How poor management lets the cybersecurity ball get dropped

sap security strategy

Firstly: I’m not a techie, I’m a marketing guy. So, what qualifies me to write a blog article about SAP cybersecurity? Well nothing really except that sometimes an unbiased view on things is helpful. Here’s what I mean…

Clear Business case

When I made my first steps into SAP security a couple of years ago the market scenario was simple: Companies are facing more and more cyber-attacks and therefore must secure their IT landscapes properly. As SAP usually is storing the crown jewels of a company it’s very important to also increase the security posture there. And as SAP is quite different from the rest of the usual IT landscapes this requires specific know-how and solutions that help both: the IT security and the SAP team which is very often focusing on business operations. That’s a simple and clear business case – so far, so good.

Why is SAP Security not high priority?

What I found very interesting was the fact that SAP cybersecurity in many companies is still low priority. I could not understand why this is the case. If companies haven’t been a victim of a successful breach, then cybersecurity from a management point of view is often seen as something that at first glance only costs money but doesn’t bring any value in return. That naive view on such a critical topic from people whose job it is to run and align a company strategically with a perspective of the up-coming 10 years or more – that’s what was most surprising to me when I stepped onto the scene.

Not that this view on things is naive, it’s shortsighted and puts not only the IT infrastructure to high risk but also the whole company’s future including personal data and in the last consequence the jobs of its employees to an absolute unnecessary risk. In short: To not invest in cyber-security at all is wrong. And by investing I don’t just mean money. Investing into SAP security primarily means setting up new processes, giving employees time to learn and execute security-related tasks.

You can’t turn back the clock

This ignorant view reminds me of some people who are living an unhealthy lifestyle, (although they should know better) until the doctor tells them they are suffering from high blood pressure, fat liver or any other serious disease and then they suddenly “wake up” trying to regain their health again with maximum effort but often not the result they wish for.

Instead, prevention has almost always paid out for companies who act smart and invest wisely. Invest wisely into the right SAP cybersecurity solutions that reduces the manual workload from your employees and radically reduces the attack surface of the IT infrastructure and act smart when it comes to implementing security into the backbone of each critical business process. It’s usually more expensive to check the finished product or service for security leaks and fix everything afterwards then if this would’ve been done within the process. So, embedded security speeds up critical processes and increases the security posture from the very beginning.

Conclusion

Cybersecurity in general and SAP security specifically must be a top priority topic for every company – not to do that is bad management. What needs to be decided for every company is how to start this journey and how to shift it slowly from reactive to proactive. Even if companies start with doing anything this is already reducing your attack surface and is way better than doing nothing. As cyber security is no project with a deadline but an ongoing agile process instead, we at SecurityBridge and our dedicated partners are happy to discuss your tailor-made roadmap that fits best.

Reach out if you want to learn more about SecurityBridge Platform for SAP.

Posted by

Till Pleyer
Share on linkedin
Share on twitter
Share on email
Find recent Security Advisories for SAP©

Looking into securing your SAP landscape? This white-paper tells you the “Top Mistakes to Avoid in SAP Security“. Download it now.

Meet us at ASUG Carolinas Chapter Meeting 2022

Come and meet us! On June 24, 2022 the US team of SecurityBridge will be at the ASUG Carolinas Chapter Meeting 2022. We are silver sponsor of the event and present with an exhibition table.

SecurityBridge at the VNSG Event

SecurityBridge will do a presentation together with our customer Achmea and hosting a booth to demonstrate the capabilities of the platform. The event runs all day from 09:00 to 16:00 with drinks and snacks to close the day.
The Federal Republic is attempting to make critical infrastructure resilient to cyber-attacks by proactively identifying vulnerabilities and implementing measures to protect attractive targets.
how to spot anomalies in SAP
How to reliably detect suspicious actions from within the huge mass of SAP systems and user activity? In this article, we’ll tell you what’s needed to detect anomalies in SAP's log stack and put them into context to find cyber-attacks.