JTI: Global Player Efficiently Implements “Security First” Strategy for SAP
Chapters
Share Article
Let's Talk SAP Security
Have questions about SAP Security? We’re here to help. Contact Us
At a glance
JTI has prioritized SAP Security by adopting a continuous improvement approach instead of relying solely on annual pen tests and manual hardening. In 2022, they started a phased implementation of the SecurityBridge Platform to enhance Threat Detection, Vulnerability Management, Custom Code Security, and Patch Management.
This streamlined JTI’s security processes, significantly easing the management of security patches and improving the overall security posture. By effortlessly passing annual audits and enhancing SAP Security monitoring, SecurityBridge effectively contributes to JTI’s “security first” strategy.
About JTI
Formed in 1999 through the acquisition of the non-US operations of R.J.Reynolds by its parent company JT Group, JTI operates today in more than 130 countries with more than 46000 employees. Headquartered in Geneva, Switzerland, JTI is a leading tobacco and vaping company with brands like Winston, Mevius, Camel, LD and Ploom.
Why SecurityBridge?
"SecurityBridge has streamlined our security processes, allowing us to move beyond the traditional ways of working in SAP Security. It provides all the necessary tools, enabling continuous and efficient improvement of our SAP security posture "
Challenges
A “security first” strategy has driven JTI’s investment in SAP Security and system hardening projects for many years. JTI started with standard SAP tools and conducted regular security assessments with both internal and external support. Over time, they also evaluated and used 3rd-party SAP Security tools.
Instead of using annual pen tests and manual hardening based on the findings, JTI aimed for a more efficient approach to continuously improve their SAP Security posture. In 2022, the SAP Security team started evaluating alternatives to their existing SAP Security solutions due to functional and operational challenges, especially with Patch Management.
Solution
With the implementation of the SecurityBridge Platform in 2022, the SAP Security team covered Threat Detection, Vulnerability Management, Custom Code Security and Patch Management. Following a phased approach, each topic became operational over time.
A mature Patch Management process was the first milestone for 2023. The SAP team started with “Hot News” and High severity historical patches, successfully implementing Medium and Low severity SNotes by end of 2024.
In parallel, the JTI team implemented an efficient Vulnerability Management process into Operations before the end of 2023 and integrated continuous Threat Detection into the enterprise SIEM by the end of 2024.
Results and Customer Benefits
With SecurityBridge Patch Management, the monthly SAP Security Notes are no longer a challenge, allowing the SAP team to efficiently run a continuous patch cycle.
The Security & Compliance Roadmap creates a tailored priority list for continuous improvement of the security configuration of JTI’s SAP landscape, enabling the organization to easily pass the annual Audit.
System hardening also supports effective SAP Security monitoring, making Threat Detection a much easier task and enabling the SIEM team to overlook the SAP Security posture.
Next, the SecurityBridge Code Vulnerability Analyzer will be implemented in JTI’s development process and Privileged Access Management will further improve the SAP user authorization controls.
About SecurityBridge
SecurityBridge is the leading provider of a comprehensive, SAP-native cybersecurity platform. Trusted by organizations worldwide to safeguard their most critical business systems. Our platform seamlessly integrates real-time threat monitoring, vulnerability management, and compliance capabilities directly into the SAP environment, empowering organizations to protect their data’s integrity, confidentiality, and availability with minimal manual effort. With a proven track record, including a stellar customer success rating and over 5,000 SAP systems secured globally. SecurityBridge stands out for its ability to accurately provide a 360° view of the SAP security posture, ease of use, rapid implementation, and transparent licensing. We are committed to innovation, transparency, and customer-centricity, ensuring businesses can confidently navigate the evolving landscape of SAP security threats.
See SecurityBridge in Action
Book a demo today to see how SecurityBridge’s SAP security platform provides all the tools you need to keep your SAP systems secure and compliant.