurityBridge held its all–employee meetup on the island of Crete. This meetup allowed us to bring together our remote employees from three continents and to work together in person for a full week... in a beautiful and historic setting.
During a moment of relaxation at the hotel pool, my mind just kept churning on this topic of how an island defends itself throughout history. So, let’s “dive in” to this confluence of Island Security and #SAPCyberSecurity. Everybody gets in the pool!!
Islands have benefited from inherent “fortress” defenses throughout history:
- You have to know the island exists
- You have to know how to get there
- You have to WANT to get there
- You must be able to navigate around natural dangers and storms and arrive at a port of destination on the island
- You must have a plan to be welcomed onto the island. (unless you are a spy or planning an invasion)
- You must have food, clothing, and shelter on the island. . .and maybe have some money or something to trade or barter!!
But even with these inherent defenses, there are still vulnerabilities. Modern technology means that defenses… even on an island… must also be modernized. Think about how people arrived on the island of Crete for millennia… only by boat. Now there are powerful boats in many modern forms: cruise ships, military ships, power boats, yachts, barges, ferries, and even submarines!
Additionally, there is the new convenience (and vulnerability) of air travel.
The dangerous currents, reefs, and cliffs that shipwrecked travelers for millennia are now sidestepped (in most cases) by modern seafarers utilizing Weather Forecasting, Radar, Sonar, Satellite, and GPS mapping of safe routes. Intra-island ferries allow citizens and tourists to take a day trip to Santorini while base-camping on Crete!
Historic and beautiful ports were once defended against the most powerful ancient navies by ancient stone fortifications bristling with archers and trebuchets. Now, those same harbors and fortifications are defended by modern ships and fighter planes... and protected by diplomacy and treaties!
Processes and principles tested over the centuries still work in modern times. Security is a MUST at the ports of entry. Sometimes that is an airport. Sometimes it is a seaport. And for member nations of the European Union, your border control for the island of Crete in the Country of Greece might start as far away as Finland!
But not all boats arrive at an official seaport... and not all aircraft arrive at an official airport. So, there must also be active monitoring of all the borders of the island... even the beaches can become an entry point!
And now, we have electronic access to the island. This includes web access to find out about the island. There is also active access to perform digital transactions with companies or individuals on the island. There is even the capability to remotely control devices on the island from offshore locations. All the modern conveniences – offset by all the modern risks... countered by all the modern defense capabilities.
Now, let’s pivot to #SAPCyberSecurity, my favorite blog topic.
In the IT world, SAP technology was historically treated as an “island unto itself”. Imagine, if you will, an island of SAP separated from almost all other Information Technology. On the “SAP island”, there is even a separate IT team to administer the SAP systems. You know this admin team today as the “Basis team”. The SAP island inhabitants even speak their language... #ABAP ... and they have their dictionary of acronyms, just for SAP products and technology.
This Architecture worked just fine for many decades, protecting SAP was a different mindset back then. The thinking was that SAP was an island that was so unique and separate from everything else, no one could exploit it because it was complex enough… even for highly skilled technical people.
But now, the SAP systems are more interconnected with other systems, both internally and externally – and the cloud is a large part of this paradigm shift. SAP architecture has grown up. It is more diverse than just “ABAP”. The historical “Basis Admin” is now a team with many different specialties inside the team.
Let’s go back and think about what has changed on the island of Crete in just the last 150 years. If you visit the island of Crete today, you will see many historically significant archeology sites, such as Knossos, the home of the Minos and the myth of the Minotaur, but you will also utilize modern services for your visit.
You might interact with “Minos”, but it would only be from modern branding — because you stayed at a Minos-branded hotel, or you were fortunate enough to obtain some Minos-branded Olive Oil.
On Crete, you will use an internationally accepted credit card or Euros to make purchases. You might arrive at a “port-of-call” on a cruise. Or, maybe you arrived on a high-speed ferry! Your cell phone will have a signal and roam. Your phone and hotel room will (usually) have wi-fi internet. Your taxi driver might talk on a Bluetooth earpiece–for–a–full–hour–while–driving–you–between–airport–and–hotel–at–breakneck–speeds–up–and–down–Crete’s–hilly–northern–coast... (and they might even be showing music videos in the car for the entire ride, too. . .yeah that happened to me). Sounds like a modern island to me, right?
A similar modernization process has happened on the “SAP island”. The historic “core” of SAP is still there — Finance and Controlling — but now, that FI/CO core resides on the modern S/4HANA instead of R/3 or ECC.
And just think about all the historically recent additions to the SAP family of solutions. Remember the “shock waves” from SAP’s $6.8 Billion acquisition of BusinessObjects in 2007? Now we add to that many MORE acquisitions! Think of Sybase, SuccessFactors, Ariba, Concur, Qualtrics, Signavio, LeanIX, WalkMe, and many more! Then, add to that all the insertions of Cloud and #AI technology. The SAP “island” now has several languages and new technologies. It is interconnected, modern, global, with a very complex architecture.
We can no longer rely on an ancient “fortress” approach to security. Those beautiful stone structures are now more appropriate for restaurant settings and tourism. Modern Strategies like Real-Time Threat Detection, Automated Vulnerability Scanning, and Zero-Trust Architecture must be deployed. The old island model was great for its time. But now, it is rocks and sand and beautiful palm trees. We must live in the modern reality.
What are you doing in 2025 to modernize your SAP Cybersecurity plans? Want some help? Reach out to SecurityBridge or one of our partners.
We have Solution Architects ready to help you move into the modern era! Let’s talk more in 2025.
