Skip to content

How poor management lets the cybersecurity ball get dropped

sap security strategy

Firstly: I’m not a techie, I’m a marketing guy. So, what qualifies me to write a blog article about SAP cybersecurity? Well nothing really except that sometimes an unbiased view on things is helpful. Here’s what I mean…

Clear Business case

When I made my first steps into SAP security a couple of years ago the market scenario was simple: Companies are facing more and more cyber-attacks and therefore must secure their IT landscapes properly. As SAP usually is storing the crown jewels of a company it’s very important to also increase the security posture there. And as SAP is quite different from the rest of the usual IT landscapes this requires specific know-how and solutions that help both: the IT security and the SAP team which is very often focusing on business operations. That’s a simple and clear business case – so far, so good.

Why is SAP Security not high priority?

What I found very interesting was the fact that SAP cybersecurity in many companies is still low priority. I could not understand why this is the case. If companies haven’t been a victim of a successful breach, then cybersecurity from a management point of view is often seen as something that at first glance only costs money but doesn’t bring any value in return. That naive view on such a critical topic from people whose job it is to run and align a company strategically with a perspective of the up-coming 10 years or more – that’s what was most surprising to me when I stepped onto the scene.

Not that this view on things is naive, it’s shortsighted and puts not only the IT infrastructure to high risk but also the whole company’s future including personal data and in the last consequence the jobs of its employees to an absolute unnecessary risk. In short: To not invest in cyber-security at all is wrong. And by investing I don’t just mean money. Investing into SAP security primarily means setting up new processes, giving employees time to learn and execute security-related tasks.

You can’t turn back the clock

This ignorant view reminds me of some people who are living an unhealthy lifestyle, (although they should know better) until the doctor tells them they are suffering from high blood pressure, fat liver or any other serious disease and then they suddenly “wake up” trying to regain their health again with maximum effort but often not the result they wish for.

Instead, prevention has almost always paid out for companies who act smart and invest wisely. Invest wisely into the right SAP cybersecurity solutions that reduces the manual workload from your employees and radically reduces the attack surface of the IT infrastructure and act smart when it comes to implementing security into the backbone of each critical business process. It’s usually more expensive to check the finished product or service for security leaks and fix everything afterwards then if this would’ve been done within the process. So, embedded security speeds up critical processes and increases the security posture from the very beginning.

Conclusion

Cybersecurity in general and SAP security specifically must be a top priority topic for every company – not to do that is bad management. What needs to be decided for every company is how to start this journey and how to shift it slowly from reactive to proactive. Even if companies start with doing anything this is already reducing your attack surface and is way better than doing nothing. As cyber security is no project with a deadline but an ongoing agile process instead, we at SecurityBridge and our dedicated partners are happy to discuss your tailor-made roadmap that fits best.

Reach out if you want to learn more about SecurityBridge Platform for SAP.

Posted by

Till Pleyer
Find recent Security Advisories for SAP©

Looking into securing your SAP landscape? This white-paper tells you the “Top Mistakes to Avoid in SAP Security“. Download it now.

Mastering NIST & CISA Compliance for SAP

Join us for an enlightening webinar where we simplify these regulatory frameworks, map CISA guidelines to SAP instances, and showcase how the SecurityBridge platform can assist you in achieving your SAP compliance needs.

Kickstarting Your SAP Security Journey

Do you want to kickstart your journey towards SAP security excellence? Then check out our upcoming webinar. In our webinar, we will show you how to overcome these pitfalls and kickstart your journey to SAP Security excellence. Our customer cbs consulting will talk about their experience with implementing the SecurityBridge Platform and the first milestones achieved on their SAP Security journey.
SAP vulnerability
SAP Vulnerability
As we know, SAP (Systems, Applications, and Products in Data Processing) is a widely used enterprise resource planning (ERP) software suite that helps organizations manage various business operations. No digital system is secure by nature or by default - there will always be security challenges, and SAP is no exception. In this article, we discuss the Top 10 vulnerabilities in SAP – how they affect the security of an SAP system, and finally, how to identify and manage them with SecurityBridge.
SAP security Patch day
Today, September 12th, 2023 brings the release of SAP Security Patches for the extensive enterprise application portfolio developed by the Walldorf giant. SAP released 13 new Security Notes and provided 5 updates to previously released Security Notes.
Leadership team
SecurityBridge, a leading provider of cybersecurity solutions for SAP customers, acquired Dutch SAP security specialist Protect4S. Through the acquisition, customers will benefit from an even more comprehensive one-stop-shop software platform that will improve every SAP customer’s security position across all technology stacks.